Solved

LDAP, Domino and asp.net combination. beginner

Posted on 2008-06-10
5
1,036 Views
Last Modified: 2013-12-18
I would like to use Domino LDAP on server A  to authenticate users of a website on server B.
We have no LDAP yet running.  Admins don't want to install it because  If they enable LDAP they say all addressbooks will be available, not just one.
I thought it would be possible to enable LDAP for lookups in only those addressbooks which you make available for LDAP, but how ?

Small side question is that if i have LDAP enabled on server A and use ldap authentication on 3 websites, can a user then login in all 3 websites ?  How to restrain access to only one ?
0
Comment
Question by:RonaldZaal
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 20

Expert Comment

by:brwwiggins
ID: 21753394
have the admins check into Directory assistance. With that you can specify what directories are available via LDAP

However you might have a difficult time sharing the login between 3 apps. Depending on how you authenticate, the LDAP routine will not generate a .NET authentication token to be shared across the sites. IT usually just returns either authenticated or not authenticated. You will have to figure out how to handle this on your own.

A cheap and dirty way that I've seen around this is to mix the built-in .net membership and role providers with the LDAP authentication. Once the user is authenticated via LDAP you manually authenticate in the code-behind to a asp.net username with the same name and some pre-determined password. It's kind of ugly and not the most secure but it was quick and dirty
0
 
LVL 20

Expert Comment

by:brwwiggins
ID: 21754256
also, if you want more reading you can take a look here
http://www.novell.com/coolsolutions/appnote/14730.html
0
 
LVL 5

Author Comment

by:RonaldZaal
ID: 21762072
great aticle, thanks.
The admins have directory assistance allready setup with 5 addressbooks in it so their argument is now that if I use LDAP for authenticating a userX  in a website A he can be in any addressbook, this is ok.
But when i use LDAP for authenticating a user in website B, user X can still access it.
So, is there a way to restrain access to a website while still using LDAP with DA behind it which holds already 5 nabs ?
0
 
LVL 20

Accepted Solution

by:
brwwiggins earned 500 total points
ID: 21778903
There are several ways you could do this. One way would be to have a group in LDAP containing the authenticated users. Then on page_load of the main page have a routine to check if they are a member of the group and then set a session variable that you could use on other pages.

Other method is what I was hinting at before was use LDAP for password authentication but then try to tie it in with the built-in forms authentication of ASP.NET which has routines to restrict access by roles and so forth.
0
 
LVL 5

Author Comment

by:RonaldZaal
ID: 21791646
Many thanks, i think i understand what you mean and have enough info to instruct the admins.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Problem "Can you help me recover my changes?  I double-clicked the attachment, made changes, and then hit Save before closing it.  But when I try to re-open it, my changes are missing!"    Solution This solution opens the Outlook Secure Temp Fold…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question