On 2/27/07, Alan Ackerman <[EMAIL PROTECTED]> wrote:
Has anyone been able to access the Microsoft Active Directory from CMS? (This is an alternative to
My understanding is the AD is also just LDAP, but a particular layout of the various bits and pieces (like the topology of the tree and the name of attributes). You might also read up on winbind which is/was the part of Samba that talks to AD. One of the major challenges is that either side has unique attributes for a user/group (e.g. user number) and when there's only one place to register them, the other side has to make up these attributes. And next day you want it to make up the same attribute for that user (so he can still get at his stuff).
I know essentially NOTHING about Active Directory.
It's probably worth reading some introduction material on the Net. If nothing else, start at Wikipedia: http://en.wikipedia.org/wiki/Active_Directory I would not dare to encourage you going against company preferred API's. I remember the public key of the requester also needs to be in AD for it to verify the request. That rules out your other options. Unless you could have them put the key of your Linux Samba server in for authentication and have that server play proxy for your requests (so Linux would host a web page that authenticates through winbind against AD, and your CMS service doing a tcpclient call under the covers to that web page). Would be way more fun if you could just use ldapclient against the database. If so, I did start doing some plumbing for encode and decode of ASN.1 (the format of the LDAP protocol) and might be able to turn it into something working when we have an application at hand. Rob