4.1 Authenticating to Applications That Require Active Directory-Style Authentication

4.1.1 Users Located in the DSfW Forest and Accessing Applications Hosted in the Active Directory Forest

In this case DSfW is deployed as an interoperable solution for organizations that have both eDirectory and Active Directory as part of their infrastructure. Most organizations use Active Directory-enabled applications which means that the application vendor has tested and certified his application against Active Directory for authentication and management.

By keeping the users in the DSfW forest and the applications in the Active Directory forest, organizations have the following advantages:

  • Manageability is easier as the users reside on a single directory service and are not spread out. The company need not invest in network resources that may be required if the users were spread out.

  • Applications can continue to be certified by the vendors for Active Directory as they are hosted on an Active Directory infrastructure. With the users residing on DSfW, there is no need to certify applications.

Figure 4-1 DSfW users Accessing Resources on Active Directory

4.1.2 Users and Applications Hosted in the DSfW Forest

The applications in this use case are hosted in the DSfW infrastructure along with the users. This kind of deployment helps organizations to consolidate their Directory infrastructure.

While most of the application vendors specifically request Active Directory-support, as many applications are LDAP-enabled, the applications work seamlessly on DSfW.

However, some of the applications that have Active Directory-specific schemas may need additional effort in terms of schema extensions to work with DSfW.

Figure 4-2 Users and Applications in DSfW Forest