How to create and use confidential attributes

Lately I have to explain to one of our customers how to create attribute in Active Directory which can be protected with additional permissions from reading its content. Such possibility was introduced in Windows 2003 SP1 but when I looked for some information to point our customer to I didn’t found much documentation so I … Continue reading "How to create and use confidential attributes"

[R] InfoWorld's IdM solutions challenge

InfoWorld invited few major providers of IdM solution to some kind of competition in IdM solution implementation. The challenge was to build IdM solution in specific scenario which involved integration of HR system, Active Directory, Exchange and Linux. Results of this challenge can be read on the Infoworld's web page.

[R] Using LDAP search filter to query attributes without value

When it comes to searching for an object in the LDAP directory (like Active Directory) most of us will use a LDAP filter to display the objects we are looking for. An LDAP filter is a quick and easy way to construct queries that will be excecuted against the target directory service. Most of the … Continue reading "[R] Using LDAP search filter to query attributes without value"

One reason why Kerberos delegation wont work.

Doing a lot of work with Kerberos delegation over the past few years and I have encountered many reasons why the delegation won’t work. One reasons so often not thought of or left out is duplicate SPN entries. Now I know its easy to say who would add a duplicate entry but when administrators get … Continue reading "One reason why Kerberos delegation wont work."