Search for Sharepoint Examples and Tutorials:   
Banner

Sharepoint Forum

Welcome: Guest!
Ask a question
Home » Forum » SharepointRSS Feeds

SPS V2: Handling non-AD users

  
  Asked By: Desmond Delgado         Date: Aug 31, 2004      Category: Sharepoint      Views: 115

Hello,

We are implementing authentication in SP 2003 through Active Directory, but have many users outside of the University that would need access to SharePoint. Since we have not found a perfect solution to handle those outside users, I wanted to get an idea about whether other sites have run into the same problem and what solution they have chosen.
Here are the options we have looked at:
1. Local accounts
Disadvantage: requires too much administrative overhead
2. ADAM
As we understand, it doesn't integrate with SharePoint
3. Putting users in Active Directory
Disadvantage: gives users access to other resources they should not have access to.

We have also started looking into ISAPI filter. If anyone has had any experience with what exactly it does, could you please share?

Any ideas you can give us would be very much appreciated.
Thank you,

Tagged:          

 

2 Answers Found

 
Answer #1       Answered By: Lee Black          Answered On: Aug 31, 2004       

In terms of #3, why is this an assumption? It would seem to me that you could place those users in their own OU, secure it with GPOs any way you’d like and explicitly deny those users to other resources in AD.

Any way you look at it, you’ll have some extra Admin overhead.

 
Answer #2       Answered By: Fred Rios          Answered On: Aug 31, 2004       

ISAPI (Internet Server Application Programming Interface)
commonly functions as a 'filter' to allow IIS for example
to know what to do with an .asp file type and so on.

While it is possible to use an ISAPI filter for other tasks
the data it would function with still has to be stored
somewhere. Thus, I'd have to concur with Bill's suggestion
to reconsider using the Active Directory Organizational Units.

There is also LDAP (Lightweight Directory Access Protocol) that
you may need to consider and which I believe may also be used
with SharePoint if even not supported natively.

Briefly, what you need to understand are three fundamental
criteria: Authentication, Authorization, and Accounting

Authentication, Authorization, and Accounting
SEE:
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci514544,00.html

Once you understand the criteria involved in an framework
designed to control access to networked resources you will
hopefully understand why you need to learn how to deploy a
directory schema, most likely provided by Microsoft's Active
Directory.

I would suggest you consult with those who provide
network security for your organization.

 


Your Answer
  • Answer should be atleast 30 Characters.
  • Please put code inside [Code] your code [/Code].
 

 
Hall of Fame|Facebook|Twitter|LinkedIn|Terms of Use|Privacy Policy|Contact us
RSS Feeds: Articles |  Forum |  New Users |  Activity Log |  Interview FAQ |  Poll |  Hotlinks
Copyright © 2005-2011