[jcifs] JCIFS for Multiple Domains
Merlin Beedell
merlin_b_wizard at hotmail.co.uk
Thu Nov 9 13:21:11 GMT 2006
The product can connect to a mix of trusted and completely separate
Directory domains. Where, for example, we have a single system used at an
ISP, with 5 or so separate companies-worth of employees attaching - then
there is no trust between the ADs. So what we need is:
- any number of jcifs threads, each one configured to a different AD
- when a user connects to the login web page, some criteria is used to
determine which company they belong to
- the web then uses the associated jcifs thread to validate the user
Perhaps this is not possible. But worth asking, I think.
Merlin
>From: Yannick <yannick at smellyfrog.com>
>To: Merlin Beedell <merlin_b_wizard at hotmail.co.uk>
>CC: jcifs at lists.samba.org
>Subject: Re: [jcifs] JCIFS for Multiple Domains
>Date: Wed, 08 Nov 2006 16:10:46 +0000
>
>Hi Merlin,
>
>I'm not a specialist, but from what I understand if you have domains
>trusting each other, then you can implement multiple domains
>authentication.
>We have implemented this successfully in Banta. We have different domain
>from different offices and location for example in the US, Europe and
>Singapore and all our users are authenticated automatically, even though
>our web and app servers are located in the US only.
>I'm not familiar with the way the network and domain controller are setup,
>but on the JCFIS side it was pretty transparent.
>
>Hope this helps
>Yannick
>
>
>Merlin Beedell wrote:
>
>>Is there a good/standard/any way to create a [Tomcat] Website that can use
>>JCIFS to provide Single Sign On for MULTIPLE domains. In other words, for
>>the website to determine which company the user is coming from, and then
>>to target that company's Active Directory using JCIFS for authentication.
>>
>>As I understand it, JCIFS runs at the site level, which means that it can
>>only work with a single LDAP/Active Directory host. [We have it working in
>>this way]. However...
>>
>>Let us assume that a single company has aquired 2 other companies. They
>>operate 3 separate active directories, all be it in a forrest. The Web
>>site allows people from all 3 companies to access it. Once the web has
>>determined which company the user is from, then it needs to do a JCIFS
>>lookup for sign-on.
>>
>>Is this even possible?
>>
>>_________________________________________________________________
>>Be the first to hear what's new at MSN - sign up to our free newsletters!
>>http://www.msn.co.uk/newsletters
>>
>>
>
_________________________________________________________________
Windows Live Messenger has arrived. Click here to download it for free!
http://imagine-msn.com/messenger/launch80/?locale=en-gb
More information about the jcifs
mailing list