Binding to ADAM with ADAM Account using ADSIEdit

Discussion in 'Active Directory' started by Jeffrey Harris, Jun 13, 2005.

  1. Does ADSIEdit work when using ADAM accounts for bind information?

    In ADSIEdit, I specify the server, and port number of the ADAM instance, and
    use the full DN of a user object in the directory, but ADSIEdit refuses to
    accept it. The user account is in the reader and ADMIN roles for the
    partition. If I use another browser tool, such as Softerra's LDAP browser, I
    have no problems accessing the directory.

    I have found no documentation on ADSIEdit which discusses any information on
    bind accounts.
     
    Jeffrey Harris, Jun 13, 2005
    #1
    1. Advertisements

  2. Jeffrey Harris

    Lee Flight Guest

    Hi

    I think the likely explanation is that ADSIEdit will only perform
    a secure windows bind and for a native ADAM principal you
    need LDAP simple bind.

    [ldp.exe will perform an LDAP simple bind]

    Lee Flight
     
    Lee Flight, Jun 13, 2005
    #2
    1. Advertisements

  3. Lee,

    Thanks for the explanation, but since ADSIEdit is the primary tool for
    interfacing with ADAM, I would expect that it would work with ADAM accounts.

    Also puzzling is if ADAM is supposed to be service-level Active Directory,
    why is the functionality of ADAM with regard to secure binding different than
    Active Directory? The help file for ADAM explicitly states that ADAM
    supports the same authentication or binding methods as Active Directory.
    Therefore, it should support secure Windows bind with ADAM, and ADAM user
    accounts.

    Thanks,

    Jeffrey Harris

     
    Jeffrey Harris, Jun 14, 2005
    #3
  4. Jeffrey Harris

    Lee Flight Guest

    Hi

    inline below...

    Not sure about "primary tool" it's probably more accurate to say the "only
    Microsoft provided GUI tool for directory tree operations for ADAM"
    and as such I would agree with you it has problems. The initial release
    of ADAM was aimed at developers and as such there are no enterprise
    level admin tools at present.
    as above
    ADAM supports LDAP SASL bind for Windows principals, ADAM
    security principals are differentiated by requiring an LDAP simple bind.
    The full story is in the "Authentication in ADAM" section of the ADAM
    Technical reference:

    http://www.microsoft.com/technet/pr...Ref/7cfc8997-bab2-4770-aff2-be424fd03cda.mspx

    Lee Flight
     
    Lee Flight, Jun 14, 2005
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.