I just begun working on Active Directory so there are things I am still struggle to understand. One of those are the following questions below, I have googled the web this entire morning without getting a satisfaction answer so I hope someone here can assist
me with these.
1. A user that has a swipe card, can I use this to authenticate in AD? the wipe card only has ID and a encoded key. When they swipe the card, I would look under my application database to find the user name and key using the card's ID. However, if I connect
to a client AD system, they only have the user name .
2. Can I add a custom field to the user account on the AD system? this relateds to the resolution of my first question because I think if I somehow can add the card key to the user account on AD server then I think that may open up a back door for me to
authenticate the user using their user name and their card's key instead of their password.
It seems possible to add custom attributes but I have not tried it. Are you trying to authenticate the user against active directory? If not, then it would be easier to add a field to your database with the samaccountname of the users's AD account and pull
any info that way. And use a service account to authenticate access to the ldap to search for the user.
I am not sure if you can authenticate against active directory without a username/password or smart card authentication.
Marked as answer by qphan613 on Nov 09, 2011 07:56 PM
I ended up not going with the 2nd option as I think it defeats the purpose of having an LDAP server. It does not make sense for me to add a custom field when my program is just one amongst many clients connect to the LDAP server.
qphan613
Member
3 Points
2 Posts
Can I authenticate user using user name and other information instead of password?
Nov 03, 2011 06:58 PM|LINK
Hello,
I just begun working on Active Directory so there are things I am still struggle to understand. One of those are the following questions below, I have googled the web this entire morning without getting a satisfaction answer so I hope someone here can assist me with these.
1. A user that has a swipe card, can I use this to authenticate in AD? the wipe card only has ID and a encoded key. When they swipe the card, I would look under my application database to find the user name and key using the card's ID. However, if I connect to a client AD system, they only have the user name .
2. Can I add a custom field to the user account on the AD system? this relateds to the resolution of my first question because I think if I somehow can add the card key to the user account on AD server then I think that may open up a back door for me to authenticate the user using their user name and their card's key instead of their password.
Thank you.
gww
Contributor
2143 Points
458 Posts
Re: Can I authenticate user using user name and other information instead of password?
Nov 08, 2011 12:40 AM|LINK
It seems possible to add custom attributes but I have not tried it. Are you trying to authenticate the user against active directory? If not, then it would be easier to add a field to your database with the samaccountname of the users's AD account and pull any info that way. And use a service account to authenticate access to the ldap to search for the user.
I am not sure if you can authenticate against active directory without a username/password or smart card authentication.
qphan613
Member
3 Points
2 Posts
Re: Can I authenticate user using user name and other information instead of password?
Nov 09, 2011 07:56 PM|LINK
Thank you,
I ended up not going with the 2nd option as I think it defeats the purpose of having an LDAP server. It does not make sense for me to add a custom field when my program is just one amongst many clients connect to the LDAP server.