] Behalf Of joe
Sent: Sunday, May 02, 2004 8:37 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Active Directory and Other LDAP Integration
I want to say a couple of things on this point, however first off, we use
cn=sAMAccountName.
1. LDAP is not a good authentication mechanism. Especially how most
I want to say a couple of things on this point, however first off, we use
cn=sAMAccountName.
1. LDAP is not a good authentication mechanism. Especially how most
companies seem to do it with their products. I.E. Simple LDAP Binds. This is
not in any way shape or form secure. Use kerberos, kerberos
Eric -
we basically did what you suggest...our CN, name, and sAMAccountName attributes are
the same. WebSphere users can use their LAN ID and password. Since WebSphere also
grabs the group membership info for the user when they log in, it can map this to the
'roles' in the J2EE application,
Thanks all for the feedback.
We are a very centralized shop as well (and seem to be on a company buying
spree...). The Enterprise Security team really wants to make AD the
strategic direction for authentication strategy as well part of a staged
user provisioning and automation mechanism.
Are you looking at MIIS as an account provisioning/automation tool?
Paul
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday, April 28, 2004 4:17 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Active Directory and Other
: Wednesday, April 28, 2004 4:17 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Active Directory and Other LDAP Integration
Thanks all for the feedback.
We are a very centralized shop as well (and seem to be on a company
buying spree...). The Enterprise Security team really wants to make AD