>A DN uniquely identifies a single user.
>
>In our app we have a table of users (who then get tied to business transactions). In that table, we store the DN associated with that user.
>
>
A user logs in. We get the username from sys(0) and then query (LDAP) the AD for the DN of the current user. We match that with what is in the User table. We now know who is logged in.
>
>If we do not find a matching DN, we show a message that they are not authorized and they never get past the front door.
>
>
One of the big benefits of this for us: user identification security is entirely on the organization that is our customer.Well said - the key points in bold.
Regards. Al
"Violence is the last refuge of the incompetent." -- Isaac Asimov
"Never let your sense of morals prevent you from doing what is right." -- Isaac Asimov
Neither a despot, nor a doormat, be
Every app wants to be a database app when it grows up