April 8, 2013 at 6:26 pm
At work we have an application that has the ability to use 3 active directory groups to setup security within the application (Admin, User, Read Only). The application access a SQL Database (typically 2008 R2), and I am being told that I don't need to have these AD groups setup with the SQL environment (such as new login) for this authentication to work.
However, we have been having problems with this setup for some time now, but the engineers who created this insist this works.
We do use an AD settings file to direct it to the AD server and location, however, the specific groups are not a part of this file. The group names are stored within the SQL Database, so a successful authentication to the Database should be needed to obtain this information. Thus, I am being told, that once everything is setup, I should be able to connect in using a Windows Authentication, and our software will be able to accesses several databases within a single instance without any user information being listed in Management Studio. When I have tried to do this with the last few customers I have worked with, unless we setup the AD groups themselves within the SQL environment, we have not been able to get this to work.
Any suggestions on what I could be doing wrong? Any assistance on how this could be working, or if it should be working at all would be greatly appreciated.
Thanks
LD
April 9, 2013 at 7:32 am
My first thought would be to question those who are directing you to use this construct? What are they hoping to gain in configuring such an architecture? If they're getting this to work I suspect there is a dynamic connection being created "on the fly" in some manner that still requires a valid login on the SQL Server regardless of their "login-less system". Are they reluctant to use the standard method of connectivity? If so, it would be interesting as to why they're trying to avoid it.
- Tim Ford, SQL Server MVPhttp://www.sqlcruise.comhttp://www.thesqlagentman.com http://www.linkedin.com/in/timothyford
April 9, 2013 at 9:53 am
Tim-
Thanks for your response. I am not really sure why or what the engineers of this product are doing and I'm not sure they do either. I am just tasked with making it work for our customers.
I believe your response that "even a dynamic connection being created "on the fly" in some manner still requires a valid login on the SQL Server" answers my problem. To be honest, I think the backlash I received about how I have to set the customer up to get it work made me question that something else was going on or they would be authenticating using some other process. However, I have not been able to find any other way they could be doing this, and everything I have points me back to needing some kind of login to authenticate to SQL server.
Thanks Again.
LD
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply