Friday, May 22, 2015

ADFS : Installing ApacheDS

Huh - what does ApacheDS have to do with ADFS?

I'm looking at Server Technical Preview 2 - aka Server 2016 - with ADFS 4.0.

This has the ability to use an LDAP as an alternative authentication source. So I decided to use ApacheDS.

I'm running on Windows. I ran up an Azure VM preconfigured with the image from the gallery using my MSDN subscription. I used Basic / A1 in SE Asia. I initially tried Australia as it's geographically closer but that was too damn slow - almost unusable.

Because I have ADFS and that needs AD, I also made that VM a DC in a forest of one. That also means that port 389 is now used.

Also, somewhat disappointed that you have to have AD. When I first read the announcement, I thought that ADFS could now authenticate against an LDAP without AD. That's what a lot of my customers have. I suppose you could always run up a "dummy" AD.

The thinking seems to be that you use AD for internal user authentication and the LDAP for external user authentication

Good article here: Getting started with ApacheDS – LDAP Server and Directory Studio.
  • Install Java. 
  • Remember the Java Home directory.
  • Install ApacheDS - will ask for the Home directory,
  • Install Directory Studio - will ask for the Home directory.
And then?

Found the answer in the above article:

"Set Bind DN or User to the value uid=admin,ou=system and Bind password to secret."

Note the port is 10389.

And then I was away.

More soon.

Enjoy!

No comments: