User login
Navigation
RSS Feed
Active Directory integration - war stories?
Promoted from the User Forums
We're doing a major rollout in our Dallas office over the next couple weeks (FullPress, WebNative, & Venture). Server will run on Solaris.
I feel like we're in very capable hands with our Integrator, but there are other parties involved - including our parent company's support organization.>>>
One thing I'm nervous about is Active Directory integration. i know this has been done successfully in the past - otherwise i wouldn't have approved it - but are there any known gotchas anyone out there can share?
Advice, tips, etc. appreciated.
Upcoming events
New forum topics
Recent comments
Recent blog posts
- Taking the P From PDF
- Tall Guy With Glasses: 1, Bald Guy With Money: 0
- New Webnative Portal Rocks
- Oooh, Baby Baby!
- The Windy City
- Graph Expo, Day 2
- Graph Expo News, Day 1
- Tracker's Got a Brand New Name: InterAct 4.0!
- Accelerator Training Dates September 13 & 14 NYC
- InPress AT Xinet Innovation Seminar/Great British Beer Festival
We purchased the Xinet, Webnative, Fullpress, Venture solution from our reseller also under the impression that it would integrate with our Active Directory setup. After having the system for several months it became clear that Xinet was not going to provide Active Directory support on the Solaris platform.
Our integrator has been working hard to provide us with a custom solution from their end that will work for us but is still not fully functional for us after having the server for several months.
We are trying to achieve what apparently everyone says is impossible. We setup a domain controller to have our xinet client users in. The domain has a one way trust with our corporate domain controller. The idea was that our corporate employees would be able to use their normal Windows credentials to login to Webnative with. At the same time we would add our clients to the client domain and they could also login. This would save us the security and administrative issues of having our clients in our corporate active directory system.
There are several large organisations trying to make this work on Solaris at the moment but there are few clean solutions. It should be noted that none of the platforms offer much functionality from a Xinet perspective when it comes to multiple domain authentication. There are some legacy modules that can do what you are suggesting with the one way trust but that is windows only and has been surpassed by the current auth methods which do not support multiple domains, even on windows. You might want to look at Centrify (if you have not already) as an authentication handler. This has been successfully implemented at one site on Solaris and as of q1 2007 they had full support for one way trusts. I am sure they are already doing this but your integrator should also make sure that your serial number is attached to the current feature requests to improve the Xinet AD integration on Solaris.