access domain user thru adam

Question

Hi

I'm using redmine (a rails ticket management) and I'd like users to be able to log with their net user and password.

I've followed the ADAM Step by Step Guide from Microsoft and setup an ADAM instance on my local machine.

http://www.microsoft.com/downloads/details.aspx?familyid=5163B97A-7DF3-4B41-954E-0F7C04893E83&displaylang=en

http://www.microsoft.com/downloads/details.aspx?displaylang=es&FamilyID=9688f8b9-1034-4ef6-a3e5-2a2a57b5c8e4

I've already managed to create a couple of adam accounts, set their password, and I coud connect to them from the rails app.

I had to enter the following conf in redmine:

host: localhost
port: 369
account: CN=admin,OU=ADAM users,O=Microsoft,C=US (an adam administrator account I've created)
password: xxx
base DN: O=Microsoft,C=US (taken from the step by step guide)

attribute to map to the name of the login: name

the problem is I'd like to be able to check against the domain users, not the user I manually add to the adam database...

so, I can already connect to an ldap server, how can I use it to validate against domain accounts?

is there some way to achieve this???

-- windows xp SP3

adam sp1

redmine 0.8.3

ruby 1.8.6 (2008-08-11 patchlevel 287) [i386-mswin32]

Answer 1

You want "proxy authentication".

Description from link is below (my editorial comments in bold):

What Is Proxy Authentication? Proxy authentication allows a user to perform a simple bind to an AD LDS (aka ADAM) instance, while still maintaining an association to an Active Directory account.

Also see the "Binding Through an ADAM Proxy Object" section in the following link: Managing Authentication in ADAM