I'd love to hear their thoughts regarding apps that seek to leverage some of the benefits from "advanced integration" with AD, as Jackson Shaw mentions in an old post (please don't ask me to explain them out)...
"...But I'm really interested in advanced integration with Active Directory like "serverless bind", Group Policy integration, the ability to modify permissions on resources...automatic failover in an Active Directory environment without any additional hardware or software..."
The comments section of the post is pretty interesting, given our current discussion. But putting that aside, would it be possible to leverage some of these AD specific capabilities, but benefit from abstraction using a virtual directory at the same time? Perhaps something like a virtual directory plug-in that allows an app to leverage some of the AD specific capabilities mentioned above, but still allow a COTS app that expects to see data in a specific way (e.g. shallow trees) to leverage a virtual directory to ensure that data is represented appropriately?
2 comments:
Actually we have an integrated Flat Tree plugin with the virtual directory that allows Active Directory to have a deep tree, but expose a flat view to some applications.
I think that as far as some of the more advanced integration, such as serverless bind, I'd have to look at that. We certainly transform/support/use a number of AD's proprietary extensions where possible to ensure smooth interoperability.
That said, the most common use cases our customers bring us actually use few of the native active directory attributes outside of usernames, email addresses, passwords, account controls, groups, etc... primarily because many of these attributes aren't very useful outside of the AD context.
http://duckdown.blogspot.com/2008/07/active-directory-20.html
Post a Comment