Need information on possibility for Legacy applications to LDAP(s) bind with internal domain controller through ARS

Our organization has a lot of legacy applications that directly bind towards AD over LDAP(s). We need to know how Quest Active Roles (ARS) can support the LDAP(s) connection for our DC for external application.

Parents
  • It really depends on how you go about configuring your LDAP connections in the app(s).

    If you are able to specify your "connection string" something like this today:

    LDAP://mydc.company.com

    Then you could try:

    EDMS://mydc.company.com

    You would need to make sure that you install the Active Roles "ADSI Provider" component on the app server(s) you want to have initiating their connections via Active Roles

  • I missed to ad the fact that, the servers who need to make LDAP connection, they do not have network connectivity to DCs. so, the servers cant directly make ldap connection. 

    I was hoping for a sol. where they can connect to Active roles instead for LDAP connectivity.

  • Active Roles is not an LDAP server. Clients that can only use LDAP cannot target Active Roles.

    However, Active Roles has its own protocol called EDMS. It's meant to be a drop-in replacement for LDAP, and we can use the EDMS protocol to proxy connectivity to Active Directory.

    Literally, if you had the source code of an LDAP client, you should be able to find/replace LDAP:// with EDMS:// and it should work, as long as the Active Roles ADSI Provider was installed on that host.

    If you are trying to get an LDAP client that you do not have source code for to connect to Active Roles instead of Active Directory, there is no way to do that.

  • Thanks for the clarification, however few queries:

    1. Can you share guide documentation for the same

    2. We have many legacy hosts, so which version of hosts support the installation of ADSI Provider

  • 1. Can you share guide documentation for the same

    2. We have many legacy hosts, so which version of hosts support the installation of ADSI Provider

    1.  If you search the folder structure where your Active Roles Admin service is installed, you will find the SDK.  In there you will find code examples that use the ADSI provider.  From a documentation perspective, unless you are manipulating an object specific to the configuration of Active Roles (such as adding a Managed Unit or policy for example),  the ADSI provider supports pass-through / proxy of all standard ADSI methods used to manage AD objects.  The caveat is that the account making the calls via Active Roles must be granted permissions to the AD targets via Access Templates.

    2.  Only Windows hosts can use the ADSI provider.



    This is a very advanced use case of Active Roles so you would be well advised to contact Quest Professional Services or other Active Roles qualified consulting Partner to pursue this.  Note however that, aside from whatever consultants you choose to work with, there won't be much in the way of support available from Quest's break-fix Support organization as they don't provide support for highly customized use cases of the product.

Reply
  • 1. Can you share guide documentation for the same

    2. We have many legacy hosts, so which version of hosts support the installation of ADSI Provider

    1.  If you search the folder structure where your Active Roles Admin service is installed, you will find the SDK.  In there you will find code examples that use the ADSI provider.  From a documentation perspective, unless you are manipulating an object specific to the configuration of Active Roles (such as adding a Managed Unit or policy for example),  the ADSI provider supports pass-through / proxy of all standard ADSI methods used to manage AD objects.  The caveat is that the account making the calls via Active Roles must be granted permissions to the AD targets via Access Templates.

    2.  Only Windows hosts can use the ADSI provider.



    This is a very advanced use case of Active Roles so you would be well advised to contact Quest Professional Services or other Active Roles qualified consulting Partner to pursue this.  Note however that, aside from whatever consultants you choose to work with, there won't be much in the way of support available from Quest's break-fix Support organization as they don't provide support for highly customized use cases of the product.

Children
No Data