Re: ADAM Authentication
- From: "Aaron" <Aaron.Smith@xxxxxxxx>
- Date: 21 Jul 2006 09:54:49 -0700
If, from within WAB, I go to Tools -> Accounts and select the account
for the Adam directory, I have "This server requires me to log on"
checked and then the userid (DOMAIN\userid) and password are filled in.
The setup works as long as you run WAB from a machine that is logged
into the domain, and THAT part looked good yesterday. But today I come
in and it's not working on the SSL port. I can connect with LDP and
authenticate and bind and search through the directory, but if I try
searches with WAB it says there are no entries in the directory that
match my search criteria. But only if I use SSL. If I change NOTHING
else, and just click off SSL, then searches work fine. o_0. The only
"errors" I see are when I connect via LDP with SSL and it shows this:
ld = ldap_sslinit("awsmithxp.knet.kzoo.edu", 636, 1);
Error 0 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3);
Error 0 = ldap_connect(hLdap, NULL);
Error 0 = ldap_get_option(hLdap,LDAP_OPT_SSL,(void*)&lv);
Host supports SSL, SSL cipher strength = 128 bits
Established connection to awsmithxp.knet.kzoo.edu.
The only change between then and now is that the machine was shutdown
and then restarted this morning.
Joe Richards [MVP] wrote:
In the directory properties tab of the WAB did you specify your userid
and password? If you don't, by default it will try to use the current
process security context.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Aaron wrote:
Ok. So I'm working on creating an Addressbook for domain users that
can be access remotely via LDAP. I've setup an ADAM instance and have
ported the user/mail information from our Active Directory domain into
this instance. If i'm using something like Windows Address Book
(wab.exe) from an account that is logged in to the domain, and bind to
ADAM using a windows domain security principal, then it works fine.
However, if I attempt to bind to the ADAM instance using that same
domain security principal while logged into an external machine that is
NOT a part of our domain (or part of a different domain) then the
authentication/bind fails. From looking at the packet traffic, it
appears to be attempting an authentication useing the credentials of
the logged in user. For Example:
Lets say my domain username is CAMPUS/aaron. If I'm logged in to my
workstation as CAMPUS/aaron and bind to ADAM using CAMPUS/aaron, it
works fine. However, if I go home, and log into HOME/joebob, and then
configure wab to bind to the ADAM server back at work using the
CAMPUS/aaron username and password, the authentication fails and I
would see an authentication attempt using HOME/joebob.
What do I need to do to allow my domain users to be able to
authenticate to the ADAM instance when they are NOT logged in to the
domain itself? Keep in mind that I do *not* wish to use anonymous
binding, users *must* authenticate before using the directory...
.
- Follow-Ups:
- Re: ADAM Authentication
- From: Joe Richards [MVP]
- Re: ADAM Authentication
- References:
- ADAM Authentication
- From: Aaron
- Re: ADAM Authentication
- From: Joe Richards [MVP]
- ADAM Authentication
- Prev by Date: Re: ADAM Authentication
- Next by Date: Re: make each domain user a local admin on his/her machine
- Previous by thread: Re: ADAM Authentication
- Next by thread: Re: ADAM Authentication
- Index(es):
Relevant Pages
|
