Before connecting EmpowerID to an external directory, please review the Getting Started with Directory Systems topic. The topic walks you through the prerequisites you need to complete before connecting to an external directory for the first time. These prerequisites include:
|
AD Lightweight Directory Service (AD LDS) is a lighter version of Active Directory Domain Services that provides the means to maintain extranet directories separate from your Active Directory, create information consolidation stores, and authenticate web users with LDAP-based authentication. EmpowerID manages AD LDS in the same way that it manages an Active Directory account store.
This topic serves as a quick "how-to" on connecting EmpowerID to an AD LDS account store. For a fuller discussion of the process involved with connecting to account stores, see Connecting to Active Directory. |
In the Choose Servers page that appears, there is a list of servers running the EmpowerID Web Role service.
This list contains servers running the EmpowerID Web Role Service where the LDAP Management Host Web Service is enabled. (The LDAP Management Host Web Service is responsible for LDAP communications and is enabled by default on each server running the EmpowerID Web Role service.) The EmpowerID Web Role service must be started on a server for that server to show up on the Choose Servers page. |
Select the server or servers to register and click Submit.
The AD LDS (ADAM) Settings page appears, where you enter settings to connect to your Active Directory LDS to allow EmpowerID to discover and connect to it.
In the AD LDS Server field, enter the name of the Active Directory LDS server and the port number if other than 389. The format is Server Name:Port Number.
If you are using LDAPS, type the Subject name of the certificate for the domain controller to which you are connecting followed by port 636 in the FQDN of Forest field. Thus, if the Subject name is "dc01.eiddoc.com," you enter dc01.eiddoc.com:636. |
In the Domain field, leave blank if using a native AD LDS user account or enter the name of the domain that the server hosting the AD LDS instance is a member of, e.g., PROD
In the User Name field, enter the AD Account or the distinguished name of the AD LDS account, such as CN=Directory Manager,CN=Roles,DC=MyCompanyLDS,Dc=Com
If you are using LDAPS, only a native AD LDS user account is supported. |
This user account must have read access to the partition that holds the objects in the AD LDS instance. You can change this at any time. |
In the Password field, enter connection credentials that EmpowerID can use to manage AD LDS.
Click Submit.
In the Security Boundary Details screen that appears, click the Account Stores tab and then double-click the Account Store in the Account Stores grid or right-click it and select Edit from the context menu.
This opens the Account Store ADAM Details screen, which is where you adjust the settings for managing the AD LDS account store.
|
|
|