Portal authentication using Windows AD
I have a functional portal 6 installation. My objective is to allow users in a MS AD system to access the portal using their MS AD credentials. I see I can move my LDAP authentication to point to the MS AD directory using LDAP, or use the membership authentication (with an LDAP search).
I wish to use the field sAMAccountName from AD to authenticate my users, and then have the portal LDAP server create a new user based on that info.
Has anyone done this... I'm not sure of the ramifications of using some of the fields in the LDAP/membership authentication modules...
Thanks for any help..
[626 byte] By [
DaveArthur] at [2007-11-25 8:24:34]
I have used AD with portal using LDAP API.
It is similar to having an external LDAP for auth.
For your requirements you might need to create a
new auth module, which binds to AD, executes
LDAP search query for your attribute, receives
user dn and rebinds to AD with user credentials.
Also make sure that your module will follow
the LDAP referrals if you have an AD Forest.
Cheers,
Alex
You might wanna try this and see if it works ..
Point the ldap authentication to an AD.
Make sure to give the right search criteria and also make sure to configure Administration service so that the profiles are created based on the attribute you need ( the two attributes to touch would be
user search key and user search return key), the default configuration for this would be cn.
Also when you configuration the ldap authentication to point to a external ldap server make sure to create a another org and configure it in the other org else you will lock yourself out of the admin console.
HTH ..
Thanks for the posts on this issue.
I have created a new organization, and pointed its LDAP module to the AD system. References to fields in the discussions so-far are different from those on the screen :-)
If I use user credentials from an AD user, I am sent to a data entry form ... The uid is the cn from the AD user, the last and first fields are default.... Reading the discussions on this forum I apparently have to check the field 'Return User DN to Auth'. Doing this requires I have the 'right' fields selected ... My LDAP module has these fields.
User Naming Attribute and User Entry Search Attributes.
Which field defines the attribute we are trying to match in the remote LDAP directory?
Which field defines what attribute in the AM system this value will be transferred to?
It appears that once this is 'fixed' use of AD will be possible.
User Entry Search attribute - it will try to map an equivalent search attribute in the ldap .. In the admin guide there is some doc on configuring external ldap authentication, you might wanna take a look at that, if you already haven't looked at it ..
