IAG 2007 Community Wiki

If you wish to interface with an ADAM repository, create a custom RepositoryType.xml and add this entry. Note this assumes that you wish to use passwords stored in ADAM, not Active Directory, and that ADAM is set up to serve as a standalone LDAP server. You should probably use the Active Directory base type if you wish to use ADAM to store additional attributes, but authenticate via Active Directory.

Tweak according to your schema: 
<RepositoryTypes>
    <Version>1</Version>
	<RepositoryType>
		<Type>My own directory</Type>
		<BaseType>LDAP</BaseType>
		<Info>
			<GUIType>LDAP</GUIType>
			<FullNameAttr>cn</FullNameAttr>
			<LoginNameAttr>uid</LoginNameAttr>
			<Person>person</Person>
			<Group>group</Group>
			<MemberAttr>member</MemberAttr>
			<MemberOfAttr></MemberOfAttr>
			<Contexts>namingContexts</Contexts>
			<Prefix></Prefix>
			<ConnectType>Simple</ConnectType>
			<CrackType></CrackType>
			<ProtocolType>TCP</ProtocolType>
			<ForeignDn></ForeignDn>
			<PasswordAttr>userPassword</PasswordAttr>
			<WhaleType>Netscape LDAP Server</WhaleType>
			<LoginNameFilter></LoginNameFilter>
			<SupportedControlAttr>supportedControl</SupportedControlAttr>
			<SupportedControlValue>-</SupportedControlValue>
			<PasswordExpirationTimeAttr>passwordExpirationTime</PasswordExpirationTimeAttr>
			<LoginGraceLimitAttr>loginGraceLimit</LoginGraceLimitAttr>
			<LoginGraceRemainingAttr>loginGraceRemaining</LoginGraceRemainingAttr>
			<GroupMemberOfAttr></GroupMemberOfAttr>
		</Info>
	</RepositoryType>
</RepositoryTypes>

Also, this assumes you can connect via LDAPS to ADAM. That's somewhat complicated to set up in ADAM, so for testing, you may wish to do the following to ADAM:

  • Open an ADAM Tools command prompt.
  • At the command prompt, type dsmgmt.
  • At the dsmgmt prompt, type ds behavior.
  • At the ds behavior prompt, type connections.
  • At the connections prompt, type connect to server computername:portnumber, where computername:portnumber represents the ADAM instance to which you want to connect.
  • At the connections prompt, type q.
  • At the ds behavior prompt, type allow passwd op on unsecured connection.
  • To exit, type q twice.

If you wish to allow logging in with expired passwords etc., you need to do the following:

  • Open an ADAM Tools command prompt.
  • At the command prompt, type conf set
  • At the command prompt, type conn
  • At the command prompt, type conn to s localhost:389
  • At the command prompt, type q
  • At the command prompt, type set adamdisablepasswordpolicies to 1
  • At the command prompt, type comm chang
  • At the command prompt, type q
  • At the command prompt, type q

If IAG machine is domain joined, you may need to disable password complexity policy:

  • Open ADSI Edit
  • Right click on ADAM ADSI Edit root node
  • Select Connect to…
  • Connect to the Well-known naming context "Configuration"
  • Navigate to CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,CN=[GUID]
  • Right click on Directory Service
  • Select Properties
  • Edit attribute msDS-Other-Settings
  • Change the value ADAMDisablePasswordPolicies=0 to 1
  • Apply
  • Restart ADAM service

ScrewTurn Wiki version 2.0.22. Some of the icons created by FamFamFam. Here's an Imprint.
This site is not affiliated with, sponsored by or under the control of Microsoft Corporation. Microsoft is not responsible for any content contained within this web site. This site is not endorsed by Microsoft Corporation. Microsoft™, IAG 2007™, ISA Server™, Windows™ are either registered trademarks or trademarks of Microsoft™ Corporation in the United States and/or other countries.

See the Code of Conduct and Site FAQ for additional information.