Manage users and search Active Directory from IIS or the desktop.
 

INTRODUCTION

JustLDAP is designed for general user management and Active Directory searches. It provides a simplified interface to search for and retrieve user information. Several administrative functions allow easy access to the most popular actions such as unlocking accounts, resetting passwords and security group membership changes.

NOTE: Administration and searching of remote domains is easily performed by using the new JustLDAPDomain COM+ application that is now included in the JustLDAP product starting with Version 4.0

The JustLDAP component automatically installs as a COM+ application on windows 2000, XP and the 2003 Server Family. It can be used in ASP, ASP.NET and administrative scripts (VBScript / JavaScript).




     Searching Active Directory    

The JustLDAP Active Directory search functions are useful in many Web based scenarios. For example, forms can be pre-populated with the browser users details and personalized web content can be delivered. When used with IIS5 (Windows 2000), IIS5.1 (Windows XP) or IIS6 (Windows 2003 Server Family), the IIS "LOGON_USER" server variable can be passed to JustLDAP and numerous details retrieved for the browser user. (Windows integrated or basic authentication must be set in the IIS directory security to enable the LOGON_USER variable to be filled).
Typically, a standard domain user account can be assigned to the JustLDAP COM+ "identity" to enable searching Active Directory.

Scripts can be easily created for accessing Active Directory 'user' attributes. Entire dumps of large user attribute data sets from the domain can be scheduled with a simple script. For example, JustLDAP can be scripted to easily retrieve all users and their details for an entire corporation. This data can be written to a database or file. See the code samples section large data set retrievals.
 

      User Administration    

JustLDAP has several administrative functions that provide easy access to the typical day to day tasks involved with user administration from a Web page or script.

For example, by assigning the JustLDAP COM+ component a domain identity that has sufficient domain rights, an administration Web site can be set up so that IT administrators can perform password resets, account creation, account enabling and group membership management etc. with ease.



      COM+ and JustLDAP  

JustLDAP automatically installs as a COM+ application. An assigned identity (domain account) is configured for running the JustLDAP component. This account is typically a robot account with "Domain Admin" rights.  This COM+ identity / account provides all the domain authentication credentials required. This enables an ASP / ASP.NET page to easily call the methods provided by JustLDAP without any problems arising from authentication issues.

Microsoft Active Directory LDAP applications that do not use a COM+ component can be quite difficult to create and maintain. Developers often find LDAP example code (written in either ASP, ASP.NET or VBScript/JScript) hard to deploy in real world applications. Samples often assume the code is running with administrator privileges. Typically these examples take for granted that an administrator is logged on to the server interactively, yet this major point is often not even mentioned in the accompanying text. When the code is run on an actual IIS ASP Web Page, in a real IIS application, the code fails because of authentication and security issues.

For example, help desk staff can access a Web site for user administration without needing to be domain administrators themselves. The JustLDAP domain "identity" provides the actual authentication credentials (robot account) required to perform the user administration tasks. Access to the Web site itself is now the only security consideration.

JustLDAP Method Calls



 

Google
 
Web easterndigitalsoftware.com

Copyright 2006 Eastern Digital Pty. Ltd. Australia.  ABN 87 004 274 051
Home | Contact us | Products | Downloads | Support | Privacy Policy