Re: Active Directory to ADAM Sync Password question
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 19 Jun 2008 23:40:04 -0500
You can't read passwords out of AD or sync them with ADAMSync.
However, I'm confused by your statement as bind proxy objects are designed
specifically so that you can have an object in ADAM to do a simple bind on
and have the actual authentication be performed directly against AD, thus
eliminating the need to sync the password in the first place.
Can you explain in more detail what that problem here is.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"chienine" <chienine.3ba4rd@xxxxxxxxxxxxx> wrote in message
news:chienine.3ba4rd@xxxxxxxxxxxxxxxx
I was following this topic and wanted to ask if any one here have
specific experience with ADAM and manageing users which are of the user
objectClass. I am a computer programmer and maintain a php application
(SSO) that communicates with ADAM thru LDAP. I have successfully set up
my ADAM (AD LDS) instance on Windows Server 2003 and do use ADAMSync to
sync user accounts from AD into ADAM with no real issues.
I have setup a bind-user which is a userProxy object which
successfully supports a simple bind (redirection to AD) providing
Readers role access to ADAM via LDAP port 389. What I am doing is
designing a LDAP SSO solution to support an AD/ADAM backend. This will
afford me a simpe method to authenticate my users via a PHP application
against Active Directory. I do have scheduled tasks configured and
scripts written which help populate my ADAM instance with AD user
accounts.
My issue here is getting user passwords to Sync from AD -> ADAM for
each distinguishedName (simple user account). When I used ADSIEdit to
set the users password in ADAM my PHP application will authenticate via
LDAP and pull the sAMAccountName and password for simple authentication.
The main issue I am having is getting those passwords (userPassword)
which is defined in AD to successfully Sync with ADAM for each user
object class that is enabled in AD.
Any help would be simply appreciated as I am fairly new to how AD
stores user account password info. I have made note that the
userPassword attribute is available but not set in ADAM. Is it possible
to modify the ADAMSync.xml to sync passwords for each AD user instance
in ADAM? If not how can I get those user passwords from AD into ADAM.
Thanks in advance!!
--
chienine
------------------------------------------------------------------------
chienine's Profile: http://forums.techarena.in/member.php?u=51777
View this thread: http://forums.techarena.in/showthread.php?t=989062
http://forums.techarena.in
.
- Follow-Ups:
- Re: Active Directory to ADAM Sync Password question
- From: Tomasz Onyszko
- Re: Active Directory to ADAM Sync Password question
- References:
- Active Directory to ADAM Sync Password question
- From: chienine
- Active Directory to ADAM Sync Password question
- Prev by Date: Re: import error with ldifde
- Next by Date: Re: GPO for opening home page in new tab not working in IE7
- Previous by thread: Active Directory to ADAM Sync Password question
- Next by thread: Re: Active Directory to ADAM Sync Password question
- Index(es):
Relevant Pages
|
