ADAM:security implications

[Magoo]

I have a third party application that serves thousands of users. The goal is
let such application use my existing Windows AD accounts and therefore take
advantage of a single sign-on, same password, etc instead of creating new
logins only dedicated for such application.

According to the vendor of such product the integration AD<--> third-party
app would be setup using ADAM (what requires an ODBC connection to access AD
if I recall correctly).

What's the security implications when using ADAM ?

 

[Joe Richards [MVP]]

AD/AM doesn't need an ODBC connection to AD.

The question however is, do they figure you are going to sync all of the
principals from AD into AD/AM or are they planning on binding to AD/AM with AD
principals? If the former, it means extra work for syncing which I am not sure I
would buy into unless there was some reason the app shouldn't hit AD for auth
directly.

joe

 

[Magoo]

Thanks. Isn't MIIS the tool appropriate to let me sync accounts/passwords
across systems if I already have a heck of AD structure in place ? Any good
reason to use ADAM instead ?

 

[Joe Richards [MVP]]

AD/AM doesn't sync anything by itself, it is an LDAP Server, a repository. You
can use MIIS, IFP, or the up and coming AD/AM Sync to sync things from AD to
AD/AM. However, you shouldn't have to sync anything to AD/AM if this is only
about authentication on the internal LAN. The application should be able to
authenticate directly against AD.

joe