Allowing anonymous bind

In order for ISAM to be configured with Active Directory Lightweight Directory Service (AD LDS), AD LDS must be configured to allow anonymous bind.

By default, AD LDS does not allow anonymous bind. Security Verify Access configuration, however, uses anonymous bind to check on the validity of the configured LDAP host name, port, and SSL parameters.

If we want to disable anonymous bind during normal operation, we can reset the option on the AD LDS server after configuration is complete.

Steps

1. Start the ADSI Edit program Adsiedit.msc.

2. On the Action menu, click Connect To.

3. In the Connection name field, we can type a label under which this connection appears in the console tree of AD LDS ADSI Edit. For this connection, type: Configuration.

4. Under Connection Point, select well known Naming Context and choose Configuration from the list.

5. Under Computer, enter the server name and port for the AD LDS instance in the Select or type a domain or server section. If the AD LDS instance is on the local system, we can use localhost as the server name.

6. Click OK. The term, Configuration, must now appear in the console tree.
7. Expand the Configuration subtree by double-clicking Configuration.
8. Double-click CN=Configuration,CN=GUID, where GUID was generated when the configuration of the AD LDS instance was performed.
9. Double-click the CN=Services folder to expand it, and then double-click CN=Windows NT.
10. Highlight and right-click CN=Directory Service and click Properties.

11. Click dsHeuristics.

12. Click Edit.

13. Edit the value. Modify the seventh character (counting from the left) to 2. The value must be similar to 0000002001001 in the String Attribute Editor.

14. Click OK.

15. Click OK. Anonymous bind is now allowed.

What to do next

If we are setting up SSL communication, see Configure Active Directory Lightweight Directory Service (AD LDS) to use SSL.

Parent topic: Microsoft Active Directory Lightweight Directory Service (AD LDS) installation