Discussion:
sAMaccount attribute in proxy users
(too old to reply)
Ranga
2006-05-09 16:45:46 UTC
Permalink
is it possible to have the sAMaccount attribute for a proxy user when
you use ADAM??

Thanks in advance.
Paul Williams [MVP]
2006-05-09 19:14:40 UTC
Permalink
For what purpose? If the class in question doesn't have a sAMAccountName
attribute, you can add it (auxiliary class, perhaps). However, you will
need to write functionality to handle this attribute into your apps, as I
don't believe ADAM will allow a bind using it.
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
Ranga
2006-05-09 20:10:37 UTC
Permalink
Here is a little back ground
I used adamsync to create about 150 proxy users from AD to ADAM.
However i need the username to be either the form of our login name
scheme eg 20165ap or an email address ***@domain.com at the moment it
is creating proxy users as firstname last name so it winds up been
"cn=firstname Lastname"dc=domain,dc=com
i can not seem to bind, so i wanted to try bind using a different name
that references that proxyuser
Lee Flight
2006-05-09 22:49:16 UTC
Permalink
Hi

you should be able to bind by distinguishedName.
Another thing to try is to add userPrincipalName to
your userProxy class (if you are using the MS supplied
userProxy ldf it's then the attribute is present by default).
Set a value for userPrincipalName on one of your proxies
and try binding using that (recall that userProxy bind is a
simple bind and requires a secure channel by default).

If that works and the AD user objects have suitable
userPrincipalName values set you could ADAMSync
those to your userProxies by adding userPrincipalName
to your <include> attribute list in your ADAMSync XML
config file.

Lee Flight
Post by Ranga
Here is a little back ground
I used adamsync to create about 150 proxy users from AD to ADAM.
However i need the username to be either the form of our login name
is creating proxy users as firstname last name so it winds up been
"cn=firstname Lastname"dc=domain,dc=com
i can not seem to bind, so i wanted to try bind using a different name
that references that proxyuser
Ranga
2006-05-10 14:03:27 UTC
Permalink
Hi Lee,
I managed to get the userPrincipalName added to the proxy users, how
ever i am still un able to bind
0 = ldap_set_option(ld, LDAP_OPT_ENCRYPT, 0)
res = ldap_simple_bind_s(ld, '***@bg.lan', <unavailable>); // v.3
Error <49>: ldap_simple_bind_s() failed: Invalid Credentials
Server error: <empty>
-----------
I can bind as the currently logged on user.
but when i try bind as a test user that has administrator roles i get
this
res = ldap_simple_bind_s(ld, 'cn=test,dc=burgiss,dc=sso',
<unavailable>); // v.3
Error <49>: ldap_simple_bind_s() failed: Invalid Credentials
Server error: <empty>
-----------

so there has to be something that i am missing here i am not sure what
it is, any ideas?
Lee Flight
2006-05-10 19:45:26 UTC
Permalink
Hi

are you using a secure channel for the proxy bind
as required by default? See:

http://technet2.microsoft.com/WindowsServer/en/Library/f0db9c4b-5c40-4548-8ac7-677682a3ec051033.mspx


Lee Flight
Post by Ranga
Hi Lee,
I managed to get the userPrincipalName added to the proxy users, how
ever i am still un able to bind
0 = ldap_set_option(ld, LDAP_OPT_ENCRYPT, 0)
Error <49>: ldap_simple_bind_s() failed: Invalid Credentials
Server error: <empty>
-----------
I can bind as the currently logged on user.
but when i try bind as a test user that has administrator roles i get
this
res = ldap_simple_bind_s(ld, 'cn=test,dc=burgiss,dc=sso',
<unavailable>); // v.3
Error <49>: ldap_simple_bind_s() failed: Invalid Credentials
Server error: <empty>
-----------
so there has to be something that i am missing here i am not sure what
it is, any ideas?
Ranga
2006-05-12 15:30:36 UTC
Permalink
Yes i was,
i realize half the problem the other day with the kind assistance of an
individual from microsoft. Pretty much my proxy users can not
authenticate, because there is no trust between the adam workgroup and
the active directory domain. I am going to have to change our
implementation to get adam into its own domain. But that still doesnt
resolve the problem i am having with the adam users not been able to
authenticate. I will keep working at it. Thanks for your patience, i
am just learning this now!

Loading...