pp108 : Configuring an Active Directory

Configuring an Active Directory
This topic describes the procedure for configuring an active directory.


Process Platform can be configured to authenticate against any active directory. In this topic we describe the steps for installing and configuring Active Directory Application Mode (ADAM). ADAM is a Lightweight Directory Access Protocol (LDAP) directory service developed by Microsoft. You can replicate these steps with any active directory you are using in your application.

  1. To create a self signed certificate, do the following:
    1. Download and install IIS Resource Kit from http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&displaylang=en
    2. Click Start > Programs > IIS Resources > SelfSSL > SelfSSL The SelfSSL command prompt window appears.
    3. Create a self signed certificate for computer my.computer.com. Type the following in the command prompt, with your computer's fully qualified domain name, port 636 (default ssl port of ADAM) with 365 days of validity. : 
      cd C:\Program Files\IIS Resources\SelfSSL> selfssl /T /N:CN=my.computer.com /P:636 /V:365

    4. Type y when you are prompted for resetting the SSL settings.
  2. To check the self signed certificate with IIS, do the following:
    1. In the command prompt, type iisreset to reset IIS.
    2. Close the command prompt window.
    3. Type https://localhost:636 in the address bar of the browser. The Web server recognizes the certificate.
  3. Download and install ADAM from http://www.microsoft.com/downloads/details.aspx?FamilyId=9688F8B9-1034-4EF6-A3E5-2A2A57B5C8E4&displaylang=en.
  4. To create ADAM Instance, do the following:
    1. Click Start > Programs > ADAM > Create ADAM Instance. The Active Directory Application Mode Setup Wizard appears.
    2. Click Next.
    3. Select A unique instance and click Next.
    4. Type a name in Instance Name text box and click Next.
    5. You can use default values for ports (636,389) and click Next.
    6. Select Yes, create an application directory partition option and type the Partition Name. For example CN=MyOrganization,DC=MyCountry,DC=COM.
    7. Click Next.
    8. You can use default values for file location and click Next.
    9. Select Network Service Account and click Next.
    10. Select Current logged on user: <user name> and click Next. The user installing ADAM will have Administrator privileges on the current instance of ADAM.
    11. Select Import the selected LDIF for this instance of ADAM, select all the LDIF files under the Available files area and move them to the Selected LDIF files section using the Add.
    12. Click Next. The Ready to Install page appears.
    13. Verify the information in the Ready to Install page and click Next. If the details are incorrect, click Back to go back to the specific page.
    14. Click Finish to complete the installation.
  5. Add user to ADAM Instance
    1. Navigate to Start > Programs > ADAM > ADAM ADSI Edit.
    2. Select ADAM ADSI Edit in the tree.
    3. Click Action > Connect to. The Connection Settings dialog box appears. Type a name in Connection name field. Select Distinguised name option and type an ADAM instance partition name. For example, CN=MyOrganization,DC=MyCountry,DC=COM. Then click OK button.
    4. In the tree structure navigate to the Partition Name given in the previous step.
    5. Click Action > New > Object.... The Create Object wizard appears.
    6. Select user in the Select as class and click Next.
    7. Type a name in the Value text box and click Next and then click Finish.
    8. Click Action > Connect to. The Connection Settings dialog box appears. Type a name in Connection name field and click OK.
    9. Navigate to CN=Configuration, CN=<serial number> > CN=Services > CN=Windows NT, right-click CN=Directory Service and click Properties.
    10. Select the attribute dsHeuristics and click Edit to change the value to '0000000001001' to enable password resetting without secure connection.


      Note: Ensure to clear this value after resetting the password.


    11. Select the created user under the Partition Name. Click Action > Reset password. Type a password.
  6. Configure ADAM for generated certificate
    1. Change security of the new key to readable for user running ADAM service (Network Service). To find out the new key sort the files in the following directory on date: C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys
    2. Type mmc in the command prompt. The Console window appears.
    3. To add Computer Account Snap in, click File > Add/Remove Snap In. Click Add. Select Certificates. Click Add and select Computer Account and follow the wizard.
    4. To add ADAM service Snap in, click File > Add/Remove Snap In Click Add. Select Certificates. Click Add and select Service Account. Follow the wizard and select Local computer and then ADAM Instance.
    5. Find certificates on the local machine.
    6. Select certificate: my.computer.com
    7. Copy Selected certificate to Certificates - Service ('ADAM Instance Name') on Local Computer - 'ADAM Instance Name'\Personal
    8. To export certificate, click Action > All Tasks > Export, click Next and then select No, do not export the private key option. Select Der encoded, select c:\tmp\root.cer and then click Finish.
    9. Restart ADAM service instance.
  7. Type the following in the command prompt to load the exported certificate in Java key store 
    cd %JAVA_HOME%\jre\lib\security keytool -import -alias test -file c:\tmp\root.cer -keystore cacerts

    1. You will be prompted to change the default password of java key store. You must choose 'yes'. The default password is 'changeit'
    2. Type the following in the command prompt to remove an already installed certificate 
      keytool -delete -alias test -keystore cacerts