Install and Configure a Light Weight LDAP Directory for SharePoint

By: Manoj V | Comments | Related: > SharePoint Administration

Problem

Active Directory (AD) is an obvious choice for a user information store in Microsoft server environments. But if the requirement is to have an isolated light weight user store, Active Directory would be overkill or may not be appropriate.

Solution

The Microsoft solution would be Active Directory Application Mode (ADAM) or a SQL Server database. In a Windows Server 2003 environment, we have an ADAM user store and in Windows Server 2008 we have Active Directory Lightweight Directory Services (AD LDS). ADAM is a light weight LDAP directory that offers basic LDAP functions with a subset of Active Directory functionality. ADAM is the ideal solution in all the scenarios discussed above.

This article will guide us through installing and configuring ADAM on a Windows 2003 Server.

1. Installing ADAM

ADAM can be installed on Windows XP or Windows Server 2003 server OS.

a. To install ADAM, log on as an administrator, click Start -> Control Panel -> click Add or Remove Programs -> Add/Remove Windows Components.

b. Select the check box next to Active Directory Services, and then click Details.

c. Select the check box next to Active Directory Application Mode (ADAM) - click OK - click Next - click Finish. The message "You have successfully completed the Windows Component Wizard" appears, click Finish.

ADAM can also be installed using the installer from Microsoft which is available for download here.

Now we have enabled ADAM on our server. The next step is to create and configure the ADAM instance.

2. Create an ADAM Instance

a. We create an ADAM instance using Active Directory Application Mode Setup Wizard. To start the wizard click Start, point to All Programs, point to ADAM, and then click Create an ADAM instance. It looks similar to the below image:

b. Click Next on the Welcome Page and it takes us to the Setup Options page. Select the option Unique Instance because we are installing ADAM for first time on this server. Click Next.

c. In the next screen provide an instance name for this instance, click Next, configure port and click Next to move on to the Application Directory Partition screen.

d. Select the option "Yes, create an application directory partition" and key in a name for the partition and click Next. In the next screen provide the location to store ADAM Data and log files. The program files and administration tools would be installed in the ADAM folder in Windows installation directory.

e. In the next screen select the service account to use with the ADAM instance. Default value here is the Network Service account and we could stick to this. In the next page we select a service or group which will be the default administrator for this ADAM instance. Lets keep the option currently logged in user and proceed to next screen, Import LDIF files.

f. The LDIF files are required so that we can create the directory schema. We will select and add MS-InetOrgPerson.LDF, MS-User.LDF, and MS-UserProxy.LDF. Click Next and click Finish to complete the setup process.

NOTE: If there are any error messages check the "adamsetup.log" and "adamsetup_loader.log" in the "Windows\Debug" folder

3. Configure ADAM Instance for setting up User store

The ADAM instance runs as a standard service and not a system service. It can be started or stopped through the Services MMC. Here are the steps to create and configure Users and containers:

a. The main administration tool for ADAM is 'ADAM ADSI Edit'. To access it Click Start -> All Programs -> ADAM, and then click ADAM ADSI Edit. In the console tree, click ADAM ADSI Edit to open the snap-in.

b. Next we open a connection to the ADAM instance we created earlier. Right click ADAM ADSI Edit -> click 'Connect to' and it opens the Connection Settings screen. Key in a connection name. Server Name is the host name of the computer running the ADAM instance. For the Port number, Distinguished name (DN) or naming context, provide the value we entered while creating ADAM instance. Select the default value for the credentials and click OK. This creates a connection to our instance as shown below.

c. We can connect to multiple instances using this tool if required. Expand the connection we created and it displays the default structure. To create Users in ADAM, create a container for USERS. Right click on the Partition name. Click New, Select Object...

d. Select 'container' as class and name the object (for example: Users).

e. Here is the result

f. To create a test user create another object container of class type User in the Users container we just created. I have named the user Manoj.

Click the 'More Attributes' button for providing custom settings or Click 'finish' to create the USER.

Here is the resulting structure after creating 3 users:

By default, an ADAM instance running on Windows Server 2003 automatically enforces any local or domain password policies that exist.

(Note: If we create a new ADAM user, and we assign a password to that user which does not meet the requirements of the password policy in effect, the user will be disabled. If the server on which ADAM is running belongs to a workgroup, the server's local password policy settings and account lockout settings are implemented. If the server on which ADAM is running belongs to a domain, the password policy settings and account lockout settings from Active Directory are implemented.)

We can manage user settings using attributes. For example, we can enable or disable a User by setting the msDS-UserAccountDisabled attribute to True or False.

Now we have a user store where we can create and manage users and groups. We could use this ADAM instance for applications like SharePoint and configure it for Forms Based Authentication (FBA).