Answered by:
ldap path

Question
-
User-1465070452 posted
I want to check a user whether he is a member of a specific group and based on that i am authenitcating for the website.
say .Groupname = desk
how to write a ldap query to check under a doman dm1( for ex).
i m new to ldap
Monday, February 2, 2009 11:19 AM
Answers
-
User-116968802 posted
This class provides all the functionality with active directory ...the function getGoups() returns all the groups in your domain
Class ActiveDirectoryValidator Private _path As String Private _filterAttribute As String Public Sub New(ByVal path As String)_path = path
End Sub Public Function IsAuthenticated(ByVal domainName As String, ByVal userName As String, ByVal password As String) As Boolean Dim domainAndUsername As String = domainName + "\" + userName Dim entry As New DirectoryEntry(_path, domainAndUsername, password) Try ' Bind to the native AdsObject to force authentication. Dim obj As Object = entry.NativeObject Dim search As New DirectorySearcher(entry)search.Filter =
"(SAMAccountName=" + userName + ")" search.PropertiesToLoad.Add("cn") Dim result As SearchResult = search.FindOne() If result Is Nothing Then Return False End If ' Update the new path to the user in the directory_path = result.Path
_filterAttribute = DirectCast(result.Properties("cn")(0), String) Catch ex As Exception Throw New Exception("Login Error: " + ex.Message) End Try Return True End Function Public Function GetGroups() As String Dim search As New DirectorySearcher(_path)search.Filter =
"(cn=" + _filterAttribute + ")" search.PropertiesToLoad.Add("memberOf") Dim groupNames As New StringBuilder() 'groupNames.Append(_path) Try Dim result As SearchResult = search.FindOne() Dim propertyCount As Integer = result.Properties("memberOf").Count Dim dn As String Dim equalsIndex As Integer, commaIndex As Integer For propertyCounter As Integer = 0 To propertyCount - 1dn =
DirectCast(result.Properties("memberOf")(propertyCounter), String) equalsIndex = dn.IndexOf("=", 1) commaIndex = dn.IndexOf(",", 1) If -1 = equalsIndex Then Return Nothing End IfgroupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1))
'groupNames.Append(dn) groupNames.Append("|") Next Catch ex As Exception Throw New Exception("Error obtaining group names. " + ex.Message) End Try Return groupNames.ToString() End FunctionEnd
Classand then use this code for group searching:
Dim adPath As String = ConfigurationManager.AppSettings("yourldappath") Dim adAuth As New ActiveDirectoryValidator(adPath)Dim userGroups As String = adAuth.GetGroups()
domain.Text = userGroups If (userGroups.IndexOf("your group name") > -1) Then' your logic for authentication
end if
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Monday, February 2, 2009 11:58 AM -
User-116968802 posted
check this link...this is where i got the code from in the first place....its in C#
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Monday, February 2, 2009 1:22 PM -
User-116968802 posted
<add key=group value = group1,group2,group3 />i would suggest you to try this:
<add key="group" value = "group1,group2,group3" />
and when you retieve it split it into a string array based on the "," delimiter ...this should solve your problem
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Monday, February 2, 2009 6:57 PM
All replies
-
User-116968802 posted
This class provides all the functionality with active directory ...the function getGoups() returns all the groups in your domain
Class ActiveDirectoryValidator Private _path As String Private _filterAttribute As String Public Sub New(ByVal path As String)_path = path
End Sub Public Function IsAuthenticated(ByVal domainName As String, ByVal userName As String, ByVal password As String) As Boolean Dim domainAndUsername As String = domainName + "\" + userName Dim entry As New DirectoryEntry(_path, domainAndUsername, password) Try ' Bind to the native AdsObject to force authentication. Dim obj As Object = entry.NativeObject Dim search As New DirectorySearcher(entry)search.Filter =
"(SAMAccountName=" + userName + ")" search.PropertiesToLoad.Add("cn") Dim result As SearchResult = search.FindOne() If result Is Nothing Then Return False End If ' Update the new path to the user in the directory_path = result.Path
_filterAttribute = DirectCast(result.Properties("cn")(0), String) Catch ex As Exception Throw New Exception("Login Error: " + ex.Message) End Try Return True End Function Public Function GetGroups() As String Dim search As New DirectorySearcher(_path)search.Filter =
"(cn=" + _filterAttribute + ")" search.PropertiesToLoad.Add("memberOf") Dim groupNames As New StringBuilder() 'groupNames.Append(_path) Try Dim result As SearchResult = search.FindOne() Dim propertyCount As Integer = result.Properties("memberOf").Count Dim dn As String Dim equalsIndex As Integer, commaIndex As Integer For propertyCounter As Integer = 0 To propertyCount - 1dn =
DirectCast(result.Properties("memberOf")(propertyCounter), String) equalsIndex = dn.IndexOf("=", 1) commaIndex = dn.IndexOf(",", 1) If -1 = equalsIndex Then Return Nothing End IfgroupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1))
'groupNames.Append(dn) groupNames.Append("|") Next Catch ex As Exception Throw New Exception("Error obtaining group names. " + ex.Message) End Try Return groupNames.ToString() End FunctionEnd
Classand then use this code for group searching:
Dim adPath As String = ConfigurationManager.AppSettings("yourldappath") Dim adAuth As New ActiveDirectoryValidator(adPath)Dim userGroups As String = adAuth.GetGroups()
domain.Text = userGroups If (userGroups.IndexOf("your group name") > -1) Then' your logic for authentication
end if
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Monday, February 2, 2009 11:58 AM -
User-1465070452 posted
Thanks, I would have appreciated it if the code was in c#
But thats ok., i am trying to understand and write back in c#. i know there are conversion tools which help me too.
Thanks again.
Monday, February 2, 2009 1:02 PM -
User-116968802 posted
check this link...this is where i got the code from in the first place....its in C#
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Monday, February 2, 2009 1:22 PM -
User-1465070452 posted
thanks. you made my day
Monday, February 2, 2009 2:15 PM -
User-1465070452 posted
Quesiton:
for the getgroups method. i want to see the user specific in a group.
Say i want to authenitcate a user who is present in group1 only.
How can i set this in ldap path given in my web.config.
I am setting the path attribute via web.config
like dc= dc1, dc = dc2. How can i attach the group name to this path and authenticate only to this group users
Monday, February 2, 2009 2:54 PM -
User-116968802 posted
you cannot set group in the ldap path itself ..
what you can do is getgroups retireves all the groups the user belongs to ...
from which you can check if the group you want to authenticate is in the list of groups the user belongs to by simply using "string functions"
Monday, February 2, 2009 3:39 PM -
User-116968802 posted
you cannot set group in the ldap path itself ..
what you can do is getgroups retireves all the groups the user belongs to ...
from which you can check if the group you want to authenticate is in the list of groups the user belongs to by simply using "string functions"
Monday, February 2, 2009 3:48 PM -
User-1465070452 posted
could i just add those selected groups in web.config under app settings as key values. and compare these against that retrived by get groups.
if nay exists then user is authenticated.
Am i doing right ?in here
Monday, February 2, 2009 3:48 PM -
User-116968802 posted
yes that is correct ... the group you stored in web config should be among the list returned by the getgroups function ...
if exists then the user belongs the group specifies in your web config
Monday, February 2, 2009 3:53 PM -
User-116968802 posted
yes that is correct ... the group you stored in web config should be among the list returned by the getgroups function ...
if exists then the user belongs the group specifies in your web config
Monday, February 2, 2009 4:01 PM -
User-1465070452 posted
<add key=group value = group1,group2,group3 />
how can i retrieve these values as an arraylist and try to authenticate. I tried this
System.Configuration.ConfigurationSettings.AppSettings[key]
but it works only when there is one.
Monday, February 2, 2009 6:13 PM -
User-116968802 posted
<add key=group value = group1,group2,group3 />i would suggest you to try this:
<add key="group" value = "group1,group2,group3" />
and when you retieve it split it into a string array based on the "," delimiter ...this should solve your problem
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Monday, February 2, 2009 6:57 PM -
User-1465070452 posted
thanks. i did the same.
Tuesday, February 3, 2009 11:01 AM