Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
E
E
Evgeny Ferapontov2016-04-05 18:24:20
PHP
Evgeny Ferapontov, 2016-04-05 18:24:20

How to create users in AD from a website or synchronize accounts between AD and a website?

We are thinking of introducing Active Directory in some places to manage the zoo of machines and normal differentiation of user rights. The company has about 200 computers, several regionally distributed offices, a bunch of servers. The main business application of this company is a website, which from a direct application has also grown into a centralized user accounting system, in general, powers began to intersect in areas of use with Active Directory. AD itself is needed primarily for group policies and normal user access rights management.
The web application of this company runs on LAMP, the server is located in another country, it is not connected to the local network via VPN, user credentials and their privileges are stored in a MySQL table in the form of a login, password, and a bunch of access rights attributes.
For users, it is most logical if the credentials in this application and in AD are the same. Periodically (about once a month, timed to coincide with the meeting of department heads), the passwords of all accounts in the application are reset and random new ones are generated, and the managers distribute credentials to end users. New accounts add and remove old ones in the application also heads of departments. No one will administer and maintain the consistency of credentials in AD and in the application.
Offhand, there are two solutions:

  1. Synchronization of credentials between AD and application (how???)
  2. Delegation of powers to create/delete credentials in AD to heads of departments, auto-generation of a powershell script when creating/deleting an account in the application to create/delete an account in AD, the manager will have to run the resulting script after each change (some kind of rusty bike + it is not clear how to reset passwords

Moreover, you can still come up with something "pretty" with the script, such as displaying understandable error / success messages, aggregating several changes into one script, etc., but there are absolutely no ideas regarding synchronization.
What can you advise in this situation?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
S
Sergey Galaktionov, 2016-04-06
@Hagmos

Does the application support OAuth? If yes, then dig towards AD FS

Report
A
Alexander, 2016-04-06
@AlexListen

Look towards adLDAP https://github.com/adldap/adLDAP/wiki

Similar questions
H
hamburger222015-10-12 22:33:07
Cyrillic script not working? 3Reply
W
Web_Questions2015-10-12 23:03:04
Is Bitrix bad? 2Reply
V
Vladimir2018-02-16 12:22:29
How can I remove html tags from the database using php? 2Reply
L
lightalex2015-10-13 01:10:25
How to remove all comments from a string using regular expressions in php? 2Reply
A
Azamat Ualkhanov2015-10-13 12:40:00
Auto installation system on cms hosting, and creating shared access to it and linking a 3rd level domain? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question