Connecting Azman to ADAM

Discussion in 'Active Directory' started by Shikari Shambu, May 27, 2004.

  1. Hi,
    I am trying to leverage Azman and ADAM for application authentication/
    authorization.

    I installed ADAM on the machine, imported the Azman ldf during the install
    etc...

    However, the Azman does not see the ADAM instance. It keeps saying there is
    no Active Direcotry Store.

    How can fix this error?

    TIA
     
    Shikari Shambu, May 27, 2004
    #1
    1. Advertisements

  2. Azman can use ADAM as a policy store, but not (yet) as a user store. To
    create a policy store in ADAM, specify the URL as
    "msldap://server:port/CN=root,CN=adam_partition,DC=com" when creating the
    store.

    --
    Dmitri Gavrilov
    SDE, Active Directory Core

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Use of included script samples are subject to the terms specified at
    http://www.microsoft.com/info/cpyright.htm
     
    Dmitri Gavrilov [MSFT], May 28, 2004
    #2
    1. Advertisements

  3. Is it possible to link AzMan LDAP Query Groups to Windows file, folder, and
    share permissions?
     
    Peter L. Thomas, Jun 18, 2004
    #3
  4. I don't believe so, unless you implement a proxy service that will deliver
    data to the user. AzMan is an application library that you use to implement
    RBAC in your application. Windows does not use AzMan itself.

    --
    Dmitri Gavrilov
    SDE, Active Directory Core

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Use of included script samples are subject to the terms specified at
    http://www.microsoft.com/info/cpyright.htm
     
    Dmitri Gavrilov [MSFT], Jun 18, 2004
    #4
  5. That's a darn shame--because in this case the business rules we're trying to
    implement all apply to access to "plain old" files and folders in a Windows
    share...the only (slightly convoluted) way I can see of getting to what I
    want would be to share the files via WebDAV and use the urlauth.dll filter
    to access the Authorization Manager.

    Unfortunately, the access rules are dynamic--right now I'm looking at having
    to create positive and negative groups in order to implement the biz rules
    with traditional ACLs; an administrative challenge, because the sysadmin has
    to remember to add a user to the positive group and remove them from the
    negative group (or vice versa) when a user is granted a specific role.

    In this case, a user must have multiple roles assigned to access
    resources...they must also have the appropriate roles to create files in
    folders.
     
    Peter L. Thomas, Jun 22, 2004
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.