I'm looking at Server Technical Preview 2 - aka Server 2016 - with ADFS 4.0.
This has the ability to use an LDAP as an alternative authentication source. So I decided to use ApacheDS.
I'm running on Windows. I ran up an Azure VM preconfigured with the image from the gallery using my MSDN subscription. I used Basic / A1 in SE Asia. I initially tried Australia as it's geographically closer but that was too damn slow - almost unusable.
Because I have ADFS and that needs AD, I also made that VM a DC in a forest of one. That also means that port 389 is now used.
Also, somewhat disappointed that you have to have AD. When I first read the announcement, I thought that ADFS could now authenticate against an LDAP without AD. That's what a lot of my customers have. I suppose you could always run up a "dummy" AD.
The thinking seems to be that you use AD for internal user authentication and the LDAP for external user authentication
Good article here: Getting started with ApacheDS – LDAP Server and Directory Studio.
- Install Java.
- Remember the Java Home directory.
- Install ApacheDS - will ask for the Home directory,
- Install Directory Studio - will ask for the Home directory.
Found the answer in the above article:
"Set Bind DN or User to the value uid=admin,ou=system and Bind password to secret."
Note the port is 10389.
And then I was away.