Application Security, Part 12

  • Article

So, that is the theory of how ADAM, MIIS, and Authorization Manager can facilitate application security. Let's see how they work together in practice. 

 

 

For that purpose, let us assume that we are a software vendor selling an applicationI to an organization, and let us assume that organization uses a directory service, and that directory service happens to be Active Directory. We agree that since the organization has already implemented MIIS, and since TaskVision II uses ADAM for its repository of user data, MIIS will be used as the source for the user data to be stored in ADAM, and also to keep the data in the Active Directory synchronized with the data in ADAM.

 

Our first task will be to install and configure ADAM on the server, and the next task will be to set up the channel of communication between the Active Directory and ADAM through MIIS. Then we will use Authorization Manager to specify the permissions for each user of the application.

So, let’s get started installing and configuring ADAM. One can install any number of ADAM directories on the same machine. Each one is called an instance. Each instance must have a unique port number. The default port number for an instance of ADAM is 389, which is the port number reserved for Active Directory. So, if you are installing ADAM on a domain server, the default port number for the first instance is 50000. The installation program offers to create an Application Directory Partition. An Application Directory Partition is a repository for an application’s data within ADAM. There can be any number of such partitions within a single ADAM instance. We are going to be creating the partition for our application programmatically, so we choose not to have the installation program create a partition for us. The last step in the installation process gives one the option of importing one or more LDAP Data Interchange Format, or LDIF, files that will add definitions of useful objects like, user, to the schema of the ADAM instance.

Once ADAM has been installed, a shortcut to the primary user interface for ADAM, which is a Management Consule snap-in called the ADAM ADSI Editor, is added to the server’s Start Menu. Note that the editor always defaults the port for the connection to 389, so be careful to change it to that of your particular ADAM instance, or you could wind up fiddling with your Active Directory inside the editor.

[This posting is provided "AS IS" with no warranties, and confers no rights.]