locked
new to ldap programming RRS feed

  • Question

  • User124969076 posted

    Hi all,

    I need some help here.  I'm totally new to ldap programming with .net.  I'm trying to connect to the AD to retrieve the group information about a particular user.  Thing is, I'm not even sure am I even on the right track or not.  Does anyone know where I can find resources on this topic??  Seems like there isn't really anything helpful off google.

    Thanks a million!!

    Jovena

    Tuesday, July 3, 2007 2:12 AM

Answers

  • User1588321482 posted

    Basically you are interested in two classes of DirectoryServices the DirectoryEntry and the DirectorySearcher. It is likely you won't know the path in AD to the object you are after but you might know the Account Alias, the displayname or something else. Therefore, you can search for the object and return certain attributes for the objects that are returned. This all starts to make more sense if you can browse your AD directory from a LDAP perspective, I use the Resource Kit utility LDP.exe but others also exist. Then you can visualise the directory and searching becomes easier when you know what you are searching for.

    With LDAP you have three parts to a search:

    The connection (either to a server or serverless)

    The Search Criteria (or filter)

    The attributes you want returning from the search

    From the above you will get back a recordset of the objects that match your filter and then you can iterate through and ask for the values of the attributes that have been returned (AD is limited to returning 1,000 objects so if you search may return more you would have to using paging)

    So how do you find an LDAP server in your environment? Well if you drop to a command-prompt and type "set logonserver" you will get back the server that authenticated you when you logged on, this will be a domain controller and should support an LDAP connection.

    You can then use your LDAP browser (as I said above I use LDP.exe) to connect to this server and have a look at how it is organised and more importantly the LDAP names and values set on objects. In your case you went to know the membership of the user object so an LDAP search would require you to return the "memberof" attribute which will be a collection of groups the user belongs to. First you would need to iterate through the collection and secondly the groups will be in a distinguished name format. To get the display Name of the group you would need to bind to the group (using directoryentry) and get back the displayName attribute.

     

     HTH

     Paul

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, July 4, 2007 4:04 AM

All replies

  • User300685930 posted

    here is at least one pointer.

    http://www.codeproject.com/dotnet/activedirquery.asp

     

    Tuesday, July 3, 2007 9:32 AM
  • User1588321482 posted

    Basically you are interested in two classes of DirectoryServices the DirectoryEntry and the DirectorySearcher. It is likely you won't know the path in AD to the object you are after but you might know the Account Alias, the displayname or something else. Therefore, you can search for the object and return certain attributes for the objects that are returned. This all starts to make more sense if you can browse your AD directory from a LDAP perspective, I use the Resource Kit utility LDP.exe but others also exist. Then you can visualise the directory and searching becomes easier when you know what you are searching for.

    With LDAP you have three parts to a search:

    The connection (either to a server or serverless)

    The Search Criteria (or filter)

    The attributes you want returning from the search

    From the above you will get back a recordset of the objects that match your filter and then you can iterate through and ask for the values of the attributes that have been returned (AD is limited to returning 1,000 objects so if you search may return more you would have to using paging)

    So how do you find an LDAP server in your environment? Well if you drop to a command-prompt and type "set logonserver" you will get back the server that authenticated you when you logged on, this will be a domain controller and should support an LDAP connection.

    You can then use your LDAP browser (as I said above I use LDP.exe) to connect to this server and have a look at how it is organised and more importantly the LDAP names and values set on objects. In your case you went to know the membership of the user object so an LDAP search would require you to return the "memberof" attribute which will be a collection of groups the user belongs to. First you would need to iterate through the collection and secondly the groups will be in a distinguished name format. To get the display Name of the group you would need to bind to the group (using directoryentry) and get back the displayName attribute.

     

     HTH

     Paul

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, July 4, 2007 4:04 AM
  • User124969076 posted

    Thanks!!

    Wednesday, July 18, 2007 9:57 PM
  • User-2116181168 posted

    here is at least one pointer.

    http://www.codeproject.com/dotnet/activedirquery.asp

     

    This looks like a great source, but unfortunately it won't run b/c it says I must have either .NET framework v1.0.3705 or v1.1.4122.

    I have the latest (v3.0). Any tips? If I can somehow look up my .NET framework build number, I should be able to edit his config file and insert it in there. Thanks
    Friday, July 27, 2007 4:07 PM