September 13, 2007 at 1:48 pm
I have a table with all our users with the same logins (login is primary key) as their network login ID exported from LDAP/Active Directory from our Domain server. What I am trying to do is to avoid creating mutiple passwords for users for each application. To do that I would like to validate the users access by authenticating him or her by querying the Active Directory in all my internal applications. That way there is one password change policy and all application use one source to authenticate the users while roles of the users are specific in each application. I know I can query the ADS using a linked server but can I check using a query if the user exists with the login and password provided.
Any idea if this do-able?
September 13, 2007 at 3:46 pm
I don't think you can do that with a standard query, as the password shouldn't be exposed to you through any interface that I'm aware of. I think ADSI only lets you authenticate or change the password, but not compare the password to one that you know. That's assuming that I'm understanding you correctly and that you want to be able to have a login and password as values in a query and compare that to AD. I'm I'm misunderstanding, more info would be helpful.
Typically, all of the AD stuff is done through the app using ADSI or another interface (and the app just passes through the password for authentication), not in SQL, as far as I've experienced.
September 13, 2007 at 3:58 pm
I think you got my question right and appreciate your reply. Yes I am aware of authentication as part of the application and was trying to see if I could integrate that with in the DB layer of the application.
September 13, 2007 at 7:33 pm
Is the machine a member of the ADS? And what type o application is it, distributed app, web based, other?
September 14, 2007 at 5:29 am
THe SQL server is member of the ADS and the application is web based application for Time Tracking purposes internal users residing on the Intranet.
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply