locked
ldap path RRS feed

  • Question

  • User-1465070452 posted

    I want to check a user whether he is a member of a specific group and based on that i am authenitcating for the website.

    say .Groupname = desk

    how to write a ldap query to check under a doman dm1( for ex).

    i m new to ldap

    Monday, February 2, 2009 11:19 AM

Answers

  • User-116968802 posted

    This class provides all the functionality with active directory ...the function getGoups() returns all the groups in your domain 

    Class
    ActiveDirectoryValidator

    Private _path As String

    Private _filterAttribute As String

    Public Sub New(ByVal path As String)

    _path = path

    End Sub

    Public Function IsAuthenticated(ByVal domainName As String, ByVal userName As String, ByVal password As String) As Boolean

    Dim domainAndUsername As String = domainName + "\" + userName Dim entry As New DirectoryEntry(_path, domainAndUsername, password)

    Try

    ' Bind to the native AdsObject to force authentication.

    Dim obj As Object = entry.NativeObject Dim search As New DirectorySearcher(entry)

    search.Filter = "(SAMAccountName=" + userName + ")"

    search.PropertiesToLoad.Add("cn") Dim result As SearchResult = search.FindOne()

    If result Is Nothing Then

    Return False

    End If

    ' Update the new path to the user in the directory

    _path = result.Path

    _filterAttribute =
    DirectCast(result.Properties("cn")(0), String)

    Catch ex As Exception

    Throw New Exception("Login Error: " + ex.Message)

    End Try

    Return True

    End Function

    Public Function GetGroups() As String

    Dim search As New DirectorySearcher(_path)

    search.Filter = "(cn=" + _filterAttribute + ")"

    search.PropertiesToLoad.Add("memberOf") Dim groupNames As New StringBuilder()

    'groupNames.Append(_path)

    Try

    Dim result As SearchResult = search.FindOne() Dim propertyCount As Integer = result.Properties("memberOf").Count

    Dim dn As String

    Dim equalsIndex As Integer, commaIndex As Integer

    For propertyCounter As Integer = 0 To propertyCount - 1

    dn = DirectCast(result.Properties("memberOf")(propertyCounter), String)

    equalsIndex = dn.IndexOf("=", 1) commaIndex = dn.IndexOf(",", 1)

    If -1 = equalsIndex Then

    Return Nothing

    End If

    groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1))

    'groupNames.Append(dn)

    groupNames.Append("|")

    Next

    Catch ex As Exception Throw New Exception("Error obtaining group names. " + ex.Message)

    End Try

    Return groupNames.ToString() End Function

    End Class

     

    and then use this code for group searching:

    Dim adPath As String = ConfigurationManager.AppSettings("yourldappath")

    Dim adAuth As New ActiveDirectoryValidator(adPath)

    Dim userGroups As String = adAuth.GetGroups()

    domain.Text = userGroups

    If (userGroups.IndexOf("your group name") > -1) Then

      ' your logic for authentication

    end if

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, February 2, 2009 11:58 AM
  • User-116968802 posted

    check this link...this is where i got the code from in the first place....its in C# 

    http://msdn.microsoft.com/en-us/library/aa302397.aspx

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, February 2, 2009 1:22 PM
  • User-116968802 posted

    <add key=group value = group1,group2,group3 />

    i would suggest you to try this:

    <add key="group" value = "group1,group2,group3" />

    and when you retieve it split it into a string array based on the "," delimiter ...this should solve your problem

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, February 2, 2009 6:57 PM

All replies

  • User-116968802 posted

    This class provides all the functionality with active directory ...the function getGoups() returns all the groups in your domain 

    Class
    ActiveDirectoryValidator

    Private _path As String

    Private _filterAttribute As String

    Public Sub New(ByVal path As String)

    _path = path

    End Sub

    Public Function IsAuthenticated(ByVal domainName As String, ByVal userName As String, ByVal password As String) As Boolean

    Dim domainAndUsername As String = domainName + "\" + userName Dim entry As New DirectoryEntry(_path, domainAndUsername, password)

    Try

    ' Bind to the native AdsObject to force authentication.

    Dim obj As Object = entry.NativeObject Dim search As New DirectorySearcher(entry)

    search.Filter = "(SAMAccountName=" + userName + ")"

    search.PropertiesToLoad.Add("cn") Dim result As SearchResult = search.FindOne()

    If result Is Nothing Then

    Return False

    End If

    ' Update the new path to the user in the directory

    _path = result.Path

    _filterAttribute =
    DirectCast(result.Properties("cn")(0), String)

    Catch ex As Exception

    Throw New Exception("Login Error: " + ex.Message)

    End Try

    Return True

    End Function

    Public Function GetGroups() As String

    Dim search As New DirectorySearcher(_path)

    search.Filter = "(cn=" + _filterAttribute + ")"

    search.PropertiesToLoad.Add("memberOf") Dim groupNames As New StringBuilder()

    'groupNames.Append(_path)

    Try

    Dim result As SearchResult = search.FindOne() Dim propertyCount As Integer = result.Properties("memberOf").Count

    Dim dn As String

    Dim equalsIndex As Integer, commaIndex As Integer

    For propertyCounter As Integer = 0 To propertyCount - 1

    dn = DirectCast(result.Properties("memberOf")(propertyCounter), String)

    equalsIndex = dn.IndexOf("=", 1) commaIndex = dn.IndexOf(",", 1)

    If -1 = equalsIndex Then

    Return Nothing

    End If

    groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1))

    'groupNames.Append(dn)

    groupNames.Append("|")

    Next

    Catch ex As Exception Throw New Exception("Error obtaining group names. " + ex.Message)

    End Try

    Return groupNames.ToString() End Function

    End Class

     

    and then use this code for group searching:

    Dim adPath As String = ConfigurationManager.AppSettings("yourldappath")

    Dim adAuth As New ActiveDirectoryValidator(adPath)

    Dim userGroups As String = adAuth.GetGroups()

    domain.Text = userGroups

    If (userGroups.IndexOf("your group name") > -1) Then

      ' your logic for authentication

    end if

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, February 2, 2009 11:58 AM
  • User-1465070452 posted

     Thanks, I would have appreciated it if the code was in c#

    But thats ok., i am trying to understand and write back in c#. i know there are conversion tools which help me too.

    Thanks again. 

    Monday, February 2, 2009 1:02 PM
  • User-116968802 posted

    check this link...this is where i got the code from in the first place....its in C# 

    http://msdn.microsoft.com/en-us/library/aa302397.aspx

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, February 2, 2009 1:22 PM
  • User-1465070452 posted

     thanks. you made my day

    Monday, February 2, 2009 2:15 PM
  • User-1465070452 posted

     Quesiton:

    for the getgroups method. i want to see the user specific in a group.

    Say i want to authenitcate a user who is present in group1 only. 

    How can i set this in ldap path given in my web.config. 

    I am setting the path attribute via web.config 

    like dc= dc1, dc = dc2. How can i attach the group name to this path  and authenticate only to this group users

    Monday, February 2, 2009 2:54 PM
  • User-116968802 posted

    you cannot set group in the ldap path itself ..

    what you can do is getgroups retireves all the groups the user belongs to ...

    from which you can check if the group you want to authenticate is in the list of groups the user belongs to by simply using "string functions"

    Monday, February 2, 2009 3:39 PM
  • User-116968802 posted

    you cannot set group in the ldap path itself ..

    what you can do is getgroups retireves all the groups the user belongs to ...

    from which you can check if the group you want to authenticate is in the list of groups the user belongs to by simply using "string functions"

    Monday, February 2, 2009 3:48 PM
  • User-1465070452 posted

     could i just add those selected groups in web.config under app settings as key values. and compare these against that retrived by get groups.

    if nay exists then user is authenticated.

    Am i  doing right ?in here

    Monday, February 2, 2009 3:48 PM
  • User-116968802 posted

    yes that is correct ... the group you stored in web config should be among the list returned by the getgroups function ...

    if exists then the user belongs the group specifies in your web config

    Monday, February 2, 2009 3:53 PM
  • User-116968802 posted

    yes that is correct ... the group you stored in web config should be among the list returned by the getgroups function ...

    if exists then the user belongs the group specifies in your web config

    Monday, February 2, 2009 4:01 PM
  • User-1465070452 posted

     <add key=group value = group1,group2,group3 />

    how can i retrieve these values as an arraylist and try to authenticate. I tried this

    System.Configuration.ConfigurationSettings.AppSettings[key]

    but it works only when there is one.

    Monday, February 2, 2009 6:13 PM
  • User-116968802 posted

    <add key=group value = group1,group2,group3 />

    i would suggest you to try this:

    <add key="group" value = "group1,group2,group3" />

    and when you retieve it split it into a string array based on the "," delimiter ...this should solve your problem

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, February 2, 2009 6:57 PM
  • User-1465070452 posted

     thanks. i did the same.

     

    Tuesday, February 3, 2009 11:01 AM