开发者

Is it possible to 'directly' connect to LDAP using a smartcard for an alternate user to that logged in?

开发者 https://www.devze.com 2023-01-05 05:50 出处:网络
We have a requirement to get information from specific users on an LDAP directory based on a Smartcard being presented.The application is already running under an AD user account, but using that users

We have a requirement to get information from specific users on an LDAP directory based on a Smartcard being presented. The application is already running under an AD user account, but using that users access to LDAP will not have sufficient access to the specific users data.

We have stumbled through a few parts of LDAP APIs and not had much luck finding info on how to make an LDAP bind call without username/password and more specifically with auth from a smartcard. Some of the MS LDAP appears to allow the option of using the current user token.

The best we have come up with is to use the SC to login t开发者_JAVA百科hen while impersonating the user create the ldap connecton using the current user token. Similar in idea to this MDSN blog .

Is there a better way?

The problem we are having with the impersonation is that the logged in user has to have certain rights for logging on other users to do the impersonation. Also while impersonating we need to limit other interactions, accessing the file system or registry as the alternate user is not desirable.

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号