Tuesday, January 12, 2010

Active Directory Lightweight Directory Services for Windows7

AD LDS is a Lightweight Directory Access Protocol (LDAP) directory service that provides flexible support for directory-enabled applications, without the dependencies that are required for Active Directory Domain Services (AD DS). AD LDS provides much of the same functionality as AD DS, but it does not require the deployment of domains or domain controllers. In environments where AD DS exists, AD LDS can use AD DS for the authentication of Windows security principals. You can run multiple instances of AD LDS concurrently on a single computer, and have an independently managed schema for each AD LDS instance.

Download & Details: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=a45059af-47a8-4c96-afe3-93dab7b5b658


Hi there,

To avoid extending the AD DS schema, I am considering using LDS as an interim solution for authentication user auth (eventually it will move to OID). Here is my scenario:

I have Web apps that are integrated within a Web SSO product (OAM). OAM queries the LDS for auth (ok via OVD). LDS proxy to AD DS for authentication only – since password is kept in AD and not sync to LDS). LDS has other attributes for coarse authorization etc. Here is what authentication traffic looks like:

OAM -> OVD -> LDS -> AD DS

What do you think of this, any drawback to this?

Thank you

Post a Comment

Popular Posts


Twitter Delicious Facebook Digg Stumbleupon Favorites More