Connecting to AD LDS (ADAM)

AD Lightweight Directory Service (AD LDS) is a lighter version of Active Directory Domain Services that provides the means to maintain extranet directories separate from your Active Directory, create information consolidation stores, and authenticate web users with LDAP-based authentication. EmpowerID manages AD LDS in the same way that it manages an Active Directory account store.

Create an account store for AD LDS

  1. In the navigation sidebar, expand Admin > Applications and Directories and then click Account Stores and Systems.

  2. On the Account Stores page, click Create Account Store.

     

  3. Under System Types, search for LDS.

  4. Click Active Directory LDS (ADAM) to select the type and then click Submit.

     

  5. On the ADAM Settings page that appears, fill in the following information:

    1. Name and Display — Enter a name for the account store

    2. AD LDS Server — Enter the name of the Active Directory LDS server and the port number if other than 389. The format is Server Name:Port Number. If you are using LDAPS, type the Subject name of the certificate for the domain controller to which you are connecting followed by port 636 in the FQDN of Forest field. Thus, if the Subject name is "dc01.eiddoc.com," you enter dc01.eiddoc.com:636.

    3. Partition Suffix — Enter the partition suffix, for example: CN=PROD,DC=TheDotNetFactory,DC=COM

    4. Domain — Leave blank if using a native AD LDS user account or enter the name of the domain that the server hosting the AD LDS instance is a member of, e.g., PROD

    5. User Name — Enter the AD Account or the distinguished name of the AD LDS account, such as CN=Directory Manager,CN=Roles,DC=MyCompanyLDS,Dc=Com

    6. Password — Enter connection credentials that EmpowerID can use to manage AD LDS.

    7. Is Remote (Requires Cloud Gateway) — This setting appears for account stores with local directories, such as Active Directory, LDAP, SAP, etc. When enabled, this tells EmpowerID to use the Cloud Gateway Connection for that account store. The Cloud Gateway Connection must be installed on an on-premise machine. For installation information, please see Installing the EmpowerID Cloud Gateway Client.

  6. When ready click Submit to create the account store.

  7. EmpowerID creates the account store and the associated resource system. The next step is to configure attribute flow between the account store and EmpowerID.

Now that the attribute flow has been set, the next steps include configuring the account store and enabling EmpowerID to inventory it.

 

Configure account store settings

  1. On the Account Store and Resource System page, click the Account Store tab and then click the pencil icon to put the account store in edit mode.


    This opens the edit page for the account store. This page allows you to specify the account proxy used to connect EmpowerID to your AD LDS instance as well as how you want EmpowerID to handle the user information it discovers in AD LDS during inventory. Settings that can be edited are described in the table below the image.


  2. Edit the account store as needed and then click Save to save your changes.

Next, enable the Account Inbox permanent workflow to allow the Account Inbox to provision or join the user accounts in AD LDS to EmpowerID Persons as demonstrated below.

EmpowerID recommends using the Account Inbox for provisioning and joining.