AzMan/ADAM AccessCheck exception

Discussion in 'Active Directory' started by Don Edwards, Nov 17, 2006.

  1. Don Edwards

    Don Edwards Guest

    I'm using the example code posted here
    http://blogs.msdn.com/azman/archive/2006/05/06/591230.aspx to authenticate
    users in an ADAM instance and also to query their group membership. I am able
    to authenticate a user and get their SID, groupTokens SIDs, and DN, open the
    ADAM store to set the IAzApplication2 object, create an emply
    IAzClientContext2, ... but when it comes to making the
    IAzClientContext2.AccessCheck call I get the following error:

    "The security identifier provided does not have a domain component.
    (Exception from HRESULT: 0x800704EA)"

    I've found that if I manually set the IAzClientContext2.RoleForAccessCheck
    property to any value I don't get the error, but I don't get valid data back
    either (values of 5 returned for all my resource ids). Even if I could get
    this to work, it wouldn't be correct as resource checks should be based upon
    the LDAP Application Groups in AzMan combined with the
    IAzClientContext2.LDAPQueryDN value, not on RoleForAccessCheck.

    My application code is running on a XP SP2 machine on the same domain as the
    2003 R2 server where AzMan 5.2 /ADAM 1.1 are running.

    Thanks for any suggestions.
    Don
     
    Don Edwards, Nov 17, 2006
    #1
    1. Advertisements

  2. Don Edwards

    Joe Kaplan Guest

    You might want to post this question on the platformsdk.security newsgroup
    too. I've seen the most AzMan questions get answered there. Most people in
    this group have never heard of AzMan.

    Joe K.
     
    Joe Kaplan, Nov 17, 2006
    #2
    1. Advertisements

  3. Don Edwards

    nickb

    Joined:
    Dec 7, 2011
    Messages:
    1
    Likes Received:
    0
    I have the same issue with all 5s being returned

    Did you ever find a solution for this?
     
    nickb, Dec 7, 2011
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.