personally, I'd like a command line tool thats interactive like ntdsutil or nslookup. I'd be able to use this to browse the ADAM instance from a command line. Have a prompt which allows me to navigate the hierachy. Execute commands such as create/delete <objecttype> etc...
M@ On 4/28/06, Stewart, Fitz <[EMAIL PROTECTED]> wrote:
Heck, just give a user the ability to create and otherwise manage objects – users, groups, the basics. Name, etc. Nothing fancy, just not the command-line-ishness of ADSIEDIT. -fitz 703-866-7473 703-626-5741 (cell) ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Friday, April 28, 2006 3:46 PM To: ActiveDir@mail.activedir.org Subject: RE: Re: [ActiveDir] ADAM Management Tool REQs and Desires...... WAS: Internet Authentication Concepts: Pointers? I have some curiosity in this realm... What would everyone consider good things and requirements for an ADAM management tool. Even assuming, cough, GUI. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jef Kazimer Sent: Friday, April 28, 2006 10:01 AM To: ActiveDir@mail.activedir.org Subject: RE: Re: [ActiveDir] Internet Authentication Concepts: Pointers? Since it is "LDAP" I did look at some "friendlier" admin tools, but none really hit the mark for me. I believed that group looked at Softerra's tool, and there is the web based PHP LDAP manager, and also the C# LDAP manager tool. You can Live search the names or I can post the links here if you want. In the end I wrote my own as a .NET web app since I found them lacking. Yet as I said if I want to go global, I don't know if I want to position what I wrote without some major changes. :) J ________________________________ Subject: RE: Re: [ActiveDir] Internet Authentication Concepts: Pointers? Date: Fri, 28 Apr 2006 09:44:55 -0400 From: [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org That's a very good point. Does anyone know of any 3rd parties which improve the ADAM administrative UI "experience"? J. Fitzgerald (Fitz) Stewart Systems Architect IRM/OPS/ENM Worldwide Information Network Systems USAID/DoS IT Infrastructure Collaboration Program [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> 703-866-7473 703-626-5741 (cell) ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jef Kazimer Sent: Friday, April 28, 2006 9:27 AM To: ActiveDir@mail.activedir.org Subject: RE: Re: [ActiveDir] Internet Authentication Concepts: Pointers? Mylo, Thanks for the information! I have setup ADAM utilizing a custom web UI utilizing AZman for a small project before, but I have concerns about scalabilty. The issues are not with the ADAM instance at all, but the UI that is needed to manage ADAM. ADSIedit is great for someone who understands the directory, but it's not that user friendly for web application owners, helpdesk, etc. This was for a simple application of about 500 users, and it met their needs but I don't see this as a scalable solution from a global perspective. This will be a backend data store that contains the user identity, but the applications that utilize it will be of different flavors from DMZ hosted web apps, to externally hosted apps. The flavors of web apps will range from websphere, ColdFusion, .NET and I suspect some PHP apps. With AD, I guess I was thinking it has a well known support interface (though I am sure I would need to customize anyway...so I'm not sure that value is really there). So I was expecting to maybe find 3rd parties that do sit in front of this to manage the IDs stored. Though this could be AD or ADAM with ADAM being the most cost effective. This looks like siteMinder might be a good solution to manage all of these environments but I will need to look into that. I suppose I am getting ahead of myself, because I do not know the requirements as of yet, and I'm making assumptions that could be totally off the mark here. I guess it's a new environment and wanted to get some info ahead of before it was needed. :) Thanks again! Jef ________________________________ > Date: Fri, 28 Apr 2006 01:40:09 +0200 > From: [EMAIL PROTECTED] > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] Internet Authentication Concepts: Pointers? > > Jef, > > As Al pointed out, there are numerous products from vendors such as > IBM/BEA/Oracle/RSA/Netegrity/Entrust/Baltimore Labs (RIP) etc providing > web-based authentication/authorisation in front of AD. Since from a > design point-of-view it's generally not a good idea to stick AD too > close to the Internet, often these solutions comprise a presentation > tier, e.g. with IIS (using some sort of ISAPI plugins) that th! en hooks > into your business&n bsp;logic (e.g. middleware) or your data tier (e.g. > LDAP/AD/SQL) ... if you want to look at this from an MS purist > perspective then I'd suggest having a look at n-Tier solutions within > the MSDN area. Although, this has a more developer emphasis than you'll > probably want, it gives a good insight into how Internet authentication > works, particularly .NET as well as older products such as Site > Server/Commerce.. > > Try googling on Authorization Manager (AZMan) to give a good example of > how a& nbsp;role-based mana! gement approach (assuming a web t ier) with an AD > backend would work..... Also look at ADAM as an initial 'point' solution > for Internet usag rather than AD alone. > > You also mentioned self-registration and this kicks off an entirely > different thread (in my mind anyway)... > > 1. What are you providing access to? > 2. Whom are you registering and for what ? > 3. What authentication mechanism do you wish to use (username/password, > certs, OTP). > 4. Do you need to provide some form of authorisation once authenticated > as well? What form&nb! sp;does this need to take? > &nb sp; > Hope this helps. > > Regards, > Mylo > > if you need an initial > > Jef Kazimer wrote: > > >Al, > > > >I apologize, as I am going only on what little information I have. I guess I was trying to do some pre-meeting recon work since I had seen it metioned here about 25mil internet users for some people. I had assumed there might be some scenario documentation for such a thing. > > > >I will know more after the meeting of course, so I'll see if I can explain myself better.> > > >I understand dire ctory design for an enterprise, but have never done so for a internet instance that would have self registration. I suspect there are some different lessons learned from that scenario so was curious. > > > >Thanks, > > > >Jef > > > > > > > > > > > >>Date: Thu, 27 Apr 2006 15:31:33 -0400> From: [EMAIL PROTECTED]> To: ActiveDir@mail.activedir.org> Subject: Re: [ActiveDir] Internet Authentication Concepts: Pointers?> > That's not a lot to go on, Jef. Can you give some more information?& gt; > For example,! these public internet sites? Are they web only? What type> of authentication is needed? What were your plans for authorization?> Are you planning to use something like SiteMinder or Tivoli or ?? to> help you deal with authorization if using web sites?> > Al> > On 4/26/06, Jef Kazimer <[EMAIL PROTECTED]> wrote:> >> >> > Ok, here is something I'm just starting to research, and I thought maybe> > someone here has some pointers or a direction they can steer me in.> >> >> >> > We are looking&nbs p;at a potential consoli! dated directory/database to contain>&nbs p;> user registrations (Self registration and possible bulk load) for multiple> > public internet sites for products of our company.> >> >> >> >> >> >> >> > I was wondering if there are any published scenarios that addess this> > solution as > >> > >> > >a starting point for consideration. We are thinking of using a> > public AD forest as the potential repository, but I am curious if there are> > any lessons learned when designed& nbsp;such a scenario.> >&! gt; >> >> > Thanks,> >> >> >> > Jef> >> >> >> >> >> >> > ________________________________> > Upgrade for free to Windows Live Mail beta and you could win an African> > Safari Learn more> [1]ا~m > >List info : http://www.activedir.org/List.aspx > >List FAQ : http://www.activedir.org/ListFAQ.aspx > >List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > >------------------------------------------------------------------------ > > > > ;No virus found in this incoming message. > >Checked by AVG Free Edition. > >! Version: 7.1.385 / Virus Database:&nbs p;268.5.1/326 - Release Date: 27/04/2006 > > > > > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ________________________________ Join the next generation of Hotmail and you could win a trip to Africa Upgrade today ________________________________ Join the next generation of Hotmail and you could win the adventure of a lifetime Learn More.
