• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1054
  • Last Modified:

LDAP, Domino and asp.net combination. beginner

I would like to use Domino LDAP on server A  to authenticate users of a website on server B.
We have no LDAP yet running.  Admins don't want to install it because  If they enable LDAP they say all addressbooks will be available, not just one.
I thought it would be possible to enable LDAP for lookups in only those addressbooks which you make available for LDAP, but how ?

Small side question is that if i have LDAP enabled on server A and use ldap authentication on 3 websites, can a user then login in all 3 websites ?  How to restrain access to only one ?
0
RonaldZaal
Asked:
RonaldZaal
  • 3
  • 2
1 Solution
 
brwwigginsIT ManagerCommented:
have the admins check into Directory assistance. With that you can specify what directories are available via LDAP

However you might have a difficult time sharing the login between 3 apps. Depending on how you authenticate, the LDAP routine will not generate a .NET authentication token to be shared across the sites. IT usually just returns either authenticated or not authenticated. You will have to figure out how to handle this on your own.

A cheap and dirty way that I've seen around this is to mix the built-in .net membership and role providers with the LDAP authentication. Once the user is authenticated via LDAP you manually authenticate in the code-behind to a asp.net username with the same name and some pre-determined password. It's kind of ugly and not the most secure but it was quick and dirty
0
 
brwwigginsIT ManagerCommented:
also, if you want more reading you can take a look here
http://www.novell.com/coolsolutions/appnote/14730.html
0
 
RonaldZaalAuthor Commented:
great aticle, thanks.
The admins have directory assistance allready setup with 5 addressbooks in it so their argument is now that if I use LDAP for authenticating a userX  in a website A he can be in any addressbook, this is ok.
But when i use LDAP for authenticating a user in website B, user X can still access it.
So, is there a way to restrain access to a website while still using LDAP with DA behind it which holds already 5 nabs ?
0
 
brwwigginsIT ManagerCommented:
There are several ways you could do this. One way would be to have a group in LDAP containing the authenticated users. Then on page_load of the main page have a routine to check if they are a member of the group and then set a session variable that you could use on other pages.

Other method is what I was hinting at before was use LDAP for password authentication but then try to tie it in with the built-in forms authentication of ASP.NET which has routines to restrict access by roles and so forth.
0
 
RonaldZaalAuthor Commented:
Many thanks, i think i understand what you mean and have enough info to instruct the admins.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now