>>A DN uniquely identifies a single user.
>>
>>In our app we have a table of users (who then get tied to business transactions). In that table, we store the DN associated with that user.
>>
>>A user logs in. We get the username from sys(0) and then query (LDAP) the AD for the DN of the current user. We match that with what is in the User table. We now know who is logged in.
>>
>>If we do not find a matching DN, we show a message that they are not authorized and they never get past the front door.
>>
>>One of the big benefits of this for us: user identification security is entirely on the organization that is our customer.
>
>Well said - the key points in bold.

A clarification: by "logs in" I meant to the network, before starting the App. They start the app and see no login. They either get in or they don't.