Last post Mar 19, 2012 01:44 PM by bbcompent1
Mar 19, 2012 01:38 PM|rahlquist|LINK
Working on recreating some functionality one of our devs did in php. In short, we are implmenting SSO for a web app using oAuth w/Google apps.
The workflow is this;
oAuth authenticates google apps account, returns email
LDAP lookup using stored credentials to search for the email address returned in AD, if it exists then authentication is successful.
I have the first portion working. It's the second, having a hard time finding anything that applies.
As you can see all I need is something to go by that shows me how to do a ldap lookup without prompting the user for credentials. Any thoughts?
Mar 19, 2012 01:44 PM|bbcompent1|LINK
Ok, you've probably seen this article which covers the topic:
What you'll want to do in the case of the LDAP lookup is use a least-privileged account to do the lookup under Identity Impersonation. This way, the lookup will be done behind the scenes and will use the identity of the user account you specify in the application
pool providing you are using a web server that is IIS 6 or newer. When the LDAP lookup happens, it will use the identity you specify in IIS.