Idea ID: 2871512

Fully support AD LDS Proxy authentication.

Status : New Idea

Currently AD LDS Proxy authentication can be supported when LDAP type changed to 'Other' and 'objectGUID' specified as object ID attribute (and of course 'userProxy' as user class). The only one disadvatange of this solution is that AAF will not check user attributes (account disabled, account locked out and so on) it may be important if user try to logon by chain without LDAP password (f.e. CARD+PIN). In all cases when LDAP password is used these attributes will be checked by LDS

Labels:

AAF
Configuration