> > A better (read: more extensible) scheme would be create a single > application object for each application you wish to secure, and use > the ACLs on the objects to control access to the application. For > instance, if the application is domain specific, you might put the > application object in the CN=Program Data,DC=domain container. If it > is an enterprise app, you might create a container somewhere under > CN=Services,CN=Configuration,...
Good idea. But what 'type' should I make an application object to be ? The choices appear to be : Computer, Contact, User, InetOrgPerson, Query-based distribution Group, MSMQ Queue Alias, Printer, User, Shared Folder etc... > To check if someone has > access to run the app, just have the app read the obejct. If the app > can read the object, the user can run the app, otherwise not. I'm trying to do this. Also, is there a way to retrieve the username and password of the user currently logged into an AD domain ? I ask this, because an app might need this information in order to log into a database etc. Thanks, -Shshank > > -----Original Message----- > From: Sharma, Shshank [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 10, 2003 1:35 PM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] Extending the Active Directory Schema > > > I am thinking about something similar, such as adding attributes like > allowAccessToApplicationX, allowAccessToApplicationY and so > on, for users. > > How easy is doing something like this, anyone ? > > ./Shshank > > -----Original Message----- > From: Pennell, Ronald B. [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 10, 2003 9:14 AM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] Extending the Active Directory Schema > > > Has anyone extended the active directory to include the > employee number as a > displayed field? I understand that this field exists, but > not no attributes > has been set. I want to add the employee number in the > displayed items when > setting up the user account. > > Running W2K Sp3... > > Ron Pennell > [EMAIL PROTECTED] > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
