I think you'll find that directory services integration are at many different stages within companies. However, to answer the second question, it is, in my opinion, the foundational layer to a solid authentication strategy. One entity, one identity is my motto when it comes to that. That avoids some of the confusion you're seeing and sets the foundation for proper account provisioning.
Authentication can be done in many ways. It helps me to split my thinking into three parts: identification, authentication, and authorization. Identification and Authentication can be handled pretty easily on Active Directory, but for authorization you'll likely have multiple systems that handle this depending on the application. Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 28, 2004 8:00 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Active Directory and Other LDAP Integration No, MIIS is not being used. I don't believe that the Security Group reviewed the product. They are about to pilot/implement CA Enterprise Admin. Like MIIS, it has hooks into some of the major LDAPs and is supposed to be very scriptable. In fact, although they have an AD integration piece, the direct feed into AD violates part of my principle design for our AD infrastructure, which is to force all AD Object Change/Add/Moves to go through the Aelita EDM product to enforce business rules and data consistency. CA has stated the integration should be able to be done completely via scripted integration...we're about to find out. How are other companies doing directory services integration. How was that tied into an authentication strategy? Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com "Cotter, Paul M." <[EMAIL PROTECTED] > To Sent by: <[EMAIL PROTECTED]> [EMAIL PROTECTED] cc ail.activedir.org Subject RE: [ActiveDir] Active Directory 04/28/2004 05:27 and Other LDAP Integration PM Please respond to [EMAIL PROTECTED] tivedir.org Are you looking at MIIS as an account provisioning/automation tool? Paul -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, April 28, 2004 4:17 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Active Directory and Other LDAP Integration Thanks all for the feedback. We are a very centralized shop as well (and seem to be on a company buying spree...). The Enterprise Security team really wants to make AD the strategic direction for authentication strategy as well part of a staged user provisioning and automation mechanism. I/We are about to undertake a massive leap in automation, business rule enforcement, and data integrity as it relates to the Windows Server Platform...roled into our fledgling AD migration. And I gotta say, VBScript is an admin's best friend. [mine anyway] Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ =========================================================== Important: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. =========================================================== List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
