I was following this topic and wanted to ask if any one here have specific experience with ADAM and manageing users which are of the user objectClass. I am a computer programmer and maintain a php application (SSO) that communicates with ADAM thru LDAP. I have successfully set up my ADAM (AD LDS) instance on Windows Server 2003 and do use ADAMSync to sync user accounts from AD into ADAM with no real issues.
I have setup a bind-user which is a userProxy object which successfully supports a simple bind (redirection to AD) providing Readers role access to ADAM via LDAP port 389. What I am doing is designing a LDAP SSO solution to support an AD/ADAM backend. This will afford me a simpe method to authenticate my users via a PHP application against Active Directory. I do have scheduled tasks configured and scripts written which help populate my ADAM instance with AD user accounts.
My issue here is getting user passwords to Sync from AD -> ADAM for each distinguishedName (simple user account). When I used ADSIEdit to set the users password in ADAM my PHP application will authenticate via LDAP and pull the sAMAccountName and password for simple authentication. The main issue I am having is getting those passwords (userPassword) which is defined in AD to successfully Sync with ADAM for each user object class that is enabled in AD.
Any help would be simply appreciated as I am fairly new to how AD stores user account password info. I have made note that the userPassword attribute is available but not set in ADAM. Is it possible to modify the ADAMSync.xml to sync passwords for each AD user instance in ADAM? If not how can I get those user passwords from AD into ADAM.
Thanks in advance!!
Bookmarks