Re: Adam Sync Issue

You need to use simple bind in LDP to authenticate an ADAM user. The
default in LDP is secure bind which only authenticates Windows users. Use
the radio button to select simple bind and try again. Make sure you also
set a password on the user in ADAM and enable it by setting
msds-userAccountDisabled to FALSE before trying to bind.

I'm not sure how to make the membership provider do a simple bind. You
would think I'd know this, but I don't. :) If it is possible, there is
probably a configuration setting somewhere that allows you to change the
auth flags. However, if you switch to simple bind, you can no longer
authenticate AD user via bind redirection as that requires secure bind.

It gets a bit tricky.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"sujaseb via WinServerKB.com" <u40869@uwe> wrote in message
news:7f18be3f04bf7@xxxxxx
Thanks Joe,

I created a user in ADAM and set the userprincipal property. I have a
login
control and I need to authenticate the username password fields againt
ADAM

This is the path to my ADAM istance.
msldap://localhost:50000/CN=AzManADAMStore, DC=ExternalInternal, I have
configured this in the membership provider, but the authentication always
says false.

I tried to bind the user that I created using the ldp tool, but I cant.The
DN
of the user is CN=Suja Vincent,DC=ExternalInternal

I entered the username as userprincipal and password that I have resetted.

But I dont know the domain name :-(





Joe Kaplan wrote:
There are a bunch of ways you could solve that. You could potentially
store
the users in ADAM. That could be the same ADAM instance you use for your
AzMan policy store or potentially a different one.

The big trick here is that you'll need a way to authenticate these users
to
the app (perhaps the AD membership provider configured to talk to ADAM?)
or
perhaps ADFS or something. You could also set up a separate AD forest if
you like.

There is a lot of design stuff to consider when mixing internal and
external
users from different identity stores. You might want to read some of the
articles out there that have been written about this kind of scenario.

Joe K.

That is great. How can I deal with the external user who is not a member
of
[quoted text clipped - 29 lines]
between
AD and ADAM?

--
Message posted via WinServerKB.com
http://www.winserverkb.com/Uwe/Forums.aspx/windows-server-ad/200802/1



.