Last post Nov 09, 2011 03:56 PM by qphan613
Nov 03, 2011 02:58 PM|qphan613|LINK
I just begun working on Active Directory so there are things I am still struggle to understand. One of those are the following questions below, I have googled the web this entire morning without getting a satisfaction answer so I hope someone here can assist
me with these.
1. A user that has a swipe card, can I use this to authenticate in AD? the wipe card only has ID and a encoded key. When they swipe the card, I would look under my application database to find the user name and key using the card's ID. However, if I connect
to a client AD system, they only have the user name .
2. Can I add a custom field to the user account on the AD system? this relateds to the resolution of my first question because I think if I somehow can add the card key to the user account on AD server then I think that may open up a back door for me to
authenticate the user using their user name and their card's key instead of their password.
Nov 07, 2011 08:40 PM|gww|LINK
It seems possible to add custom attributes but I have not tried it. Are you trying to authenticate the user against active directory? If not, then it would be easier to add a field to your database with the samaccountname of the users's AD account and pull
any info that way. And use a service account to authenticate access to the ldap to search for the user.
I am not sure if you can authenticate against active directory without a username/password or smart card authentication.
Nov 09, 2011 03:56 PM|qphan613|LINK
I ended up not going with the 2nd option as I think it defeats the purpose of having an LDAP server. It does not make sense for me to add a custom field when my program is just one amongst many clients connect to the LDAP server.