Current Position:Home > Sync external database with Active Directory

Sync external database with Active Directory

Update:10-11Source: network consolidation
We are in the process of consolitating all user information in our systems in Active Directory.
We have a system that can only authenicate users from information stored in a relational database. We are investigating options that would allow us to sync the password in this relational database with the password stored in Active Directory. Whenever the user changes their domain password, we would like for an JNDI application to update the relational database with their new password.
I'm fairly new to JNDI/Active Directory. My research does not look too positive. Does anybody know of any way that we can perform this password synchronization? Any advice would be greatly appreciated!

The Best Answer

There are several mechanisms available that enable AD to authenticate users for your web application.
1. Perform a simple LDAP bind using the user's credentials submitted from a form. If the bind is successful, then you can infer that the credentials are correct.
2. If the users have already performed an interactive logon to Active Directory, provide a Single Sign-On experience by utilizing their existing Kerberos ticket. Refer to JNDI, Active Directory and Authentication (Part 1) (Kerberos)
for an explanation of using Kerberos & GSS-API.
3. If the users are not performing an interactive logon to your Active Directory, but you want to provide a federated single sign-on experience, then you may be interested in Active Directory Federation Services which uses SAML 1.0 tokens & WS-* to assert claims. Information on ADFS can be found at
Two third party ISV's; Vintela and Centrify both provide solutions for non-Windows Web Servers to enable the second & third scenarios.