JDBC connections w/ AD login?

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • aj
    #1

    JDBC connections w/ AD login?

    I'm a newbie w/ SQL Server 2005.

    We will be connecting to SQL Server 2005 via JDBC. We have made this
    work by using an SQL Server account, rather than an Active Directory
    (AD) account, even though SQL Server IS in mixed authentication mode.
    Does mixed mode mean you can connect either way, but only using MS SQL
    Server interfaces (like Mgmt Studio), and not something like JDBC?

    Can we connect using JDBC w/ an AD login? If so, what form does the
    login take? Is the login not in 'DOMAIN/LOGIN' form?

    What is the best practice for this sort of thing? We would prefer to
    use AD logins (that a sysadmin creates) rather than having a separate
    (and probably equal) set of SQL Server logins.

    Any help appreciated.

    thanks

    aj
    Tags: None
    • Erland Sommarskog
      #2
      Re: JDBC connections w/ AD login?

      aj (ronald@mcdonal ds.com) writes:
      I'm a newbie w/ SQL Server 2005.
      >
      We will be connecting to SQL Server 2005 via JDBC. We have made this
      work by using an SQL Server account, rather than an Active Directory
      (AD) account, even though SQL Server IS in mixed authentication mode.
      Does mixed mode mean you can connect either way, but only using MS SQL
      Server interfaces (like Mgmt Studio), and not something like JDBC?
      I don't know JDBC, but I would be very surprised if JDBC would not
      support SQL authentication
      Can we connect using JDBC w/ an AD login? If so, what form does the
      login take? Is the login not in 'DOMAIN/LOGIN' form?
      No, it's not. When you use Windows authentication you don't specify
      any login at all. All you do is to specify something like
      "Trusted_connec tion=yes" or "Integrated Security=SSPI" in the connect
      string. (Again, since I don't know JDBC, I cannot say how you do
      there.) You will then log into to SQL Server with the Windows user
      you are already logged in with in Windows. That is, you cannot
      log in as DOMAIN\Knutte in Windows, and the log in as DOMAIN\Evapeva
      in SQL Server.
      What is the best practice for this sort of thing? We would prefer to
      use AD logins (that a sysadmin creates) rather than having a separate
      (and probably equal) set of SQL Server logins.
      Windows authentication is considered best practice, although there
      are some improvements with SQL logins in SQL 2005.

      Windows authentication is also better from a user perspective, as
      SQL logins means users will need to know one more username and
      password.

      The situation when you need SQL login is when Windows authentication
      will not work, for instance if there are users accessing SQL Server
      from a non-trusted domain.

      --
      Erland Sommarskog, SQL Server MVP, esquel@sommarsk og.se

      Books Online for SQL Server 2005 at
      http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx

      Books Online for SQL Server 2000 at
      http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx

        Comment

        Previous template Next
        Working...