LDAP SERVER

LDAP SERVER

Post by Venka » Thu, 26 Jun 2003 16:52:45



Hi,

We have an API called "ldap_simple_bind_s" which is used to authenticate a
client to a server.
This API takes 2 parameters userid and password.

I want to know if their is any API which authenticates a client to a server
by taking just the userid
as the parameter(not the password).

I need this because in one of my app which i am developing i am adding a
userid,
the dll need to verify if the userid is a valid one by connecting to the
LDAP server.

Thanks In Advance
Venkat

 
 
 

LDAP SERVER

Post by Deepa » Thu, 26 Jun 2003 22:54:58


use ldap_search() API to search for the userid ... if search finds a match,
do not add the id.

note: this is not the right group for ldap post.
        subscribe to http://www.openldap.org or http://www.ldapguru.org/

Deepak


Quote:> Hi,

> We have an API called "ldap_simple_bind_s" which is used to authenticate a
> client to a server.
> This API takes 2 parameters userid and password.

> I want to know if their is any API which authenticates a client to a
server
> by taking just the userid
> as the parameter(not the password).

> I need this because in one of my app which i am developing i am adding a
> userid,
> the dll need to verify if the userid is a valid one by connecting to the
> LDAP server.

> Thanks In Advance
> Venkat


 
 
 

LDAP SERVER

Post by Ed Astl » Fri, 27 Jun 2003 20:53:40



Quote:> Hi,

> We have an API called "ldap_simple_bind_s" which is used to authenticate a
> client to a server.
> This API takes 2 parameters userid and password.

> I want to know if their is any API which authenticates a client to a
server
> by taking just the userid
> as the parameter(not the password).

> I need this because in one of my app which i am developing i am adding a
> userid,
> the dll need to verify if the userid is a valid one by connecting to the
> LDAP server.

> Thanks In Advance
> Venkat

I did some LDAP stuff using IADs COM stuff (we were using Site Server).  The
app runs in a context that allows admin access to ldap stuff.

Here's a snippet of code that checks if a user belongs in a group:

static const char MEMBER_CLASS[]  = "member";
static const char MEMBEROF_CLASS[] = "memberof";
static const char GUID_ATTRIBUTE[]  = "GUID";
static const char PASSWORD_ATTRIBUTE[] = "userPassword";

bool AddMember( IADsContainer &members_container,
                              IADsContainer &groups_container,
                              const std::string &cn_username,  // eg
"cn=Fred"
                              const std::string &password )
{  <plenty of snips and adhoc rewrites...>
    CComBSTR bstr_class( MEMBER_CLASS ), bstr_user( cn_username.c_str() );
    IADs *pMember = NULL;

// If the user already exists then just update their password (NOT the
guid).
// Otherwise create the new user (this doesn't really happend until
SetInfo() though)...

    hr = members_container.GetObject( bstr_class, bstr_user, (IDispatch **)
&pMember );

    if( SUCCEEDED(hr) )
    {
        bNewUser = false;
    }
    else
    {
        bNewUser = true;
        hr = members_container.Create( bstr_class, bstr_user, (IDispatch **)
&pMember );

// New users must have a GUID associated with them...

        if( SUCCEEDED(hr))
        {   _bstr_t bstr_guid( GUID_ATTRIBUTE );
            wchar_t guidw[ 40 ];
            GUID guid;

            CoCreateGuid( &guid );
            StringFromGUID2( guid, guidw, sizeof(guidw) );
            hr = pMember->Put( bstr_guid, (_variant_t) guidw );

// Add new user to group "YourSpecialGroupHere"
<section snipped for brevity>
    }

    if( SUCCEEDED(hr) )
    {   CComBSTR bstr_pw( PASSWORD_ATTRIBUTE );
        _variant_t vt_oldpassword;

        hr = pMember->GetInfo();
        hr = pMember->Get( bstr_pw , &vt_oldpassword );

        hr = pMember->Put( bstr_pw, (_variant_t) password.c_str() );
        hr = pMember->SetInfo();
    }
<stuff snipped>

Quote:}

IADsContainer *pMembersContainer;
IADsContainer *pGroupContainer;
CComBSTR admin_id( "cn=AdminLogonIDHere,ou=members,o=sql7membership" );

hr = CoInitialize( NULL );

// Get the "members" container...

hr = ADsOpenObject( "LDAP://host:port/ou=members,o=sql7membership",
admin_id, "AdminPasswordHere", 0, IID_IADsContainer, (void **)
&pMembersContainer );

// Get the group container we are interested in...

hr = ADsOpenObject(
"LDAP://host:port/cn=YourSpecialGroupHere,ou=groups,o=sql7membership",
admin_id, "AdminPasswordHere", 0, IID_IADsContainer, (void **)
&pGroupContainer );

AddMember( *pMembersContainer , *pGroupContainer, "cn=Fred",
"FredsPassword" );

pGroupContainer->Release();
pMembersContainer->Release();
CoUninitialize();

Not sure if it was what you wanted.
Regards
Ed

 
 
 

1. LDAP SERVER

Hi,

We have an API called "ldap_simple_bind_s" which is used to authenticate a
client to a server.
This API takes 2 parameters userid and password.

I want to know if their is any API which authenticates a client to a server
by taking just the userid
as the parameter(not the password).

I need this because in one of my app which i am developing i am adding a
userid,
the dll need to verify if the userid is a valid one by connecting to the
LDAP server.

Thanks In Advance
Venkat

2. openssh drops connection unexpectedly ... "Disconnecting: Corrupted MAC on input."

3. Active Directory : How can we see a LDAP server?

4. Hp 568 and mmc battery

5. Querying LDAP Servers

6. Exchange logs

7. Obtaining attribute info from an AD LDAP Server

8. ca95/NT - printing to PC attached printer

9. LDAP call from server side script using visual interdev

10. Relationship among WINS server, DHCP server and DNS server

11. Client - Server and Server - Server Connection...

12. LDAP programming oddity; MS Issue or Borland Issue?

13. "LDAP://" & Info.UserName ???