Daniel-- Implementation on a Windoze box with IIS will surely make the NT token passing much easier than what you are faced with.
Since you are a 'nux box, your best battle field would be the app server -- Tomcat, rather than the OS. There's a lot of Tomcat based NTLM or AD authentication done and you should be able to google and find a bunch of examples. Sounds like its time for you to roll up your sleeves and start putting some .jsp pages in that sacred "/cps/" directory. Have fun. Henry Lu On Wed, Apr 7, 2010 at 11:06 AM, Daniel <[email protected]> wrote: > Henry, > > thank you very much for your post. It was not my intention to sound > off the import method. I think it works wonderful, but the data in our > AD is very inconsistent (maintained by a lot of people in different > locations during some years now). So not the import method is my > problem (of course), but the fact that the user management of > LiveServer handles the user names case sensitive (combined with the > fact that we have "bad" data :) ). Correct me if I'm wrong, but nobody > will ever be so mad and have a user john.doe and a John.Doe for two > different persons. > > The point I think is in between the two steps you described. Mr. John > Doe is imported as John.Doe, but likes to authenticate as john.doe. So > LiveServer does take this as a "new" user. > > But your point about the NT Challenge/Response process sounds very > interesting to me, because it would be even better if users don't have > to enter a username/password. Where do I find some more details about > setting this up for LiveServer (on a debian/tomcat/mysql combination)? > > Kind regards, > Daniel > > On 7 Apr., 15:07, "Henry Lu a.k.a. Javahand" <[email protected]> > wrote: > > Daniel-- > > > > Something sounds a little off on your "import" method. > > > > The connector to AD should be able to import users -- on basis of desired > > filtration -- directly from AD repository on scheduled basis. So whatever > > case the username is stored, it gets imported verbatim into to LiveServer > > user directory. > > > > Further, authentication of a user can be against AD directly. Once a user > is > > already authenticated, the proper method should be just to log the user > in > > using the "trusted" dynament. * > > > > In my afore-prescribed scenario, whatever John Joe chooses to type in, as > > long as AD OK's it, LiveServer goes along and just keeps on copy of John > > Joe's profile originally imported from AD. > > > > Let me know if this makes sense to you. > > > > Henry Lu, a.k.a. Javahand > > > > P.S.: * I believe the NT Challenge/Response process pushes the AD-stored > > username (with case integrity from AD repository) into the browser > session, > > thus guaranteeing a case match between the browser-carried username and > > LiveServer stored username. > > > > Of course, if you are using the user-typed username from the form, you > are > > at the risk of a mis-match. > > > > > > > > > > > > On Wed, Apr 7, 2010 at 8:48 AM, Daniel <[email protected]> wrote: > > > Hey guys, > > > > > we are facing the issue that when logging on to the OT Delievery > > > Server (former LiveServer) the username and password is case > > > sensitive. For passwords this seems normal, but our users have > > > problems with typing the username case sensitive. We authenticate the > > > users via a Directory Server connector in a MS Active Directory and > > > import them after a correct login. That means AD authenticates all > > > users correctly nevertheless if he is spelled john.doe, John.doe, > > > JOhn.dOE, and so on, so he is imported to the local user directory. > > > And so there are a lot of duplicated that don't have consistent groups > > > as there are some groups maintained in the Delievery Server User > > > database. > > > > > The point is we imported a lot of users through the connector and the > > > user names of these where not consistent, either. So the "simple > > > solution" to have a toLower() function at the login form, will not > > > work. > > > > > I already contacted the support a while ago and they said this > > > behaviour will not be changed in the future. Did someone have the same > > > problem and maybe had an idea how to solve this? > > > > > Any help is appreciated. > > > Thanks a lot, > > > Daniel > > > > > -- > > > You received this message because you are subscribed to the Google > Groups > > > "RedDot CMS Users" group. > > > To post to this group, send email to [email protected] > . > > > To unsubscribe from this group, send email to > > > [email protected]<reddot-cms-users%[email protected]> > <reddot-cms-users%[email protected]> > > > . > > > For more options, visit this group at > > >http://groups.google.com/group/reddot-cms-users?hl=en. > > > > -- > > 646-807-8683- Zitierten Text ausblenden - > > > > - Zitierten Text anzeigen - > > -- > You received this message because you are subscribed to the Google Groups > "RedDot CMS Users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<reddot-cms-users%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/reddot-cms-users?hl=en. > > -- 646-807-8683 -- You received this message because you are subscribed to the Google Groups "RedDot CMS Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/reddot-cms-users?hl=en.
