Application Security, Part 20

  • Article

Everything is now in place for the users in the YourApplicationUsers group within Active Directory to be provisioned in ADAM.   So, we go to the MIIS Identity Manager and clear out the connector spaces for the ADAM and Active Directory management agents. Then, we have the ADAM management agent do an import. You might ask why we would do that: isn’t the objective to import from Active Directory and export to ADAM? Well, that is true, but we want to provision the users within the Users container in ADAM, and our provisioning rule extension was written to do that, but in order for that code to work, the Users container must exist in the ADAM connector space. Then, user objects projected from Active Directory into the meta-verse will be created within the Users container in the ADAM connector space, and subsequently exported from that container in the connector space to the corresponding container within ADAM itself. Once the import from ADAM to the ADAM connector space has been completed, we can proceed to have the Active Directory management agent execute an import, during that process our rule extension for the management agent will run to vet each potential projection from the connector space to the meta-verse to confirm that the object to be projected is a user belonging to the YourApplicationUsers group in Active Directory. We have the management agent execute the import process twice to take into account user objects being processed before the TaskVisionUsers group object that has to be examined first to determine which user objects belong to that group. Once the import process has been executed for the second time, the ADAM management agent can be made to run its export process, which will accomplish our grand objective, of having the users within the YourApplicationUsers group in Active Directory provisioned into ADAM. So, once the agent has finished executing, we refresh our view of the Users container in ADAM to confirm that, indeed, the four users from the YourApplicationUsers group in Active Directory are now in ADAM.