How to make a serverless bind to LDAP

How to make a serverless bind to LDAP

Post by Phanidha » Fri, 04 Jul 2003 20:59:29



Hi,
 I'm using my LDAP server to do one level of validation
for users using directory services in .NET.
 My conectionstring is something like this.

DirectoryEntry adsUsers = new DirectoryEntry
("LDAP://myserver",strUserName,strPassword);

  In the above connection string, the server name is
harcoded. I want to make a server-less bind to LDAP. But I
get some problems when I make a server-less bind using
something like "LDAP://dc=fa,dc=com" where 'fa' is my
domain name.The connection succeeds only on multiple
attempts and it's really inconsistent.
 I need a way where I can make a serverless bind which is
reliable and consistent.
 Any help will be greatly appreciated.
Thanking you in advance.
Regards
Phanidhar

 
 
 

How to make a serverless bind to LDAP

Post by MVP - ADS » Fri, 04 Jul 2003 23:10:52


Serverless binding requires that the current thread token be a domain
account.  If this is ASP.NET under IIS5 and you are using the default
processModel with the ASPNET local machine account, you probably don't have
a domain account (unless you are using impersonation successfully).  This
can be corrected by changing the processModel to SYSTEM or a domain account
or using impersonation.

http://support.microsoft.com/default.aspx?scid=kb;en-us;329986

If the application is a forms or console app, then you shouldn't have any
problems unless you are running under a local machine account.

Provide more details on the environment if you are still stuck.

HTH,

Joe K.


Quote:> Hi,
>  I'm using my LDAP server to do one level of validation
> for users using directory services in .NET.
>  My conectionstring is something like this.

> DirectoryEntry adsUsers = new DirectoryEntry
> ("LDAP://myserver",strUserName,strPassword);

>   In the above connection string, the server name is
> harcoded. I want to make a server-less bind to LDAP. But I
> get some problems when I make a server-less bind using
> something like "LDAP://dc=fa,dc=com" where 'fa' is my
> domain name.The connection succeeds only on multiple
> attempts and it's really inconsistent.
>  I need a way where I can make a serverless bind which is
> reliable and consistent.
>  Any help will be greatly appreciated.
> Thanking you in advance.
> Regards
> Phanidhar


 
 
 

How to make a serverless bind to LDAP

Post by Phanidha » Sat, 05 Jul 2003 15:51:09


Hi,
 Many thanks for ur reply.
 My application is a forms based application.here is my
code.
************************************
DirectoryEntry adsUsers = new DirectoryEntry
("LDAP://myserver",strUserName,strPassword);

DirectorySearcher userSearcher = new DirectorySearcher
(adsUsers);

userSearcher.Filter = "(&(objectClass=user)
(sAMAccountName="+strUserName+"))";

usersearchResult = userSearcher.FindOne();
***************************************
if 'usersearchResult' yields a valid result i declare that
the user is valid otherwise i say that the user is invalid.

  I get the username and password from a froms based UI. I
want this code to work without a explicit server bind
assuming that i get the domain information(dc=fa,dc=com
where my domain name id 'fa')at runtime.
 As i said before, when i change the connection string to
something like
 DirectoryEntry adsUsers = new DirectoryEntry
("LDAP://dc=fa,dc=com",strUserName,strPassword);
 I'm not getting consistent result. After a few
unsuccessful attempts, i'm thru. The behaviour is really
inconsistent.
 please let me know how i can resolev this issue. Also pls
vvalidate my user authentication logic.
Thanking you in advance.
Regards
Phanidhar

Quote:>-----Original Message-----
>Serverless binding requires that the current thread token
be a domain
>account.  If this is ASP.NET under IIS5 and you are using
the default
>processModel with the ASPNET local machine account, you
probably don't have
>a domain account (unless you are using impersonation

successfully).  This
>can be corrected by changing the processModel to SYSTEM
or a domain account
>or using impersonation.

>http://support.microsoft.com/default.aspx?scid=kb;en-
us;329986

>If the application is a forms or console app, then you
shouldn't have any
>problems unless you are running under a local machine
account.

>Provide more details on the environment if you are still
stuck.

>HTH,

>Joe K.



>> Hi,
>>  I'm using my LDAP server to do one level of validation
>> for users using directory services in .NET.
>>  My conectionstring is something like this.

>> DirectoryEntry adsUsers = new DirectoryEntry
>> ("LDAP://myserver",strUserName,strPassword);

>>   In the above connection string, the server name is
>> harcoded. I want to make a server-less bind to LDAP.
But I
>> get some problems when I make a server-less bind using
>> something like "LDAP://dc=fa,dc=com" where 'fa' is my
>> domain name.The connection succeeds only on multiple
>> attempts and it's really inconsistent.
>>  I need a way where I can make a serverless bind which
is
>> reliable and consistent.
>>  Any help will be greatly appreciated.
>> Thanking you in advance.
>> Regards
>> Phanidhar

>.

 
 
 

How to make a serverless bind to LDAP

Post by MVP - ADS » Sun, 06 Jul 2003 02:43:02


Hi Phanidhar,

If the forms app is running under a domain account, you should be able to
bind without specifying a server name or a username and password.  The
server to use should be inferred from the current domain account and the
credentials for the account should also be used automatically.  You might
want to specify AuthenticationTypes.Secure to force a Windows security bind
to the directory.

Other than that, I'm not sure why you would be having consistency problems.
You might also consider binding to rootDSE and reading the
defaultNamingContext attribute to use at the DN for your search root.
Something like this (I'm not a C# programmer usually and this is off the top
of my head, but hopefully you get the idea):

DirectoryEntry rootDSE = new DirectoryEntry("LDAP://rootDSE", null, null,
AuthenticationTypes.Secure);
DirectoryEntry searchRoot = new DirectoryEntry("LDAP://" + (string)
rootDSE.Properties["defaultNamingContext"].Value, null, null.
AuthenticationTypes.Secure);
DirectorySearcher userSearcher = new DirectorySearcher(searchRoot);

You could also continue to prompt for username and password if you want the
user to be able to supply alternate credentials.

HTH,

Joe K.


> Hi,
>  Many thanks for ur reply.
>  My application is a forms based application.here is my
> code.
> ************************************
> DirectoryEntry adsUsers = new DirectoryEntry
> ("LDAP://myserver",strUserName,strPassword);

> DirectorySearcher userSearcher = new DirectorySearcher
> (adsUsers);

> userSearcher.Filter = "(&(objectClass=user)
> (sAMAccountName="+strUserName+"))";

> usersearchResult = userSearcher.FindOne();
> ***************************************
> if 'usersearchResult' yields a valid result i declare that
> the user is valid otherwise i say that the user is invalid.

>   I get the username and password from a froms based UI. I
> want this code to work without a explicit server bind
> assuming that i get the domain information(dc=fa,dc=com
> where my domain name id 'fa')at runtime.
>  As i said before, when i change the connection string to
> something like
>  DirectoryEntry adsUsers = new DirectoryEntry
> ("LDAP://dc=fa,dc=com",strUserName,strPassword);
>  I'm not getting consistent result. After a few
> unsuccessful attempts, i'm thru. The behaviour is really
> inconsistent.
>  please let me know how i can resolev this issue. Also pls
> vvalidate my user authentication logic.
> Thanking you in advance.
> Regards
> Phanidhar

> >-----Original Message-----
> >Serverless binding requires that the current thread token
> be a domain
> >account.  If this is ASP.NET under IIS5 and you are using
> the default
> >processModel with the ASPNET local machine account, you
> probably don't have
> >a domain account (unless you are using impersonation
> successfully).  This
> >can be corrected by changing the processModel to SYSTEM
> or a domain account
> >or using impersonation.

> >http://support.microsoft.com/default.aspx?scid=kb;en-
> us;329986

> >If the application is a forms or console app, then you
> shouldn't have any
> >problems unless you are running under a local machine
> account.

> >Provide more details on the environment if you are still
> stuck.

> >HTH,

> >Joe K.



> >> Hi,
> >>  I'm using my LDAP server to do one level of validation
> >> for users using directory services in .NET.
> >>  My conectionstring is something like this.

> >> DirectoryEntry adsUsers = new DirectoryEntry
> >> ("LDAP://myserver",strUserName,strPassword);

> >>   In the above connection string, the server name is
> >> harcoded. I want to make a server-less bind to LDAP.
> But I
> >> get some problems when I make a server-less bind using
> >> something like "LDAP://dc=fa,dc=com" where 'fa' is my
> >> domain name.The connection succeeds only on multiple
> >> attempts and it's really inconsistent.
> >>  I need a way where I can make a serverless bind which
> is
> >> reliable and consistent.
> >>  Any help will be greatly appreciated.
> >> Thanking you in advance.
> >> Regards
> >> Phanidhar

> >.

 
 
 

How to make a serverless bind to LDAP

Post by Phanidha » Mon, 07 Jul 2003 22:32:36


Hi,
 many thanks for ur help. I'll try to bing
to 'rootDSE'.THank you once again.
Regards
Phani

Quote:>-----Original Message-----
>Hi Phanidhar,

>If the forms app is running under a domain account, you
should be able to
>bind without specifying a server name or a username and
password.  The
>server to use should be inferred from the current domain
account and the
>credentials for the account should also be used

automatically.  You might
Quote:>want to specify AuthenticationTypes.Secure to force a

Windows security bind
Quote:>to the directory.

>Other than that, I'm not sure why you would be having

consistency problems.
Quote:>You might also consider binding to rootDSE and reading the
>defaultNamingContext attribute to use at the DN for your
search root.
>Something like this (I'm not a C# programmer usually and
this is off the top
>of my head, but hopefully you get the idea):

>DirectoryEntry rootDSE = new DirectoryEntry

("LDAP://rootDSE", null, null,
Quote:>AuthenticationTypes.Secure);
>DirectoryEntry searchRoot = new DirectoryEntry("LDAP://"
+ (string)
>rootDSE.Properties["defaultNamingContext"].Value, null,
null.
>AuthenticationTypes.Secure);
>DirectorySearcher userSearcher = new DirectorySearcher
(searchRoot);

>You could also continue to prompt for username and

password if you want the
>user to be able to supply alternate credentials.

>HTH,

>Joe K.



>> Hi,
>>  Many thanks for ur reply.
>>  My application is a forms based application.here is my
>> code.
>> ************************************
>> DirectoryEntry adsUsers = new DirectoryEntry
>> ("LDAP://myserver",strUserName,strPassword);

>> DirectorySearcher userSearcher = new DirectorySearcher
>> (adsUsers);

>> userSearcher.Filter = "(&(objectClass=user)
>> (sAMAccountName="+strUserName+"))";

>> usersearchResult = userSearcher.FindOne();
>> ***************************************
>> if 'usersearchResult' yields a valid result i declare
that
>> the user is valid otherwise i say that the user is
invalid.

>>   I get the username and password from a froms based
UI. I
>> want this code to work without a explicit server bind
>> assuming that i get the domain information(dc=fa,dc=com
>> where my domain name id 'fa')at runtime.
>>  As i said before, when i change the connection string
to
>> something like
>>  DirectoryEntry adsUsers = new DirectoryEntry
>> ("LDAP://dc=fa,dc=com",strUserName,strPassword);
>>  I'm not getting consistent result. After a few
>> unsuccessful attempts, i'm thru. The behaviour is really
>> inconsistent.
>>  please let me know how i can resolev this issue. Also
pls
>> vvalidate my user authentication logic.
>> Thanking you in advance.
>> Regards
>> Phanidhar

>> >-----Original Message-----
>> >Serverless binding requires that the current thread
token
>> be a domain
>> >account.  If this is ASP.NET under IIS5 and you are
using
>> the default
>> >processModel with the ASPNET local machine account, you
>> probably don't have
>> >a domain account (unless you are using impersonation
>> successfully).  This
>> >can be corrected by changing the processModel to SYSTEM
>> or a domain account
>> >or using impersonation.

>> >http://support.microsoft.com/default.aspx?scid=kb;en-
>> us;329986

>> >If the application is a forms or console app, then you
>> shouldn't have any
>> >problems unless you are running under a local machine
>> account.

>> >Provide more details on the environment if you are
still
>> stuck.

>> >HTH,

>> >Joe K.



>> >> Hi,
>> >>  I'm using my LDAP server to do one level of
validation
>> >> for users using directory services in .NET.
>> >>  My conectionstring is something like this.

>> >> DirectoryEntry adsUsers = new DirectoryEntry
>> >> ("LDAP://myserver",strUserName,strPassword);

>> >>   In the above connection string, the server name is
>> >> harcoded. I want to make a server-less bind to LDAP.
>> But I
>> >> get some problems when I make a server-less bind
using
>> >> something like "LDAP://dc=fa,dc=com" where 'fa' is my
>> >> domain name.The connection succeeds only on multiple
>> >> attempts and it's really inconsistent.
>> >>  I need a way where I can make a serverless bind
which
>> is
>> >> reliable and consistent.
>> >>  Any help will be greatly appreciated.
>> >> Thanking you in advance.
>> >> Regards
>> >> Phanidhar

>> >.

>.

 
 
 

1. Serverless binding

Hi:
We want to user serverless binding, as followings.

 hr = ADsGetObject(L"LDAP://rootDSE", IID_IADs, (void**)&pRootDSE);

on the AD server, this line works well. but if on a member server, this line
return ADsGetObject failed: 0x8007054b
which is Domian not found.
I've already add the member server to the domain, Who can tell me why? What
should I do to prevent this?
Thanks
Sidney

2. programming MC68HC711E9

3. LDAP Bind using ASP - Please help

4. FP2000 messes up pasted DHTML?

5. Binding to an LDAP Server

6. 4500 or 4500M that is the question.

7. IADsUser/LDAP Bind Authentication Problem

8. OS/2 install problem on 6x86

9. Unable to bind to LDAP with multivalued RDNs using ADSI

10. ldap binding

11. LDAP SID Binding

12. LDAP bind with DN to Exchange 5.5

13. Cannot bind to LDAP Active Directory server