locked
LDAP for dummies V2 RRS feed

  • Question

  • User1901044945 posted

    Hi i see the post before on this topic but im still having troubles connecting to my AD.

    LDAP://server/OU=People,DC=domain,DC=com,

    Is server the name of the pc wich controls the AD?

    Domain is the domain name wichs shows up in the windows logon screen?

    I try to use this syntax:

    Dim oroot as object

    oroot = getobject(LDAP://RootDSE)

    To find my domain but it gives me this error "Cannot create ActiveX component" when i try to run my app.

    If any1 has any working code to query the AD in VB i really apreciate it.

    tnx for your help.

     

     

    Monday, April 17, 2006 5:43 PM

All replies

  • User1354132231 posted
    'server' would be the name of your LDAP server.  If it was Active Directory - this would be the name of a domain controller.  If you can use serverless binding, this is optional.  Some web applications cannot.

    'DC=domain' is the name that shows up in the Windows login.  However, the next portion is the fully qualified domain name, which you need to know as well.

    It sounds like your ADSI is screwed up on your computer if that syntax does not work (GetObject("LDAP://RootDSE")).  Can you try it on another computer?  Here is the .NET equivalent in VB.NET to see if that will help:

    Dim root as new DirectoryEntry("LDAP://RootDSE")
    Begin Try
        Console.WriteLine(root.Properties["defaultNamingContext"].Value)
    Finally
        root.Dispose()
    End Try


    Note that VB.NET in 2.0 can use the Using statement now too.  Looks pretty similar to equivalent C#, no?

    DirectoryEntry root = new DirectoryEntry("LDAP://RootDSE");
    using (root)  //same as try/finally with Dispose
    {
        Console.WriteLine(root.Properties["defaultNamingContext"].Value);
    }

    Tuesday, April 18, 2006 9:57 AM
  • User1901044945 posted

    ok as you probably figure it out, im not the network admin im only a developer and im newbie with ldap stuff so i would try to explain wich are my problems.

    The main idea for me to query the AD is to know wich user is the one who is using the web aplication and once i now the name i can search for the email asociated.

    1. "(sn=Smith)" what does this means, that the query is searching in the AD for all the Last names equal to Smith?

    2. How can i retrive the username of the person wich is logged on the computer?

    3. Is there any way i can figure it out the ldap server name?

    This is the code im trying to use : (u just tell me that the server its no necesary to write it down right?)

    Dim adPath As String = "LDAP://ldapservername/OU=People,DC=windows logon domain,DC=com"
    Dim searchRoot As DirectoryEntry = New DirectoryEntry(adPath, "My login name on windows", "my windows password", AuthenticationTypes.Secure)
    Dim ds As DirectorySearcher = New DirectorySearcher(searchRoot, "(sn=Smith)", New String() {"sn"})
    Dim sr As SearchResult = Nothing
    Dim src As SearchResultCollection = ds.FindAll
    With src
                If src.Count > 0 Then
                    For Each sr In src
                        Console.WriteLine(sr.Properties("cn")(0))
                    Next sr
                End If
     End With

    Thanks for your help.

    Tuesday, April 18, 2006 10:55 AM
  • User1354132231 posted
    1. Yes.
    2. Use Windows Authentication and the User.Identity.Name to get their login.
    3. Yes, you have to query the RootDSE however.

    Here is an example of pulling information for the current user.  Note, it is best if you do not explicitly specify the username and password.  Rather, run an App Pool or the ASPNET process as a domain user and you don't need to do this.  The second post in the forum about security context explains more.

    Regarding finding a domain controller name if you cannot user serverless binding.  Take my example for the RootDSE in my last post and ask for 'dnsHostName' instead of 'defaultNamingContext'.  That will return the name of the domain controller that is answering you.

    Tuesday, April 18, 2006 12:23 PM
  • User1901044945 posted

    i was looking at this code :

    DirectoryEntry root = new DirectoryEntry("LDAP://RootDSE");

    using (root) //same as try/finally with Dispose

    {

    Console.WriteLine(root.Properties["defaultNamingContext"].Value);

    Console.WriteLine(root.Properties["dnsHostName"].Value);

    }

    How can i send the result of that statement in to a textbox or somewhere i can see the result? Because using the console.writeline i cant see wich are my server and my domain

    Thanks

    Tuesday, April 18, 2006 6:33 PM
  • User1354132231 posted
    If you are using Windows Forms, then use MessageBox.Show().  I prefer using the console for quick apps.  If you are using a web page, then use Response.Output.Write() or Response.Write().
    Wednesday, April 19, 2006 9:09 AM
  • User1901044945 posted

    I all ready have my LDAP server name and my DC information thanks for your help, now im trying to retrive the display name and the e-mail of the current loged user usign this:

    Dim adPath As String = "LDAP://Ldapservernamefound/OU=People,DC=ln,DC=corp,DC=nac,DC=com"

    Dim userName As String = Environment.UserName //this gives me the usernme

    Dim de As DirectoryEntry = New DirectoryEntry(adPath)

    Dim ds As DirectorySearcher = New DirectorySearcher(de,userName)

    Dim sr As SearchResult = Nothing

    Dim src As SearchResultCollection = ds.FindAll

    With src

    If src.Count > 0 Then   // when im here it throws me an error that the search filter pointed to the username is bad what im doing wrong?

    For Each sr In src

    messagebox.Show(sr.Properties("displayName")(0))

    messagebox.Show(sr.Properties("mail")(0))

    next sr

    End If

    End With

    Wednesday, April 19, 2006 11:55 AM
  • User1354132231 posted
    Have you checked the first post on how to search?  Notice that the search filter is in a format of "(attribute=filtercriteria)".  You are not using that.

    "(sAMAccountName=yourlogin)" is probably what you want.  Note, there is no domain in that.
    Wednesday, April 19, 2006 1:06 PM
  • User1901044945 posted

    This is the mix of what i get with the querys you gave me before and what i have read about how to search for the account, but it thorows me this error:

    Exception System.DirectoryServices.DirectoryServicesCOMException was thrown in debugee:
    There is no such object on the server.

    'Getting my Domain and Server info

    Dim root As DirectoryEntry = New DirectoryEntry("LDAP://RootDSE")

    Dim Mydomain As String

    dim Myldapserver as String

    messagebox.Show (CStr(root.Properties("defaultNamingContext").Value.ToString ))

    messagebox.Show (CStr(root.Properties("dnsHostName").Value.ToString ))

    Mydomain = CStr(root.Properties("defaultNamingContext").Value.ToString )

    Myldapserver = CStr(root.Properties("dnsHostName").Value.ToString )

    'Finish gathering the Domain info

    Dim adPath As String = "LDAP://" & Myldapserver & "/OU=People," & Mydomain & ""

    Dim userName As String = Environment.UserName

    Dim de As DirectoryEntry = New DirectoryEntry(adPath,"My network user","my netwotrk pass",AuthenticationTypes.Secure )

    Dim ds As DirectorySearcher = New DirectorySearcher(de,"(samAccountName=userName)")

    Dim sr As SearchResult = Nothing

    Dim src As SearchResultCollection = ds.FindAll

    With src

    If src.Count > 0 Then

    For Each sr In src

    messagebox.Show(sr.Properties("displayName")(0))

    messagebox.Show(sr.Properties("mail")(0))

    next sr

    End If

    End With

    End Sub

    thanks and sorry for bothering you so much.

    Wednesday, April 19, 2006 3:07 PM
  • User1354132231 posted
    The error tells me that your LDAP path is incorrect.  I would suggest using an LDAP browser to find out what you really need to be using.  That, or just use the Active Directory Users and Computers MMC to see your hierarchy.  I would suspect you have OU=People wrong and it might be somewhere else.  To get around this for now until you figure it out, just don't include it and search the whole domain.

    Finally, remember what I said about the filter - there is no domain in it.  If you have 'domain\username' in your filter, it will not work.  You want 'username' only inside of "(sAMAccountName=username)".
    Wednesday, April 19, 2006 4:43 PM
  • User1901044945 posted

    I only took off the OU=People and works fine without a domain in the sAMAccount Filter. The only thing now its that im testing this on SharpDevelop 2.0 i dont know if this syntax is gonna work under Visual Studio .net 2001 or 2003.

    I have to thank you for all your time and help, if i need so more help i would try to contact you againg.

    Tnx ...!!

    Wednesday, April 19, 2006 5:33 PM