best grammar app

Microsoft Active Directory Manager Configuration for your BPM tool

Submitted by Abhishek on Mon, 2012-01-02 21:47
microsoft

For organizations that require flexible support for directory-enabled applications, Microsoft has developed ADAM, which is an LDAP directory service that runs as a user service, rather than as a system service. In Simple words if your BPM Tool (Savvion, BonitaSoft or similar) is running on a Non Windows Server environment (Say Windows XP or Windows 7) and you want to configure Active Directory on it, then this is the right tool.

 

This tool will explain how to setup Windows ADAM for your use. The actual instructions for setting up on your product can be found in your product manual.

 

Step 1: Download and Install Microsoft ADAM

If you want to download ADAM for your operating system click here.Once downloaded, follow the instructions to complete the installation. It’s a very simple installation where you just need to do "next".

 

Step 2: Create new ADAM instance

After installation, go to All Programs > ADAM > Create a New ADAM Instance. This will start the ADAM Wizard.

  • In the screen select the type of instance choose – A Unique Instance.
  • Enter the instance name as say BPMGeek Instance.

 

 

  •  Next, it will ask for LDAP Port number and SSL Port Number. Unless you have a reason to change it keep it to default – Port 389 and 50001.
  •  Next, it will ask for Create and Application Directory partition. Choose Yes and give it a name like say DC=bpmgeek,DC=com.

 

 

  •  In File locations, leave it to default.
  •  For Service account selection,  leave it to Network Service Account.
  • For ADAM Administrators, leave it to currently logged in user.
  • The Next Step is importing the correct LDIF Files. For best results import all four LDIF Files.
  • Click Next and complete the installation.

 

Step 3: Enable Non SSL Passwords

When you install ADAM, by default it will not allow you to reset username and passwords. You will need to enable password Reset using SSL. If you do not do it, you will get the error “Illegal Modify Operation” whenever you try to reset the password.

 

To fix it, go to All Programs  > ADAM > Adam Tools command prompt and run the following commands one by one (And press enter after each command. Refer to the command window below:)

  • dsmgmt
  • ds behavior
  • connect to server localhost:389
  • quit
  • allow passwd op on unsecured connection
  • quit

Once done you are good to go.

 

Step 4: Connect to your Directory

Lets now connect to the Directory server. All Programs > ADAM > ADAM ADSI Edit. In the window that appears, click on Action > Connect. Provide your connection parameters as given below:

Once connected, you can proceed to Managing Users.

 

Step 5: Adding Users container

If you are using the tool for the first time you will need to create a container for users.  Connect to your instance using ADSI Edit and go the base root i.e. DC=bpmgeek, DC=com.  Do right click > New > Object. In the wizard that starts choose container and then provide the name of the container as Users.

This Users container will hold all the users for you.

 

Step 6: Managing Users

You can use this step to Manage users anytime. Start the ADSI Edit tool and connect to you instance. Once connected, Browse to the DC=bpmgeek, DC=com path and do a right click > New > Object.

In the browser that starts choose  user.

Then click on next. In the next screen provide the name of the User.

Once you click finish, there will be a user created in the right side panel. Kindly note the Distinguished name for your user will be  CN=john, CN=Users, DC=bpmgeek, DC=com.

 

Step 7:Changing password for the User

When you click CN=Users, you will see all the users listed on the right. Right click on the user and click Reset Password. Now you can supply the new password.

 

Step 8: Making a User using which others can connect

Our current configuration is being done using the system login account. However, you will need a user who can connect remotely. For this follow the last step and create a user say “aduser” and set the password to say “adpasswd”. Then note down the DN for the user (which in our case will be CN=aduser, CN=Users, DC=bpmgeek,DC=com).

Now on the right side window under the node DC=bpmgeek, DC=com, you will see a leaf called CN=Roles. You will see  three roles:

  • Administrators
  • Readers
  • Users

For connections if you want just read capabilities, we will need to add our newly created aduser to the grop Readers. If write capabilities are required, choose Administrators. Do a right click > Properties. In the window that pops up choose member.

 

 

On double clicking you will see a list of administrators. Click on Add ADAM Account  and provide the DN Of the aduser we created 

 

 

Click OK  on all windows and come back to the main window.

That is it. Now the connectivity information for connecting to this instance of Active Directory from your Tool would be:

  • Server: localhost (or the IP Address of the server)
  • Port: 389 ( if using remotely make sure your Firewall allows connection via this port)
  • Username: CN=aduser,CN=Users,DC=bpmgeek,DC=com
  • Password: adpasswd

You can even use a tool called LDAP Explorer tool to connect and browse the directory structure.

 

Step 9: Managing additional Attributes of your Users

For managing additional attributes, right click on the DN of the user and click properties. You should see a list of properties that you can use. Some common ones that you can set are:

  • First Name : Use the attribute givenName
  • Last Name: Use the attribute sn
  • Email: Use the attribute mail
  • Phone: Use the attribute telephoneNumber
  • Display Name: Use the attribute displayName

 

Hope this post is useful. Comments and suggestions are welcome.


Abhishek Mishra
Good experience in working with BPM technologies like Savvion, JBPM. Founder and Chief Editor of BPMGeek.com. Founder of Savvion Business Manager Mobility Framework Savmobify| View my BPMGeek Profile
|
best grammar app

About BPMGeek

BPMGeek is an initiative to collaborate and communicate with the growing Business process management community out there. The goal is to help developers connect with experts, ask questions, post their learning and get understanding of BPM Concepts. Often tool specific knowledge of niche areas end up developers perplexed and confused - especially when there are very less number of resources available. We will be coming up several several new features. Have a look at our Roadmap here

BPMGeek is an independent entity not associated with any Product. All BPM product professionals are invited to contribute. The Logos and Names used across the site belong to their respective owners. The viewpoints mentioned by Individual contributors are their own. BPMgeek cannot be held liable for any issues arising out of it.


BPMgeek is promoting the Nounshoun English Grammar App - developed by Constellation Software.