Dear All,

Do you have any experience with setting up single sign on in ADS-LDAP with baan c4?

Environment is client(W2k) on ADS integrated to LDAP UNIX(baan servers).

Any information really helps!.

thanks Eric.

One idea could be:

substitute the ba6.1 with a script that look at licmon6.1 information and denies access if the user is listed in it, some like

licmon6.1 -w | grep $USER > somefile

if the file contains something, the user is already logged in baan.

Dear all

I mean a user logged in windows workstation getting validated to Baan via Unix server using ADS-LDAP integration already in place. Directory Services. No need to type in password or user name.

thanks,eric

mmmmhh,

I only did a little experimenting with ldap.
I assume that there is only one authentification, being done when the user logs into the NT-Domain?
Have you tried vbs scripting yet?
If you connect the ldap server, can you retrieve the current password? Then it should be easy to write a small vbs script that calls the Baan-Gui and fills the fields with username and password.

No other idea - but please report what you find out.

good luck

Norbert

I have tested LDAP on UNIX to authenticate with ADS and it works with REXEC on client side. Good thing is that we have one place to keep all authentication details.

But BAAN(blogind6.1) protocol fail with LDAP and I think blogind6.1 is not PAM aware. so we are having that part solving.

If any one experienced with this authentication method please let me know if there any problems probably not noticed by me.

If anyone interested in the setup then I can provide some help if they have HP 11i and ADS in native mode.

Eric Thomas