Do try to push your vendors in the direction of standards-based federation
when federation is the solution. It is really the best way to go for that
particular class of problems.
The real problem for ADFS in the federation space is that it only supports
WS-Federation and doesn't support
I accept at least partial responsibility for the strong language. I
pushed for it as I believed this feature should be used sparingly at the
time these docs were written.
There were a few things going through my head:
1) First, I was fearful that people simply did simple binds against ADAM
in the
Hi
This is not just an ADAM problem it's been a problem with LDAP
directories for some time now and was discussed in the LDAPbis WG.
As a result if you look at RFC4513(RFC2829 is obsolete) you will
see this issue is now addressed by making a distinction between an
anonymous authentication and
Hallo all
I
have a new problema in my active directory
My
LostAndFound container hhas many objects (users, printers, etc...)
I
only can see this objects using ldp or adsiedit. If I use ADUC, even if
a enable advanced features, thereĀ“s nothing there.
I
did not find any way to
Joe,
I have a large Websphere community, which suffers from the single NC for
LDAP binds scenario. Have you had any experience with WS and ADFS? The
WS guys seem very tight lipped on knowing how to setup WS to work with it.
I have been looking at Quests and Netegrity for their ADFS
Eric,
I totally understand and respect the wording that was put in for the ADAM
information, and I would agree with leaning toward the cautious side.
ADAM itself is only one piece of the puzzle when using proxy Bind, and with
all the other services such as MIIS/IIFP and ADAMsync to truly
Lee,
Thanks for the update on the RFC. I didn't know this was out there.
Unfortunately, some of the modifications on the client end you suggested
fall into the same bucket. The LDAP applications seem to be written to the
most basic of functions, which I've stated earlier. I still have
New advisory --
http://www.microsoft.com/technet/security/advisory/926043.mspx
Group policy once again to the rescue --
http://msinfluentials.com/blogs/jesper/archive/2006/09/29/Set-KillBit-on-Arbitrary-ActiveX-Controls-with-Group-Policy.aspx
List info : http://www.activedir.org/List.aspx
Curious about your scenario here Jef. Corportate Spinoff:We needed to split off a portion of our users into a new company, and anentirely new forest. To solve the issue of apps only binding to a single
NC, we used MIIS to populate an ADAM instance that contained active usersfrom both forests
I know its over a week since I sent this, but on thinking its
probably worth expanding on this. The OU structure is in place to provide two
functions:-
1) Delegation of management and
administration.
2) Application of Group Policy
Now because the OU structure is the "ONLY" way unless you
Return Receipt
Your [ActiveDir] Lostandfound container
document:
I'll start a new thread, since we are off on ADFS now. I have no experience
with WebSphere yet in the federation space, so it sounds like you are ahead
of me.
With our federation work, the primary target for federation is with ASPs
that host applications in their own facilities. For these
How does ADAM integrate with a domain? Will they be completely separate
directories or can they somehow be joined together?
I'm wanting to use an X.500 name for the ADAM instance.
Thanks in advanced for the help provided,
--
Matt Brown
IT System Specialist
Eastern Washington University
List
Al,
It was a 2 year integration until separation, which wasn't exactly short
term.
During that time, there were still shared projects between the old
and the new organizations, with shared data that needed to be accessed by
both. it is easy for the apps that could be cut over, but that 2
Ah, one of those eh? I'd be interested to see the public details if you get the chance. On 9/29/06, Jef Kazimer
[EMAIL PROTECTED] wrote:
Al,
It was a 2 year integration until separation, which wasn't exactly short
term.
During that time, there were still shared projects between the old
ADAM integrates with the domain in a few ways.
When an ADAM server is a domain member, then ADAM can be used to
authenticate domain users via LDAP authentication (using secure bind or
simple bind with bind proxies).
ADAM will also get its password policy from the machine password policy
Something else that you can do to connect the two is to set up
(perhaps mutual) external crossrefs. Then, they would appear as a
contiguous LDAP space, and will issue referrals to each other as needed.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Joe
Hi,
Sync seems to be working with GPRS but using local LAN or DSL
connection i am not able to sync my mailbox i am getting Error Code
0x85010001 and there is not much mentioned in
http://www.pocketpcfaq.com/faqs/activesync/exchange_errors.php
Can anyone please suggest what can be done in this
Seems to indicate that the FE Exchange server is returning HTTP 400 (Bad
Request) in response to whatever is being sent from the client PC. The
httperr.log file on the Exchange FE server may have some further details on
why the HTTP request is invalid.
What you can do is enable logging on both
19 matches
Mail list logo