[ ad opensso ]
It's nice to see your RFE's implemented, and that's exactly what happened with OpenSSO issue # 4053: Active Directory configuration should use AD domain name rather than LDAP host/port. I saw Kohsuke's blog entry on More Active Directory integration in Java a little while ago and realized that we could take exactly the same approach in OpenSSO - prompt the admin for the Active Directory domain name rather than a host name and port number.
As Kohsuke mentions, this has a number of advantages - every AD admin knows the domain name, while many would likely have to go look up an individual host name, not to mention the LDAP port number. Since we use the domain name to look up an individual AD controller via DNS, it also means that the admin doesn't need to update OpenSSO's configuration as AD controllers come and go - OpenSSO will always get a valid host name from DNS.
So, when configuring OpenSSO Express 8, you can now just specify the AD domain name. As improvements go, this one is pretty small, but, as I think everyone agrees, the cumulative effect of all these little improvements in OpenSSO over the past two or three years has been HUGE...
![[Feed]](http://blogs.sun.com/roller/resources/superpat/feed-icon16x16.png)
![[This is a Roller site]](/themes/sotto/images/roller-logo.gif){kind=logo}
Can I specify an AD forest, rather than DomainController, or can I not see the forest for the (LDAP) trees? :)
Posted by Jonathan G. on September 15, 2009 at 05:18 PM PDT #
Hi Jonathan - you specify a *domain*, not an individual domain controller. I guess if you have the inter-domain trusts set up correctly in the forest, then it will all work...
Posted by Pat Patterson on September 15, 2009 at 07:23 PM PDT #