Hi,
We are setting up EMC Documentum authentication with Active Directory.
We have come to the conclusion that it's mandatory that all the users of our system must authenticated by this method must have logon-to permissions in the domain controller server in order to validate by the standard ldap implementation of the product.
When we have complaint to the support team they answered like this:
"The fact that AD authenticates the user on the AD machine is specific to AD, and only Microsoft can explain why AD behavies in this way. Other ldap servers don’t support this kind of “Log On To” properties, as they are not integrated with Operating Systems, like Windows."
We think this is an important security risk and don’t want by any means to deliver this permissions to all our users for all our domain controllers, but at the same time our users don’t want to have yet another password for a system that it claims integrates with other LDAP.
Any idea or someone with the same prob?
We are setting up EMC Documentum authentication with Active Directory.
We have come to the conclusion that it's mandatory that all the users of our system must authenticated by this method must have logon-to permissions in the domain controller server in order to validate by the standard ldap implementation of the product.
When we have complaint to the support team they answered like this:
"The fact that AD authenticates the user on the AD machine is specific to AD, and only Microsoft can explain why AD behavies in this way. Other ldap servers don’t support this kind of “Log On To” properties, as they are not integrated with Operating Systems, like Windows."
We think this is an important security risk and don’t want by any means to deliver this permissions to all our users for all our domain controllers, but at the same time our users don’t want to have yet another password for a system that it claims integrates with other LDAP.
Any idea or someone with the same prob?
