Cannot get AD to take inetuseraccess attribute
Hello,
I have tried several attribute/value sets, but i cannot find any that will yield a value for inetuseraccess when attached to Active Directory. our company is hopelessly tied to a Microsoft Architecture, and I need to find a way to get wondows based, secure SSO for our various web applications. I wanted to use the windows desktop style, so the user should only need to authenticate on log on, and then their applications are all authenticated securely (I have this now for my users, however, it is not secure).
So, to summarize, I have connected to Active directory as an LDAP store, and now the SJAM needs some attribute to use for it's intetuseraccess flag (this is the 'allowed to use internet apps' flag in the SJAM). Ihave tried userAcctControl with values of 512 and 514 - no luck (I assume that this is because the actual values are a bitmask, and SJAM does not read it right). I have also tried unused attributes like fax, all to no avail. the SJAM cannot ever retrieve the value or set it (settingis is something that I would prefer SJAM not do, as I want AD to be the primary directory store, and SJAM to just replicate it's changes like a secondary DC would).
Thanks,
Scott
Message was edited by:
FrustratedAndLearning
