IADsUser/LDAP Bind Authentication Problem

IADsUser/LDAP Bind Authentication Problem

Post by Mark Haroldso » Wed, 25 Sep 2002 11:10:43



Hi All;

I am using the ADSI to create new users in my
ActiveDirectory(IE: AdsOpenObject(), and ::Create
(L"USER"...). My problem is when I attempt to connect to
the AD instance, using LDAP V3 tools, AD does not validate
the password and allows the user to connect.

Here is the scenerio;

1) Create a new user "FOO" with a password of "BAR" using
the ADSI methods.

2) Use the softerra LDAP browser to connect to the same AD
instance, with the user of "FOO" and any password.

AD allows this user to connect, even if the password was
incorrect.

Has anyone seen this behaviour before? Is it a
configuration option?

Any idea's how I might further isolate the problem?

Any help would be greatly appreciated.

Thanks
Mark

 
 
 

1. Authentication and IADsUsers

Hi there,
I need a little to get me going on, but I can't seem to find any.
I've been asked to build this little app that would authenticate a
user with logon id and password and retrieve several information
about him from Active Directory.
I want this to be as flexible as possible. I don't want to provide any
name (domain or OU). That means getting information only with
a username and password.
If Windows can do this, why shouldn't we?

Here's what I've done so far :

   Const ADS_SECURE_AUTHENTICATION = &H1

   Dim objIADOpenDS As IADsOpenDSObject
   Dim objIADUser As IADSUser
   Dim objIAD As IADs

   Set objIADOpenDS = GetObject("LDAP:")

   Set objIAD = objIADOpenDS.OpenDSObject("LDAP://RootDSE", _
                               "username", "password", _
                               ADS_SECURE_AUTHENTICATION)

   '// Get info from cache. Get Info about domainDNS (objIAD.class)
   Set objIAD = objIADOpenDS.OpenDSObject("LDAP://" &
objIAD.Get("defaultNamingContext"), _
                               "username", vbNullString, _
                               ADS_SECURE_AUTHENTICATION)

   Set objIADOpenDS = Nothing
   Set objIADUser = Nothing
   Set objIAD = Nothing

This code works fine but I can't get the information about the user
(IADsUser).
I can't use "username" because AD searches the display names when
I use "CN=" and not the logon id.

Any help would be appreciated.

--
-----
Michel Gingras

2. Displaying virtual directory contents on a Web Page

3. How to get the IADsUser object from LDAP query string?

4. Problems with WMA playback on iPAQ

5. Working with IADsUser LDAP to WinNT

6. American market

7. ldap binding

8. Unable to bind to LDAP with multivalued RDNs using ADSI

9. Binding to an LDAP Server

10. LDAP Bind using ASP - Please help

11. LDAP SID Binding

12. LDAP bind with DN to Exchange 5.5