Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationConnecting an external AD. Best scenario ?Connecting an external AD. Best scenario ?
Previous
 
Next
New Post
2/1/2007 1:37 PM
 
Benoit Sarton


www.bsi.fr
Joined: 9/22/2003
Posts: 406

Hello everybody in this forum.

My customer is a high school with 4000 students / teachers on a Windows 2003 Active Directory for their intranet. They would like me to host an external DNN server, with an authenticated access to the forums for the students.

I'm thinking of 3 possible scenarii :

1. They give me a excel listing twice a year and I import it into DNN's membership provider
2. I connect to their AD from the internet through their firewall
3. I synchronise their AD to a local secondary AD here, and I authenticate against the replicated AD. If this scenario makes sense, is it recommanded to set up AD on the IIS server itself, or on a second server ?

What requisite should I ask their network administrator to make plan 2 or plan 3 possible (if so) ?

Thanks for recommandations and advice.

Benoit Sarton   

Benoît Sarton
www.bsi.fr
www.dotnetnuke.fr
 
New Post
2/1/2007 10:15 PM
 
Dan Ball

Joined: 1/31/2005
Posts: 771

I'm doing almost the same thing here, so I think I understand your prediciment.

1.  Creating the accounts manually is tedious at best.  Students come and go constantly, you are looking at getting a spreadsheet once a week or so instead of twice a year to keep up.

2.  Connecting to their AD from the Internet through their firewall is a much bigger security risk than putting a webserver on the Intranet and publishing it instead. 

3.  Probably your best best, a secure link to a local domain controller.  Putting DNN on a DC is probably not a great idea security-wise, and you will need to make the server a member of the domain to allow seamless authentication.

Here we have the webserver as a part of the domain on the Intranet, published through an ISA server.  That is about as secure as you're going to get and still have seemless AD integration.  Once you move the server to an outside network, the difficulty level increases dramatically, and security gets much more complex.

 
 
New Post
3/9/2007 11:41 AM
 
Richard Binnington

Joined: 7/14/2005
Posts: 33
Have you thought about IIFP (Identity Integration Feature Pack)?  This is a stripped down version of Microsoft Identity Integration Server (MIIS).  What it does is synchronize AD forests with other AD forest or data stores.  I have only synchronized two AD forest but I know you can synchronize with data stores as well.  You may have to write an extension dll, but it will synch automatically on whatever schedule you set.

IIFP is free but doesn't connect to Unix.  MIIS connects to Unix, but costs US $25,000/processor

Hope this helps,
Richard
 
New Post
3/15/2007 10:13 AM
 
Benoit Sarton


www.bsi.fr
Joined: 9/22/2003
Posts: 406

Thanks everybody.

The french DNN professionals group  has a meeting with Microsoft in Paris tomorrow, and these topics will be discussed. Sure I will ask if members had experiences with this IIFP in a DotNetNuke context. As for my school I did not get this contract yet, so I did not have to decide on a solution, but I keep tuned.

One of the member of our group who will attend tomorrow told me that he used web services to authenticate a DNN 4.3.5 intranet to an AD. I'll also try to get more info about that.

 

 

Benoît Sarton
www.bsi.fr
www.dotnetnuke.fr
 
 Page 1 of 1
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationConnecting an external AD. Best scenario ?Connecting an external AD. Best scenario ?


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out