Hi John, I'm not sure why you would like to use AD rather than openldap. If the reason is about the existing credentials only i used SASL from openldap to delegate the authentication to AD. So before we use fortress in our company, previously AD already existed at the beginning to maintain other computer email and their windows credentials. Since most open sources don't work well with AD, I asked to use openldap for all the internal applications that we build rather than use AD. The only thing that I did was create a scheduler to sync AD user entries to my fortress people tree. Hope these answers might help you.
On Sat, Aug 15, 2020, 10:03 Shawn McKinney <[email protected]> wrote: > > > On Aug 14, 2020, at 2:06 PM, John Tumminaro <[email protected]> > wrote: > > > > Hello All, I'm new to the mailing list. > > > > Hello John, welcome! > > > I think I understand that Apache Fortress works with any underlying LDAP > V3 > > server. > > I believe the Microsoft Active Directory Server supports LDAP V3. > > > > I think I remember hearing that Apache Fortress will indeed work > > with Microsoft Active Directory Server for all RBAC > > functionality...except...the Apache Fortress auditing capability will not > > work. > > > > Do I have my facts right? > > > > Yes, it’s possible but there are a few problems. > > 1. As you pointed out, no audit trail. > > 2. Password policies won’t be checked. > > 3. Requires adding custom schema elements to the server which is sometimes > hard to get approved. > > 4. Requires read/write access to the directory which is hard to get > approved. > > Despite these problems it’s something that we’d be willing to support. It > might require some minor changes to the core, to workaround AD anomalies. > > The approach would be to run the junit tests against an AD instance and > fix the problems until the tests run without errors. > > Do you have access to an AD instance? > > > Thanks, > > > > John > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
