Seems like they should go with integrated especially since you are talking about compliance... Bad to handle passwords when you really don't have to.
If I had to pick of the two evils, I would stick with LDAP: with secure bind over WinNT:. Again, every chance you get, run away from the older APIs. Doing that now saves you down the road when it becomes mandatory. Microsoft gives this long transformation period so people can slowly transform, not so they can not change anything and then bitch at the last second that they had no idea that was happening. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Isenhour, Joseph Sent: Tuesday, October 17, 2006 7:40 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] WinNT ADSI provider Oh ya, duh. Good point. Do you think that one is better than the other? I agree they are both bad options. The app runs on IIS so using integrated auth would be soooo easy; however, it requires more code changes on their end and they are trying to get this done for regulatory compliance reasons. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, October 17, 2006 4:24 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] WinNT ADSI provider You don't have to do an LDAP query first.... You can bind in LDAP with domain\user, UPN, or DN and just ask for a well known object, say the domain head or config head, etc. I still think either one is a poor authentication mechanism though. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Isenhour, Joseph Sent: Tuesday, October 17, 2006 6:46 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] WinNT ADSI provider Not having to do an LDAP query prior to connecting to the user. So they will not have to store a lookup account and baseDN type info. I think that adding the LDAP features is pretty simple, but I don't want to make them do it if it's not necessary. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Tuesday, October 17, 2006 2:16 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] WinNT ADSI provider What simplicity will this offer? Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:ActiveDir- > [EMAIL PROTECTED] On Behalf Of Isenhour, Joseph > Sent: Tuesday, October 17, 2006 4:02 PM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] WinNT ADSI provider > > I have a customer who wants to write their authentication DLL using the > WinNT ADSI provider instead of LDAP provider for simplicity. Does > anyone know if there will be any supportability issues with this option > going forward? Is Longhorn going to support it? > > BTW, the app is written in vb6 so System.DirectoryServices is out. > > Thanks > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx