|
Manage users and search
Active Directory from IIS or the desktop.
INTRODUCTION
JustLDAP is designed for
general user management and Active Directory searches. It
provides a simplified interface to search for and retrieve user
information. Several administrative functions allow easy access
to the most popular actions such as unlocking accounts,
resetting passwords and security group membership changes.
NOTE:
Administration and searching of remote domains is easily
performed by using the new JustLDAPDomain
COM+ application that is now included in the JustLDAP product
starting with Version 4.0
The JustLDAP component
automatically installs as a COM+ application on windows 2000, XP
and the 2003 Server Family. It can be used in ASP, ASP.NET and
administrative scripts (VBScript / JavaScript).
Searching
Active Directory
The JustLDAP Active Directory search functions are useful in
many Web based scenarios. For example, forms can be
pre-populated with the browser users details and personalized
web content can be delivered. When used with IIS5 (Windows
2000), IIS5.1 (Windows XP) or IIS6 (Windows 2003 Server Family),
the IIS "LOGON_USER" server variable can be passed to JustLDAP
and numerous details retrieved for the browser user. (Windows
integrated or basic authentication must be set in the IIS
directory security to enable the LOGON_USER variable to be
filled).
Typically, a standard domain user account can be assigned to the
JustLDAP COM+ "identity" to enable searching Active Directory.
Scripts can be easily created for
accessing Active Directory 'user' attributes. Entire dumps of
large user attribute data sets from the domain can be scheduled
with a simple script. For example, JustLDAP can be scripted to
easily retrieve all users and their details for an entire
corporation. This data can be written to a database or file. See
the code samples section
large data set retrievals.
User Administration
JustLDAP has several administrative functions that provide
easy access to the typical day to day tasks involved with user
administration from a Web page or script.
For example, by assigning the JustLDAP COM+ component a domain
identity that has sufficient domain rights, an administration
Web site can be set up so that IT administrators can perform
password resets, account creation, account enabling and group
membership management etc. with ease.
COM+ and JustLDAP
JustLDAP automatically installs as a COM+ application. An assigned identity
(domain account) is configured for running the JustLDAP
component. This account is typically a robot account with
"Domain Admin" rights. This COM+ identity / account
provides all the domain authentication credentials required.
This enables an ASP / ASP.NET page to easily call the methods
provided by JustLDAP without any problems arising from
authentication issues.
Microsoft Active Directory LDAP
applications that do not use a COM+ component can be quite
difficult to create and maintain. Developers often find LDAP
example code (written in either ASP, ASP.NET or VBScript/JScript)
hard to deploy in real world applications. Samples often assume
the code is running with administrator privileges. Typically
these examples take for granted that an administrator is logged
on to the server interactively, yet this major point is often
not even mentioned in the accompanying text. When the code is
run on an actual IIS ASP Web Page, in a real IIS application,
the code fails because of authentication and security issues.
For example, help desk staff can
access a Web site for user administration without needing to be
domain administrators themselves. The JustLDAP domain "identity"
provides the actual authentication credentials (robot account)
required to perform the user administration tasks. Access to the
Web site itself is now the only security consideration.
JustLDAP Method Calls
|
