DirectoryEntry vs IADsOpenDSObject Authentication - differences?

DirectoryEntry vs IADsOpenDSObject Authentication - differences?

Post by Mat » Fri, 02 May 2003 03:08:06



What is the difference between authentication with the DirectoryEntry
object vs the IADsOpenDSObject? I have code that works when I use a
provided ID and password with the DirectoryEntry object but fails with
the IADsOpenDSObject. Both objects use the same ID and password
information. Here's the command that fails with an "invalid directory
pathname" error:

Dim tempNameSpace as ActiveDS.IADsOpenDSObject
Dim oTemp as Object

tempNameSpace = GetObject("LDAP:")
szPath = "LDAP://test.directory.com:1234/ou=51100751,ou=310476,ou=Business
Units,o=myCompany"
sUserName = "cn=myAppName,ARsrcType=Applications,o=myCompany"
sPass = "myPass"
oTemp = tempNameSpace.OpenDSObject(szPath, sUserName, sPass,
AuthenticationTypes.ServerBind) '<==== fails

I know this is a basic question, and I have an idea of the answer but
I want to be sure. If I don't figure this out I can't work around my
"Handling of this ADSVALUE is not yet implemented" problem.

 
 
 

DirectoryEntry vs IADsOpenDSObject Authentication - differences?

Post by Joe Kapla » Fri, 02 May 2003 06:30:24


System.DirectoryServices uses ADSI under the hood.  If you poke around in
the IL for the assembly, you can discover that the DirectoryEntry just calls
IADsOpenDSObject under the hood.  So I would expect this to work.

Did you try explicitly converting it to an Int32 or just not specifying it?
ServerBind is good to use, but it is mostly a performance improvement option
and not strictly necessary in my understanding.

Also, did you get any kind of useful error message?

Joe K.


Quote:> What is the difference between authentication with the DirectoryEntry
> object vs the IADsOpenDSObject? I have code that works when I use a
> provided ID and password with the DirectoryEntry object but fails with
> the IADsOpenDSObject. Both objects use the same ID and password
> information. Here's the command that fails with an "invalid directory
> pathname" error:

> Dim tempNameSpace as ActiveDS.IADsOpenDSObject
> Dim oTemp as Object

> tempNameSpace = GetObject("LDAP:")
> szPath = "LDAP://test.directory.com:1234/ou=51100751,ou=310476,ou=Business
> Units,o=myCompany"
> sUserName = "cn=myAppName,ARsrcType=Applications,o=myCompany"
> sPass = "myPass"
> oTemp = tempNameSpace.OpenDSObject(szPath, sUserName, sPass,
> AuthenticationTypes.ServerBind) '<==== fails

> I know this is a basic question, and I have an idea of the answer but
> I want to be sure. If I don't figure this out I can't work around my
> "Handling of this ADSVALUE is not yet implemented" problem.


 
 
 

DirectoryEntry vs IADsOpenDSObject Authentication - differences?

Post by Mat » Fri, 02 May 2003 23:26:48


Thanks for the advice Joe but I'm not sure what you mean. What should
I be converting to an Int32? Also, the OpenDSObject requires an
Authentication Type so I used ServerBind. The only error message I get
is the "An invalid directory pathname was passed", but this same
pathname works fine with no authentication when used with GetObject
command.

It's very disturbing if ADSI is under the hood. The workaround for the
"Handling of this ADSVALUE type is not yet implemented" involves using
ADSI commands that don't work with the DirectoryServices objects.


> System.DirectoryServices uses ADSI under the hood.  If you poke around in
> the IL for the assembly, you can discover that the DirectoryEntry just calls
> IADsOpenDSObject under the hood.  So I would expect this to work.

> Did you try explicitly converting it to an Int32 or just not specifying it?
> ServerBind is good to use, but it is mostly a performance improvement option
> and not strictly necessary in my understanding.

> Also, did you get any kind of useful error message?

> Joe K.



 
 
 

DirectoryEntry vs IADsOpenDSObject Authentication - differences?

Post by MSRe » Sun, 04 May 2003 07:52:11


Please try to run the following script with your enviorment changes and see
how it goes. You should be able to port the same code under .NET like this.
Make sure you select right authentication flag.

Set obj = GetObject("LDAP:")

'using securt authentication

Set obj2 =
obj.OpenDSObject("LDAP://Regu3.regusdomain.nttest.microsoft.com/CN=Users,DC=
regusdomain,DC=nttest,DC=microsoft,DC=com","regusdomain\administrator",
"password", 1)

MsgBox obj2.distinguishedname

'using basic clear text authentication

set obj2 =
obj.OpenDSObject("LDAP://Regu3.regusdomain.nttest.microsoft.com/CN=ReguUser,
CN=Users,DC=regusdomain,DC=nttest,DC=microsoft,DC=com","CN=Administrator,CN=
Users,DC=regusdomain,DC=nttest,DC=microsoft,DC=com","password",0)

MsgBox obj2.Name

Thanks,
Regu.
Microsoft.

This posting is provided "AS IS" with no warranties, and confers no rights.

 
 
 

DirectoryEntry vs IADsOpenDSObject Authentication - differences?

Post by Weiqing Tu [MSFT » Tue, 06 May 2003 10:53:35


If you could provide the code about how you use the DirectoryEntry code, I
should be able to tell you which flag to use for IADsOpenDSObject to get the
corresponding behavior.

This posting is provided "AS IS" with no warranties, and confers no rights.

weiqing tu


> Thanks for the advice Joe but I'm not sure what you mean. What should
> I be converting to an Int32? Also, the OpenDSObject requires an
> Authentication Type so I used ServerBind. The only error message I get
> is the "An invalid directory pathname was passed", but this same
> pathname works fine with no authentication when used with GetObject
> command.

> It's very disturbing if ADSI is under the hood. The workaround for the
> "Handling of this ADSVALUE type is not yet implemented" involves using
> ADSI commands that don't work with the DirectoryServices objects.




> > System.DirectoryServices uses ADSI under the hood.  If you poke around
in
> > the IL for the assembly, you can discover that the DirectoryEntry just
calls
> > IADsOpenDSObject under the hood.  So I would expect this to work.

> > Did you try explicitly converting it to an Int32 or just not specifying
it?
> > ServerBind is good to use, but it is mostly a performance improvement
option
> > and not strictly necessary in my understanding.

> > Also, did you get any kind of useful error message?

> > Joe K.



 
 
 

1. Pb authentication with IADsOpenDSObject

Hi !

I am developing a component using ADSI. I have an authentication problem.
When I Try to use IADsOpenDSObject, I have an error message 'The credentials
supplied conflict with an existing set of credentials'. I am working with
Windowns NT Workstation 4.0 and with domain's user right. It's when I try to
connect to a server using the name and the password of the administrator.

If anyone have had a similar problem and find a solution, or if a someone
have an idea about my problem, I accept all the help I can find because I'm
very blocked.

Thanks !!

2. FS: Sbus 8bit SVGA color frame buffer $55

3. Using alternate credentials for authentication - IADsOpenDSObject::OpenDSObject [Visual Basic]

4. Copyclip Question

5. Problems with Authentication using ADSI IADsOpenDSObject :

6. Question for all the smart networking professionals out there

7. Basic Authentication VS. Integrated Windows Authentication

8. is there a limit to connection points?

9. Differences NT 4.0 server vs. SBS2000 VPN - Routing & Remote Access Config

10. VPN vs dial in - what is the real difference?

11. Win98 MS-Net user vs login authentication wrt Samba

12. Regarding Windows authentication - LDAP vs. WinNT

13. IADsOpenDSObject Access problem