Re: Bug in ADAM/AzMan integration? Roles placed in AzTaskObjectContain
From: Lee Flight (lef_at_le.ac.uk-nospam)
Date: 12/31/04
- Next message: Michael Herman \(Parallelspace\): "Re: MS ADAM/AD: Absolute simplest repl/sync solution for MS ADAM on 2 or more WinXP machines?"
- Previous message: Roy T: "how to reset all the folder redirection setting?"
- Next in thread: Patrick Barnes: "Re: Bug in ADAM/AzMan integration? Roles placed in AzTaskObjectCon"
- Reply: Patrick Barnes: "Re: Bug in ADAM/AzMan integration? Roles placed in AzTaskObjectCon"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 31 Dec 2004 00:19:44 -0000
Inline below...
"Patrick Barnes" <PatrickBarnes@discussions.microsoft.com> wrote in message
news:49174C45-A3E1-4302-95B2-581742C1956F@microsoft.com...
> I'm on a project where we are storing Authorization Manager (AzMan)
> objects
> in an ADAM partition. This appears to be fairly uncharted territory, so
> perhaps no one else has seen this; but I've discovered that when I create
> a
> role in AzMan.msc and then view it in ADAM ADSI Edit that the role is
> placed
> in the AzTaskObjectContainer, not the AzRoleObjectContainer as I would
> expect.
When I tried this I created a new Role definition for an application,
that definition was created in AzTaskObjectContainer as an instance of the
msDS-AzTask class.
I then assigned the role under Role Assignments for the application in the
AzMan MMC and the role was created in the AzRoleObjectContainer
as an instance of the msDS-AzRole class.
That seemed like reasonable behaviour and was the same for stores in both
AD (W2003) and ADAM.
> P.S. While I'm on it, I could find no documentation for opening or
> creating
> an AzMan store in ADAM. Through trial and error my dev partner discovered
> that you have to specifiy an LDAP connection string as the Store name
> (after
> selecting the Active Directory option in the Open Authorization Store
> dialog). For example:
>
> LDAP://localhost:1129/CN=Program Data,DC=contoso,DC=com
>
> Note that "CN=Program Data," must come before your partition name.
Generally you want to create an application partition in ADAM
e.g. DC=Contoso,DC=com and then create a container
for your stores say, CN=AzStores and then in the AzMan MMC specify
msldap://ADAMServer:ADAMport/cn=mystore,cn=AzStores,dc=contoso,dc=com
i.e. specify a container below the parent and let AzMan create it.
If you are interested in using ADAM principals in AzMan you might want to
look
at
http://support.microsoft.com/default.aspx?scid=kb;en-us;883933
Lee Flight
- Next message: Michael Herman \(Parallelspace\): "Re: MS ADAM/AD: Absolute simplest repl/sync solution for MS ADAM on 2 or more WinXP machines?"
- Previous message: Roy T: "how to reset all the folder redirection setting?"
- Next in thread: Patrick Barnes: "Re: Bug in ADAM/AzMan integration? Roles placed in AzTaskObjectCon"
- Reply: Patrick Barnes: "Re: Bug in ADAM/AzMan integration? Roles placed in AzTaskObjectCon"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
