How to use ADAM Principals in Authorization Manager (AzMan) for Fine Grain Authorization

Check out this really cool post from the AzMan Team blog! https://blogs.msdn.com/azman/archive/2006/05/06/591230.aspx 

The ADAM and AzMan teams got together to show how to use ADAM principals with AzMan.  Sudheer, Authorization Manager Team, provides a description and csharp / C# code from that effort. Note: you need to be using Windows 2003 SP 1, the updated Win2k3 Admin Pack for XP or the updated Win2k backport. 

Regards,
David

Comments

  • Anonymous
    January 16, 2008
    I am folowing the design pattern for using ADAM for roles in ASP.Net(http://msdn2.microsoft.com/en-us/library/ms998331.aspx) I have a web application, in which all the users for this application are present in the AD. But I dont want to create roles for my application inside AD. So I am planning to use ADAM as a role store. I am following the above link to implement ADAM as role store. Everything worked fine, But I have a few questions. I have imported the azman.ldf (which is the schema for Azman) while creating my ADAM instance. I opened the azman, created a store in my ADAM instance, then created an application. Created a role named "Reader" and added some windows users to these roles from Azman. Now , when I open the "ADAM ADSI EDIT" and connected to my ADAM instance. When I browsed it, I could see the roles that I created in Azman in it. But it doesnt show me the users added to the roles. Now I am confused. When I add a user to a role from AD to Azman thru Azman, what is happening in the backgroud? Is the user attributes available in ADAM?
  • If yes, why I am not able to see the user? How can I edit the user attributes from ADAM? Can I add some extra attributes to the user?
  • If the user doesnt exist, I wonder how I will do the synchronisation of AD and ADAM? If a user gets deleted from AD, how will my ADAM gets to know about it?