Pass-thru authentication against AD

Hellos,

When using pass-thru authentication against the AD resource, the manual suggests that the user enters the complete DN of his/her AD account as the IDM login ID!!

Can it be arranged so that the user only needs to enter the samaccountname and not the complete DN.

I mean, samaccountnames are as unique as DNs. A simple lookup to get DN (if samaccountname is found) is all that is needed.

When shown to customers, they express horror when it is suggested that to login to IDM they have to type 50 odd characters!

Does any customer willingly USE pass-thru where they have to (correctly) type in such a lengthy string.

[667 byte] By [greenfan88a] at [2007-11-27 9:08:32]

«« global variables?
»» Back up question

# 1

The answer is yes, you can use samaccountname. Your deployment may necessitate additional configuration to make this happen.

In our case, the samaccountname is the same as the IDM accountId. When the user logs in, IDM finds the user object and then uses the password against the AD account linked to the user.

If the accountId and samaccountname are not the same, then you could use a Login correlation rule to find the IDM user which has that samaccountname.

As far as anyone using the full DN to login with, I've never seen anyone do it. Our users certainly wouldn't stand for it, and I think that's the case most places.

Jason

jsalleea at 2007-7-12 21:46:52 >

top of Java-index,Web & Directory Servers,Directory Servers...

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

Pass-thru authentication against AD

Web & Directory Servers Hot Topic

Web & Directory Servers

All Classified