Breaking News

Friday, April 2, 2010

Active Directory Application Mode (ADAM)

Active Directory Application Mode (ADAM):

Couple of projects ago, I had this SSO scenario to be implemented in a web app using LDAP to access Active Directory; having no access to any Active Directory - let alone a test environment - I was compelled to go through the ADAM and had myself it running to test the scenario.

ADAM enables you to create a practice environment for developing Active Directory Service Interfaces(ADSI) scripts, without having to install Active Directory. Learn how to set up and configure ADAM on any Windows XP Professional or Windows 2003 computer, and see how you can use ADAM as a workbench for writing scripts that manage such things as users, groups, contacts, inetOrg persons, and organizational units.

Well, if you want a detailed technical explanation, you came to the wrong place; instead, check out the whitepapers found here for more information.

A good idea for overview of ADAM, by Greg Stemp, is Madam, I'm ADAM. The article discusses about browing through a directory, using ADAM, binding to an instance, creating an Organizational Unit(OU), creating a user account, showing all users in OU; though the code used is VB.NET but you can always convert the snippet from online language translators.


Use ADAM for Roles in ASP.NET 2.0 is if you are doing a web app.

This article shows how to develop an ASP.NET Web site that uses Active Directory Application Mode (ADAM); which was the case that I had with my project. It shows how to configure ADAM and the Authorization Manager (AzMan) policy store - though I did not get into much of AzMan as I did for ADAM; created a few roles, and users, and started testing the web app against the SSO scenario that I had in hand.

Using ADAM as a roles-store is a good solution for applications accessed over an intranet or extranet where the user accounts store is Microsoft Active Directory® directory service or ADAM and where the application requires application-specific roles that are different from Active Directory group.

Erlend has discussed in detail and thorough ADAM related functionality.


ADAM installation:
1. Download and install ADAM from here.
2. Run the installer
3. Select "unique instance"
4. Provide the instance name
5. Select a free ports
6. Select "Yes, create an application directory"; and provide an organization name
7. Select a place for file
8. Select default for `Service Account Selection`
9. Select "Currently logged on account" for ADAM Adminstrators
10. Import "MS-User" and "MS-Userproxy"
11. Click next to finish.

ADAM configuration:
1. Open "ADAM ADSI Edit" from the ADAM program group in your start menu


2. Select "Action-->;Connect to..."
3. For name use [instance name] + "directory" ("MyInstance directory")
4. Alter the correct portnumber in the Port textbox (40000)
5. Choose "Distinguished name" and enter the distinguished name of your instance ("O=MyDirectory")

6. Click "Ok"
7. Right-click the "O=MyDirectory"-folder and select "New" and "Object..". Rename "OrganizationalUnit" to "Users".

8. Right-click the new "OU=Users"-folder and select "New" and "Object...". Select "user" and give the user an admin-like name ("ADAMAdmin"). We have now created our ADAM-adminuser
9. Right-click the "CN=ADAMAdmin"-account and choose "Reset password". Choose a sensible admin password.
10. Double-click the "CN=ADAMAdmin"-user and set the "msDS-UserAccountDisabled" to False
11. Go to the "CN=Roles"-folder and double-click the "Administrators"-account. Locate the "member" attrbitute and double-click it. Choose "Add ADAM-account" and enter the distinguished name of your newly created user (CN=ADAMAdmin,OU=Users,O=MyDirectory). Click the Ok-buttons to close the editor.
12. Close the "ADAM ADSI Edit" app.

WEB.config configuration?
In web.config, add following connection string:

 


Add membership provider:




 

All the way towards development, this guy, Will Asrari, helped like anything! Quite a collection of C# code snippets to browse through the active directory.

If you are interestd in getting to know "How to get the list of UserIDs from active directory", then read this post. And an issue that I came across that active directory was not showing all of the users.

If you are interested in building Custom Providers for ASP.NET 2.0 Membership; then this would helpful - though I just skimmed through the article but the amount of code and detail is worth some time!

Happy dating with ADAM! (0:

No comments:

Post a Comment

Designed By Published.. Blogger Templates