Le 22/03/2016 23:55, Mark Pope a écrit :
We use Active Directory for enterprise authentication. We are building
a portal for external users. I would like to use AD to store external
users credentials. This will allow internal users outside access as
well(desired).
Our AD policy locks out accounts after 3 invalid attempts and requires
a lengthy validation process to re-enable. Because of this, anyone
with our employee list could lockout all employees with a simple exploit.
I would like to create an AD mirror for external authorization where I
can eliminate policies.
I read in the docs that LSC does not read AD passwords but can it read
the hashed values? Will you application support my needs?
Hello Mark,
Active Directory do not allow to read the password, so LSC or any other
LDAP client will not be able to read it (hashed or not). If you plan to
sync two AD, I think Microsoft provides dedicated tools to do it (at
least to sync AD with ADAM).
But I you were asking me, I would tell you to use an OpenLDAP directory
to store external users and internal users. You can then use a password
filter DLL to push password form AD to OpenLDAP for the internal users.
--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
