Re: [ActiveDir] 3rd party vendor and AD for auth

Wed, 20 Sep 2006 13:29:33 -0700 

Hi there,

We recently faced the same scenario...

Do they need to use your internal AD because they require access to your
staff accounts? If not they could quite happily use ADAM.

If they do require access to your staff accounts you could get them to
perform DEV/TST/QA on ADAM as proof of concept and then give them delegated
access to the AD via a specific user or group which is what we ended up
doing. We made it very clear that all code must be tested on ADAM first
before we let them anywhere near our live environment.

Cheers,

Matt Duguid
Systems Engineer for Identity Services
Department of Internal Affairs

Phone: +64 4 4748028 (wellington)
Mobile: +64 21 1713290
Fax: +64 4 4748894
Address: Level 4, 47 Boulcott Street, Wellington CBD
E-mail: [EMAIL PROTECTED]
Web: http://www.dia.govt.nz/



|---------+---------------------------------->
|         |                                  |
|         |                                  |
|         |                                  |
|         |           John Singler           |
|         |           <[EMAIL PROTECTED]>|
|         |           Sent by:               |
|         |           [EMAIL PROTECTED]|
|         |           tivedir.org            |
|         |                                  |
|         |                                  |
|         |           20/09/2006 05:23 a.m.  |
|         |           Please respond to      |
|         |           ActiveDir              |
|         |                                  |
|---------+---------------------------------->
  
>--------------------------------------------------------------------------------------------------------------|
  |                                                                             
                                 |
  |        To:      "ActiveDir@mail.activedir.org" 
<ActiveDir@mail.activedir.org>                                |
  |        cc:                                                                  
                                 |
  |        Subject: [ActiveDir] 3rd party vendor and AD for auth                
                                 |
  
>--------------------------------------------------------------------------------------------------------------|



Greetings -

We have a 3rd party vendor who wants to tie their web app into our AD
for authentication and authorization. (This is an app that has already
been purchased and is in-house but uses a local db for AAA).

What, specifically, should I be asking them about their application so
as to keep our environment in its secure and stable state?

AFAIK, all they have 'asked' for is a U/P with read access to users and
groups.  Obviously, they aren't getting anything until we work out the
details.

Curious as to what other orgs consider when in similar circumstances.

Environment (FWIW):
Single forest, single domain. All DCs w2k3 SP1, FFL/DFL are w2k3.

tia,

john
List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx


List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

Reply via email to