Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Authenticate users
Use Microsoft Active Directory for authentication
WAS supports the Microsoft Active Directory. Many installations use the Microsoft Active Directory as their primary component for managing user authentication and user data. Authenticating a user across multiple repositories or across a distributed LDAP, such as a Microsoft Active Directory forest can be challenging. In any search of the whole registry, if there is more than one match at run time, authentication fails because ambiguous matches result.
User IDs are guaranteed to be unique within a single domain, but there is no automatic guarantee that a given user ID is unique across a tree or a forest. For example...
Authenticate users across trees or forests can be a difficult task and the following steps should be performed.
(Windows) Note: Verify the Microsoft Windows Computer Browser Service is enabled in your operating system when the following conditions are true:
- Your primary domain is managed by Microsoft Active Directory.
- The Primary Domain Controller (PDC) exists in a different subnet from WAS.
- You set the user registry for WAS to local OS and not LDAP.
For more information on how to set and verify that the Microsoft Windows Computer Browser Service is enabled, see the Microsoft documentation for your operating system.
Procedure
- Analyze the Microsoft Active Directory construct that defines your installation. Your analysis can conclude with the following forms:
Single LDAP registry Simple configuration. Federated repository (a forest) Typical configuration. Merger of federated repositories (a merger of trees into a forest ) Less typical configuration Combination of user and group forests Rare configuration - Develop strategies for user look up that match your Microsoft Active Directory installation. Remember that user IDs are guaranteed to be unique within a single domain, but there is no automatic guarantee that a given user ID is unique across a tree or a forest.
- Evaluate with testing to ensure that your authentication search strategies successfully authenticate users in your Microsoft Active Directory installation.
Related
Authentication using Microsoft Active DirectoryGroups spanning domains with Microsoft Active Directory
Microsoft Active Directory Global Catalog
Options for finding group membership within a Microsoft Active Directory forest
Authenticate users with LDAP registries in a Microsoft Active Directory forest
Locate user group memberships in a LDAP registry
Authenticate users