Re: ADAM Sign in Problem

Are you trying to do simple bind with a Windows user? If so, you can't do
that unless you create a bind proxy for that user. By default, ADAM can
only bind Windows users using a secure (SASL) bind. You can try that in
LDP.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Torsten" <Torsten@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8A35F142-3FD2-44C6-AEDE-3A09B72ABBFD@xxxxxxxxxxxxxxxx
Sry for those spam double post.......

ie7 beta alwas bring error but still do do the reply post :/

"Torsten" wrote:


Hi,

to 1) We sync our Acitve Directory to the Test ADAM Instance and trie to
bind with the user we gave Admin Rights in Installation Process. The user
do
exist in the Adam Instance and ist not disabled.

The result of the simple bind with ldp look like this :

0 = ldap_set_option(ld, LDAP_OPT_ENCRYPT, 0)
res = ldap_simple_bind_s(ld, 'tscheussner@xxxxxxx', <unavailable>); //
v.3
Error <49>: ldap_simple_bind_s() failed: Ungültige Anmeldeinformationen
Server error: <empty>

To 2) Yes the user above has Full Access Controll explicited granted with
dsacls tool. We do this due the troobleshooting.

Owner: CN=Administrators,CN=Roles,DC=hdt,DC=COM
Group: CN=Administrators,CN=Roles,DC=hdt,DC=COM

Access list:
Allow HDT\tscheussner SPECIAL ACCESS
LIST CONTENTS
READ PROPERTY
Allow HDT\tscheussner FULL CONTROL

I have no more Ideas, cause everything looks like simple bind have to
work,
but it doesnt work :(

Kind and regard

Torsten
"Lee Flight" wrote:

Hi

two things to look at:

1) what account are you attempting to bind with? If it is a user that
you
have
created in ADAM then it will need to use an LDAP simple bind. You
need
to make sure that it works with ldp.exe. A common problem is that
the
account is disabled due a password that does not conform to the
password
policy. Search for msDS-UserAccountDisabled in ADAM Help.

2) Access control. When you have an account that does authenticate to
ADAM
correctly you will need to grant it access to the content of the
directory, nesting
the ADAM Users role in the ADAM Readers role is a useful start when
using
ADAM accounts. If you are using a single account from your proxy to
access
ADAM then add just that account to the Readers role. Search for
"Administering access control" in ADAM help.

Lee Flight


"Torsten" <Torsten@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6A0056A9-45B1-4194-9B58-0CF363613AF4@xxxxxxxxxxxxxxxx
Hi,

first, in my bad english, what we want to use ADAM for.

ADAM Instance in the Perimieter Network, a Mail Hub and SPam Filter
should
do the recipient Check with ldap on the ADAM Instance.

The things in the initial Setup works fine. Install the ADAM
Instance, Add
the Schema, Configuring ADAMSYNC, and the synchronisation.

The Problem we have, that we cant browse the UserInformation with a
standard
ldap browser. When we trie to Bind with user and password we alwas
got a
"Invalid credentials Error" We tested, like in the Step by Step
guide,
with
wpa.exe and SPA for authentication. Everything works fine. ldp.exe
only
works
if we use "bind as curently logged in User" direct on the Workstation
with
the ADAM Instanz. The "simple bind" with user and Password does´nt
work to
browse dc=test dc=com.

For the Bind with the standard ldap Browser we use all kind of
formats
like
user@domain, domain\user and the full DN. Always the same error
"invalid
credentials". When we trie to bind with the Username without Password
we
can
see the dc=test,dc=com but not the user information. So we think
anonoumys
acces works fine.

The Same problem in the test with the Mail Proxy Application, there
is no
way to authenticate agains the ADAM Instance to browse
userinformations,
always the same error.

need a little help, i thought adam was made for solutions like above.

Is there a way to allow anonymous browsing on the user information ?
Or
what
have we to do that the Spamfilter Application can authenticate for
browsing
the Adam Instance User Objects.

Kind and regards

Torsten





.

Relevant Pages

  • Re: Binding to ADAM with a Windows Account
    ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... To bind with a Windows account to ADAM, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Binding to ADAM with a Windows Account
    ... To bind with a Windows account to ADAM, ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.windows.server.active_directory)
  • Re: Problem by bind to ADAM Server with DN
    ... if the msDS-UserAccountDisabled is not set then the account is ... ADAM ADSIEdit has a right-click Reset Password for user objects ... If the account exists in ADAM then you will need a simple bind, ... domain account is used then the ADAM instance server must ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADAM and Windows Address Book
    ... ADAMSync supports converting users to ... the bind proxy allows your users to hard code their AD ... credentials in the WAB settings in order to authenticate. ... here is not having to give out the password to a fixed account, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Error in ADAM bind redirection
    ... a windows domain account? ... You only need a userProxy if your application ... must make a simple LDAP bind, if the application can make a secure ... control for the AD accounts to the ADAM data. ...
    (microsoft.public.windows.server.active_directory)
Loading