locked
Problem using AD interfaces when distinguished name contains non-English characters. RRS feed

  • Question

  • Hi,

    I am trying to check group membership of given user. I have pointer to group interface (i.e. IID_IADsGroup) of given group and distinguished name of the user.  I am calling IsMember() on that group interface. But that function is failing if User DN contains any non-English character. Also ADsOpenObject() is failing for IID_IADs when that users LDAP path is provided (which contains non-English characters).

    My application is using Multi-byte character set.

    Thanking you in advance,

    Rohit

    • Moved by Helen Zhao Tuesday, July 31, 2012 6:30 AM (From:Visual C++ General)
    Monday, July 30, 2012 9:32 AM

Answers

  • Hi,

    Got my problem fixed. Distinguished Name of user fetched from AD was saved directly in CString. This CString value was then converted to wide char before using into IsMember(). This case was failing.

    Problem was solved by converting distinguished name (fetched from AD) into multibyte before assigning to CString. Now when this CString value (multibyte) is converted again to wide char which is then used in IsMember() function, I got the expected output.

    Thank you,

    Rohit

    • Marked as answer by eRohs Monday, August 13, 2012 6:56 AM
    Monday, August 13, 2012 6:56 AM

All replies

  • I am trying to check group membership of given user. I have pointer to group interface (i.e. IID_IADsGroup) of given group and distinguished name of the user.  I am calling IsMember() on that group interface. But that function is failing if User DN contains any non-English character. Also ADsOpenObject() is failing for IID_IADs when that users LDAP path is provided (which contains non-English characters).

    My application is using Multi-byte character set.

    Presumably it's failing for you when your string contains characters
    that aren't in the current code page?

    Try a Unicode build.

    Dave

    Monday, July 30, 2012 10:46 AM
  • eRohs wrote:

    I am trying to check group membership of given user. I have pointer to  group interface (i.e. IID_IADsGroup) of given group and
    distinguished name of the user. I am calling IsMember() on that group  interface. But that function is failing if User DN contains
    any non-English character. Also ADsOpenObject() is failing for  IID_IADs when that users LDAP path is provided (which contains
    non-English characters).  

    My application is using Multi-byte character set.

    IsMember and other functions take a BSTR, which is a Unicode string. How  does your program construct this BSTR? Show how you call IsMember. My  guess is, the name is already mangled in your program before you even  call the method.


    Igor Tandetnik

    Monday, July 30, 2012 12:30 PM
  • Hi Igor,

    Thank you for your reply.

    I am getting the User DN in CString variable. I am converting it into BSTR which is then used in IsMember().

    I tried following 2 options for CString to BSTR conversion.

    if(ppAdminGroup != NULL)
        hr = (*ppAdminGroup)->IsMember(CComBSTR(strUserDistName), &inG);

    OR

    wchar_t unicodeStr[4096] = {0};
    MultiByteToWideChar (CP_ACP, 0, strUserDistName, -1, unicodeStr, 4096);
    if(ppAdminGroup != NULL)
        hr = (*ppAdminGroup)->IsMember(unicodeStr, &inG);

    In both the cases it is returning false.

    I am using similar string in ADsOpenObject(), that is also failing.

    But all above functions are working fine for LDAP paths/DNs in English characters.

    Let me know if I am incorrectly using any function.

    Regards,

    Rohit


    • Edited by eRohs Tuesday, July 31, 2012 6:31 AM
    Tuesday, July 31, 2012 6:24 AM
  • Hi Rohit,

    According to your description, I'd like to move this thread to "Application Security for Windows Desktop Forum" for better support.

    Thanks for your understanding and active participation in the MSDN Forum.

    Best regards,


    Helen Zhao [MSFT]
    MSDN Community Support | Feedback to us

    Tuesday, July 31, 2012 6:30 AM
  • On 7/31/2012 2:24 AM, eRohs wrote:

    I am getting the User DN in CString variable.

    In a program built with Multi-byte Character Set option (an ANSI build), CString is only capable or storing characters representable in the system default codepage. If you have a user name that contains characters absent from this codepage, then there's no way to pass it around in the form of CString. The contents of your CString are already bad, before you even get to BSTR conversion or IsMember call.

    See also http://www.joelonsoftware.com/articles/Unicode.html


    Igor Tandetnik

    Tuesday, July 31, 2012 7:38 PM
  • Hi,

    Got my problem fixed. Distinguished Name of user fetched from AD was saved directly in CString. This CString value was then converted to wide char before using into IsMember(). This case was failing.

    Problem was solved by converting distinguished name (fetched from AD) into multibyte before assigning to CString. Now when this CString value (multibyte) is converted again to wide char which is then used in IsMember() function, I got the expected output.

    Thank you,

    Rohit

    • Marked as answer by eRohs Monday, August 13, 2012 6:56 AM
    Monday, August 13, 2012 6:56 AM