Active Directory Application Mode
From the Wikipedia
Active Directory Application Mode (ADAM) is a light-weight implementation of Active Directory. ADAM is capable of running as a service, on computers running Microsoft Windows Server 2003 or Windows XP Professional. ADAM shares the code base with Active Directory and provides the same functionality as Active Directory, including an identical API, but does not require the creation of domains or domain controllers.
Like Active Directory, ADAM provides a Data Store, which is a hierarchical datastore for storage of directory data, a Directory Service with an LDAP Directory Service Interface. Unlike Active Directory, however, multiple ADAM instances can be run on the same server, with each instance having its own and required by applications making use of the ADAM directory service.
In Windows Server 2008, ADAM has been renamed AD LDS (Lightweight Directory Services)
Sometimes you need to store certain configurations at the central place which are required by different applications running at different places or might be different users need to access this information. For instance hard coding passwords of network devices into scripts deployed at different monitoring machines; this configuration information can be stored centrally. Support of LDAP exists in almost every platform; from PERL to .NET!
When you install ADAM; no ADAM instance is configured; rather you get the option to create ADAM instance. ADSI Edit is the MMC based tool through which you can access the ADAM instances. One hidden tool is ADAM Schema which is MMC Snap-in that you can add after firing MMC. Lets go through a scenario in which we want to store information about certain network devices; say routers and want to access this information from the PERL script running in *nix.
First we will create an ADAM instance choosing a unique instance, and naming the instance Apps. We have to create an application directory partition giving it proper distinguished name.
While setting it up; we need to import the available LDIF (Lightweight Directory Interchange Format) files; these available schema files will later be used when we will be creating users and giving them roles to access our directory partition.
Then using ADSI Edit; connect to the three well known naming contexts of your configured ADAM instance. Using RootDSE context; LDAP client can learn more about your directory partition like whats its name etc. With Schema context you can extend the partition schema and with Configuration schema you can access and manage the data.
Next we need to use ADAM Schema Snapin to extend the schema of our partition. Fire up MMC and and from File > Add/Remove Snapin add the ADAM Schema Snapin and connect to your configured ADAM instance. You will see Classes and Attributes. Next we need OIDGEN.exe; which is Windows 2000 Resource Kit tool (Google it) through which we can generate X500 OIDs for our new Attributes and Classes.
For our scenario; I created three attributes; IpAddress, Login and Password. If we dont want Min/Max configs; simply leave them blank!
Attribute Base OID:
1.2.840.113556.1.4.7000.233.28688.28684.8.281218.1.640586.1573940.517016
1 IpAddress
2 Login
3 Password
For our scenario we need one class; NetworkDevice
Class Base OID:
1.2.840.113556.1.5.7000.111.28688.28684.8.304224.1.845399.1625543.239673
1 NetworkDevice
And we need to add our attributes as Mandatory!
Our schema is now ready; next we need to create a Container in our application partition and couple of instances of our newly defined class. For this we will use ADSI Edit. Stay tuned for the next part in which I will cover how to add data; and access that from the PERL script!