Re: ADAM Hell

From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 27 Oct 2008 14:13:57 -0500

If I had to guess, I'd say that DNN is trying to use Windows authentication
to bind to ADAM instead of simple bind. I have no idea how their module
works, but that is the default behavior in .NET LDAP so it would not
surprise me. I don't know if they provide configuration options to change
the "authentication type" or security flags or anything, but that may be
needed. Perhaps if you provided more info about what options DNN gives you
for supplying the account settings to use for connecting to the LDAP
directory, we could tell.

Another way to get around with would be to create a Windows user on the ADAM
machine, supply those credentials to DNN and add that user to the readers
role in ADAM so it would have permissions to read the data. Windows users
can bind to ADAM and will be authenticated properly if Windows
authentication is used.

Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"mhanna" <mhanna.3hybzd@xxxxxxxxxxxxx> wrote in message
news:mhanna.3hybzd@xxxxxxxxxxxxxxxx

OK I finally got it working in LDAP Browser. However the DotNetNuke
module still will not connect. I get an error unknow user or bad
password. It can read fine from my AD Domain controller. What is the
full AD controller doing differently? How are the 2 databases different.
This module is connecting using LDAP://<server>/DC=site,DC=com and using
a username and password to authenticate. What is ADAM doing differently
from the Domain Controller? Also I can use a program from Sysinternals
Active Directory Explorer to browse my AD Domain but I cannot browse
ADAM with the same tool. Clearly these two implementations are not as
close to each other as I first thought.

--
mhanna
------------------------------------------------------------------------
mhanna's Profile: http://forums.techarena.in/members/mhanna.htm
View this thread: http://forums.techarena.in/active-directory/1062062.htm

http://forums.techarena.in

Follow-Ups:
- Re: ADAM Hell
  - From: mhanna

References:
- ADAM Hell
  - From: mhanna
- Re: ADAM Hell
  - From: Joe Kaplan
- Re: ADAM Hell
  - From: mhanna

Prev by Date: Re: Prevent changes to Administrator password
Next by Date: Need help extending the schema
Previous by thread: Re: ADAM Hell
Next by thread: Re: ADAM Hell
Index(es):
- Date
- Thread

Relevant Pages

Re: Query AD from DMZ via LDAP?
... You could use ADAM with passthrough authentication or bind proxy objects, ... Determining group memberships would be a bonus. ...
(microsoft.public.windows.server.active_directory)
Re: Random logon failure with ADAM Bind Proxy
... There was a similar problem discussed here a while ago, see "ADAM user ... I have been using ADAM bind proxy to authenticate users against AD. ... a.ADAM bindproxy authentication was working fine. ... DirectoryEntry user = new DirectoryEntry(userDN, ...
(microsoft.public.windows.server.active_directory)
Re: adam bind-redirect
... You won't be able to do a proxy bind if you don't have the ... This will work only if ADAM ... >>> being authenticated (as in windows authentication or ... >> of the bind proxy object in the ADAM naming context and the Windows ...
(microsoft.public.windows.server.active_directory)
Re: adam bind-redirect
... a third party doing authentication) then the proxy-redirect isnt an option. ... could benefit from bind redirect/User Proxy Object ... >> Our Adam will have a user store where we put custom user attributes. ... > Integrated authentication gives you a Windows security context ...
(microsoft.public.windows.server.active_directory)
Re: Update schema in ADAM from aremote machine
... The easiest solution is to use secure bind and bind as a windows principal ... If you create an ADAM user in config partition, and add him to config admins ...
(microsoft.public.windows.server.active_directory)