ldap path

Question

User-1465070452 posted

I want to check a user whether he is a member of a specific group and based on that i am authenitcating for the website.

say .Groupname = desk

how to write a ldap query to check under a doman dm1( for ex).

i m new to ldap

Answer 1

User-116968802 posted

This class provides all the functionality with active directory ...the function getGoups() returns all the groups in your domain 

Class ActiveDirectoryValidator

Private _path As String

Private _filterAttribute As String

Public Sub New(ByVal path As String)

_path = path

End Sub

Public Function IsAuthenticated(ByVal domainName As String, ByVal userName As String, ByVal password As String) As Boolean

Dim domainAndUsername As String = domainName + "\" + userName Dim entry As New DirectoryEntry(_path, domainAndUsername, password)

Try

' Bind to the native AdsObject to force authentication.

Dim obj As Object = entry.NativeObject Dim search As New DirectorySearcher(entry)

search.Filter = "(SAMAccountName=" + userName + ")"

search.PropertiesToLoad.Add("cn") Dim result As SearchResult = search.FindOne()

If result Is Nothing Then

Return False

End If

' Update the new path to the user in the directory

_path = result.Path

_filterAttribute = DirectCast(result.Properties("cn")(0), String)

Catch ex As Exception

Throw New Exception("Login Error: " + ex.Message)

End Try

Return True

End Function

Public Function GetGroups() As String

Dim search As New DirectorySearcher(_path)

search.Filter = "(cn=" + _filterAttribute + ")"

search.PropertiesToLoad.Add("memberOf") Dim groupNames As New StringBuilder()

'groupNames.Append(_path)

Try

Dim result As SearchResult = search.FindOne() Dim propertyCount As Integer = result.Properties("memberOf").Count

Dim dn As String

Dim equalsIndex As Integer, commaIndex As Integer

For propertyCounter As Integer = 0 To propertyCount - 1

dn = DirectCast(result.Properties("memberOf")(propertyCounter), String)

equalsIndex = dn.IndexOf("=", 1) commaIndex = dn.IndexOf(",", 1)

If -1 = equalsIndex Then

Return Nothing

End If

groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1))

'groupNames.Append(dn)

groupNames.Append("|")

Next

Catch ex As Exception Throw New Exception("Error obtaining group names. " + ex.Message)

End Try

Return groupNames.ToString() End Function

End Class

 

and then use this code for group searching:

Dim adPath As String = ConfigurationManager.AppSettings("yourldappath")

Dim adAuth As New ActiveDirectoryValidator(adPath)

Dim userGroups As String = adAuth.GetGroups()

domain.Text = userGroups

If (userGroups.IndexOf("your group name") > -1) Then

  ' your logic for authentication

end if

Answer 2

User-1465070452 posted

 Thanks, I would have appreciated it if the code was in c#

But thats ok., i am trying to understand and write back in c#. i know there are conversion tools which help me too.

Thanks again. 

Answer 3

User-116968802 posted

check this link...this is where i got the code from in the first place....its in C# 

http://msdn.microsoft.com/en-us/library/aa302397.aspx

Answer 4

User-1465070452 posted

 thanks. you made my day

Answer 5

User-1465070452 posted

 Quesiton:

for the getgroups method. i want to see the user specific in a group.

Say i want to authenitcate a user who is present in group1 only. 

How can i set this in ldap path given in my web.config. 

I am setting the path attribute via web.config 

like dc= dc1, dc = dc2. How can i attach the group name to this path  and authenticate only to this group users

Answer 6

User-116968802 posted

you cannot set group in the ldap path itself ..

what you can do is getgroups retireves all the groups the user belongs to ...

from which you can check if the group you want to authenticate is in the list of groups the user belongs to by simply using "string functions"

Answer 7

User-116968802 posted

you cannot set group in the ldap path itself ..

what you can do is getgroups retireves all the groups the user belongs to ...

from which you can check if the group you want to authenticate is in the list of groups the user belongs to by simply using "string functions"

Answer 8

User-1465070452 posted

 could i just add those selected groups in web.config under app settings as key values. and compare these against that retrived by get groups.

if nay exists then user is authenticated.

Am i  doing right ?in here

Answer 9

User-116968802 posted

yes that is correct ... the group you stored in web config should be among the list returned by the getgroups function ...

if exists then the user belongs the group specifies in your web config

Answer 10

User-116968802 posted

yes that is correct ... the group you stored in web config should be among the list returned by the getgroups function ...

if exists then the user belongs the group specifies in your web config

Answer 11

User-1465070452 posted

 <add key=group value = group1,group2,group3 />

how can i retrieve these values as an arraylist and try to authenticate. I tried this

System.Configuration.ConfigurationSettings.AppSettings[key]

but it works only when there is one.

Answer 12

User-116968802 posted

<add key=group value = group1,group2,group3 />

i would suggest you to try this:

<add key="group" value = "group1,group2,group3" />

and when you retieve it split it into a string array based on the "," delimiter ...this should solve your problem

Answer 13

User-1465070452 posted

 thanks. i did the same.