将Active Directory用户存储在SQL数据库中
[英]Store Active Directory Users in a SQL Database
问题描述
I need to set a server that creates self-signed certificate when a user register in. So i thought to create a new AD account every time a new users register to the server. 
我需要设置一个在用户注册时创建自签名证书的服务器。因此,我认为每次有新用户注册到服务器时都创建一个新的AD帐户。 BUT, I need to store the user information into a sql server and i can't find a way to do this. 但是,我需要将用户信息存储到SQL服务器中,我找不到这样做的方法。
Any idea? 任何想法?
2 个解决方案
解决方案1
2 2012-02-14 22:09:49
Based on what you describe and your comment: 根据您描述的内容和您的评论:
My problem is that i think that store "public users" (that can register from the web) information into AD is insicure, so i'm trying to find another way to do that "mapping", – Stefano
What you seem to need is an AD domain with a one-way trust : 您似乎需要的是具有单向信任的AD域:
- Your public users are in domain A. 您的公共用户位于域A中。
- Domain A trusts your internal private domain B. 域A信任您的内部私有域B.
- Your app does AD authentication against domain domain A, and your internal users can authenticate using their full domain credentials (the request gets passed to domain B, which says yay or nay). 您的应用对域域A执行AD身份验证,并且您的内部用户可以使用其完整域凭据进行身份验证(请求将传递到域B,即yay或nay)。
Note that this is coming from a guy who hasn't used Windows in a very long time. 请注意,这是来自一个很长时间没有使用过Windows的人。
I could be giving you terrible advice (and if I am I'm sure one of our Windows folks will clobber me for it). 我可能会给你很糟糕的建议(如果我确定,我确定我们的一个Windows人员会因此而破坏我)。
解决方案2
1 2012-02-14 21:39:14
If you're going to be storing external users for an application, you should be using AD LDS (formerly ADAM) instead of real AD. 如果您要为应用程序存储外部用户,则应使用AD LDS(以前称为ADAM)而不是实际AD。 Or any other generic LDAP, really, but AD LDS is a lot like AD and might fit your needs better. 或者任何其他通用LDAP,但AD LDS很像AD,可能更适合您的需求。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.