I have progressed a bit. At least I seems to have an install where ADAM and AzMan will coexist happily in the same ADAM instance, and I can retrieve a user from the ADAM store. I can also add roles to AzMan programatically, so that's all good. However, I still can't add an ADAM principal to AzMan as a member of a role.
This is supposed to work...
15 string roleName = "RetailUser";
16
17 MembershipUser user = Membership.GetUser("TestUser@bank.com");
18 Console.WriteLine(user.ProviderUserKey);
19
20 IAzAuthorizationStore2 azStore = new AzAuthorizationStoreClass();
21 azStore.Initialize(0, "msldap://localhost:50000/CN=Test,CN=AzMan,O=AzManPartition", null);
22 IAzApplication2 azApp = azStore.OpenApplication2("TestApp", null);
23
24 IAzTask task = azApp.CreateTask(roleName, null);
25 task.IsRoleDefinition = -1;
26 task.Submit(0, null);
27 IAzRole role = azApp.CreateRole(roleName, null);
28 role.AddTask(roleName, null);
29 role.Submit(0, null);
30
31 IAzRole newRole = azApp.OpenRole(roleName, null);
32
33
34 newRole.AddMember(user.ProviderUserKey.ToString(), null);
35 newRole.Submit(0, null);
And should result in TestUser@bank.com being added to the role "RetailUser".
Sadly, on that last line, I get
System.ArgumentException was unhandled
Message="Value does not fall within the expected range."
Source="Microsoft.Interop.Security.AzRoles"
StackTrace:
at Microsoft.Interop.Security.AzRoles.IAzRole.Submit(Int32 lFlags, Object varReserved)
at ADAMAz.Program.Main(String[] args) in C:\Documents and Settings\PCauldwell\My Documents\Visual Studio 2005\Projects\ADAMAz\ADAMAz\Program.cs:line 35
at System.AppDomain.nExecuteAssembly(Assembly assembly, String[] args)
at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args)
at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()
All I can figure is that AzMan doesn't like the SID as generated above.
I'm running this on XP SP2, with the 2003 Management tools, and ADAM SP1 installed. I'm fearing that I may have to run this on 2003 R2 to get it to work.