List Archives

This forum is an archive of all posts to our mailing list over the past few years. The forum is set read only therefore to contribute you will need to join our list community. See more info about this here.

List Archives

Unanswered Active Topics

Forums Search

Forums >ActiveDir Mail List Archive >List Archives

Subject: [ActiveDir] ADAM Needed?

Prev Next

You are not authorized to post a reply.

Author

Messages

eis_lists

Posts:34

07/16/2008 9:45 PM
Hi - I have been reading up on ADAM and have a few questions. One of our programmers has an application that will live in the DMZ. It will authenticate external users to something called (might not have the exact right name) OpenAuth and would like to auth internal users to AD. My understanding is that I could either open ports directly to AD (and use some firewall magic to ensure that things flow only into the DMZ) or I could use ADAM. If I use ADAM, would passwords sync? (Only needs to be one way: from AD to ADAM; users would never set a password in the DMZ app). If I use ADAM, would I need to encrypt the traffic between AD and ADAM? Thanks. -- nme

listmail

Posts:428

07/16/2008 9:47 PM
This can be set up two ways 1. Have ADAM in the forest with the AD you want to auth against with a connection over the firewall which you can then you can use normal AD accounts against ADAM directly or use proxy users which act like local ADAM users but the requests are redirected to AD. 2. Have ADAM in a standalone mode and sync the users to it from AD along with their passwords. The latter can be more secure and makes sure you have no data exposed to the DMZ that you don't want out there as you can choose what to sync. It also means you don't have to poke holes in the firewall for RPC/Kerberos traffic between ADAM and AD. The former is generally less maintenance. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm _____ From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of EIS Lists Sent: Wednesday, June 25, 2008 12:21 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] ADAM Needed? Hi - I have been reading up on ADAM and have a few questions. One of our programmers has an application that will live in the DMZ. It will authenticate external users to something called (might not have the exact right name) OpenAuth and would like to auth internal users to AD. My understanding is that I could either open ports directly to AD (and use some firewall magic to ensure that things flow only into the DMZ) or I could use ADAM. If I use ADAM, would passwords sync? (Only needs to be one way: from AD to ADAM; users would never set a password in the DMZ app). If I use ADAM, would I need to encrypt the traffic between AD and ADAM? Thanks. -- nme

ZJORZ

Posts:100

07/16/2008 9:47 PM
Both IIFP and MIIS can sync PWDs Met vriendelijke groeten / Kind regards, Ing. Jorge de Almeida Pinto Senior Consultant MVP Identity & Access - Directory Services Oxford Computer Group Benelux \| O: +31 (0)6 26.26.62.80 \| :: +31 (0)33 454.69.50 \| : +31 (0)33 454.66.66 \| : Hardwareweg 4, 3821BM Amersfoort, The Netherlands www.oxfordcomputergroup.com \| Expertise in Identity & Access Management ________________________________________________________________ MVP Profile → https://mvp.support.microsoft.com/profile/jorge1 MVP Home Site → https://mvp.support.microsoft.com/ MVP Overview → https://mvp.support.microsoft.com/mvpexecsum BLOG → http://blogs.dirteam.com/blogs/jorge/default.aspx ________________________________________________________________ -----Original Message----- From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Markus.Wilhelm@HVBIS.com Sent: Wednesday, June 25, 2008 07:06 To: ActiveDir@mail.activedir.org Subject: AW: Re: [ActiveDir] ADAM Needed? Another way is to use ILM for passwordsynch. in the moment i don't know if the free version is also able to synch pw's Kindly regards Markus kindly regards / Mit freundlichen Grüßen Markus Wilhelm productmanager directory services and microsoft identity information server * this message is answered with blackberry * HVB IS GmbH Am Tucherpark 12 80538 München Germany Phone +49(89)37828530 Mobile +49(172)8918842 Email: Markus.Wilhelm@hvbis.com Web: http://www.hvbis.com HVB Information Services GmbH Member of UniCredit Group, Am Tucherpark 12, 80538 München management: Gabriele Ruf, Klaus Rausch chairman Supervisory Board: Matthias Sohler legal form: GmbH, registered office: München, register court: local court München HR B 93804, tax number 143/800/82007 ----- Originalnachricht ----- Von: ActiveDir-owner@mail.activedir.org <ActiveDir-owner@mail.activedir.org> An: ActiveDir@mail.activedir.org <ActiveDir@mail.activedir.org> Gesendet: Wed Jun 25 06:23:38 2008 Betreff: Re: [ActiveDir] ADAM Needed? No, passwords wouldn't sync. You could however represent your internal users as proxies in ADAM so ADAM would pass back the authentication for these people to AD. --brian On Tue, Jun 24, 2008 at 11:21 PM, EIS Lists <eis_lists@sbcglobal.net> wrote: Hi – I have been reading up on ADAM and have a few questions. One of our programmers has an application that will live in the DMZ. It will authenticate external users to something called (might not have the exact right name) OpenAuth and would like to auth internal users to AD. My understanding is that I could either open ports directly to AD (and use some firewall magic to ensure that things flow only into the DMZ) or I could use ADAM. If I use ADAM, would passwords sync? (Only needs to be one way: from AD to ADAM; users would never set a password in the DMZ app). If I use ADAM, would I need to encrypt the traffic between AD and ADAM? Thanks. -- nme -- Thanks, Brian Desmond brian@briandesmond.com c - 312.731.3132 .+-wi0-+֬@Bm+vˊE֫rzm+vk^}) .+-�0��j�q.+-�0��ˊ�E��Kj�!i�b��b��ןj�m

You are not authorized to post a reply.

Forums >ActiveDir Mail List Archive >List Archives > [ActiveDir] ADAM Needed?

ActiveForums 3.7

Syndicate

Friends

List Archives

List Archives

Friends

Members

Articles

Related Links

Ads