Re: The specified Directory Service has denied access

Hello, to allow anonymous connection to the ADAM instance application
directory partition you will need to modify dsHeuristics setting for
the instance. See:

ADAM Help File
How To section
Manage an ADAM instance
Allow anonymous LDAP binding to an ADAM instance


You then need to modify the ACEs on the partition entries using
DSACLs or by adding a security principal to one of the ADAM builtin
roles for the partition e.g. Readers role.



--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services


No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Resources

"Lady Frances" <LadyFrances@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:576BDEE8-B646-4BDF-9897-FC3A4D2320DD@xxxxxxxxxxxxxxxx
I have installed ADAM on a front-end server which is in the DMZ.
There is no problem accessing the ldap directory from our network i.e.
when
one is logged onto the domain.

But when trying to access the directory from the internet (using wab), I
get
the following error: "The specified Directory Service has denied access.
Check the Properties for this Directory Service and verify that your
Authentication Type settings and parameters are correct.".

I noticed that the system hosting ADAM uses the client's Windows logon
information and not the Directory Service Account information. The event
viewer shows this:

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 17.05.2006
Time: 10:05:38
User: NT AUTHORITY\SYSTEM
Computer: [Server hosting the ADAM instance]
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: [Windows XP logon username]
Domain: [Client workstation name]
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM

Is there any specific configuration I need to enable the ldap directory to
be accessed using the credentials provided as the Directory's Service
Account, regardless of what information is used to log onto the Windows
session?

Thanks in advance,
Frances


.

Relevant Pages

  • Re: ADAM Partitions on Separate Servers
    ... partition for the later subsidiary on a second ADAM instance and then ... on the original ADAM instance create a cross reference for that partition.. ...    that it will generate an LDAP referral for the client and the client will ... of multiple subsidiaries. ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADAM Partitions on Separate Servers
    ... So when you say root and branch is that like: ... partition for the later subsidiary on a second ADAM instance and then ... on the original ADAM instance create a cross reference for that partition. ... of multiple subsidiaries. ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADAM Partitions on Separate Servers
    ... Clearly you can create two independent ADAM instances but if need ... partition for the later subsidiary on a second ADAM instance and then ... on the original ADAM instance create a cross reference for that partition. ... of multiple subsidiaries. ...
    (microsoft.public.windows.server.active_directory)
  • Error in creating ADAM application partition
    ... I already created an application partition when I installed ADAM instance. ... After the new application directory partition is added, ... Error 0x2073 An attempt was made to add an object using an RDN that is not ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADAM and Directory Partitions
    ... The schema and configuration are common to any number of ADAM instances ... within the same configuration set. ... identified with the data you've provided; scale in terms of partition ... partition in the same adam instance but have another set of attributes ...
    (microsoft.public.windows.server.active_directory)