locked
Using Membership filter (recursive group check for user) - count returning 0 RRS feed

  • Question

  • User-73514677 posted

    Hi,

    I am trying to find if a user is part of a recursive group.

    I am using the code from article: http://ddkonline.blogspot.in/2010/05/how-to-recursively-get-group-membership.html

    I have used code as below:

     

    // value is passed as "a1abs" (username without domain) , and groupname
    
    

    public bool IsUserMemberOfGroup(string username, string groupname) { DirectoryEntry entry = new DirectoryEntry(LDAPAddress, username, Password); DirectorySearcher mySearcher = new DirectorySearcher(entry); string LDAPGroupMemberFilterRecursive = "(member:1.2.840.113556.1.4.1941:=CN={0},OU=groupsOU,DC=CompanyName,DC=COM)"; //Filter by special recursive LDAP string e.g. //"(member:1.2.840.113556.1.4.1941:=CN={0},OU=Users,OU=NSW,OU=DDKONLINE,DC=DDKONLINE,DC=int)" mySearcher.Filter = string.Format(LDAPGroupMemberFilterRecursive, GetUserContainerName(username)); //GetUserContainerName method is returning properly. mySearcher.SearchScope = SearchScope.Subtree; //Search from base down to ALL children. SearchResultCollection result = mySearcher.FindAll(); // result.Count is coming as 0 for (int i = 0; i < result.Count ; i++) { if (result[i].Path.ToUpper().Contains(string.Format("CN={0}", groupname.ToUpper()))) return true; //Success - group found } //No match found return false; } /// <summary> /// Gets the Container Name (CN) of the input user. /// </summary> /// <param name="userName">/// <returns></returns> public string GetUserContainerName(string userName) { DirectoryEntry entry = new DirectoryEntry(LDAPAddress,username, Password); // Create a DirectorySearcher object. DirectorySearcher mySearcher = new DirectorySearcher(entry); mySearcher.Filter = string.Format("(&(sAMAccountName={0}))", userName); mySearcher.SearchScope = SearchScope.Subtree; //Search from base down to ALL children. SearchResultCollection result = mySearcher.FindAll(); if (result.Count == 0) throw new ApplicationException(string.Format("User '{0}' Not Found in Active Directory.", userName)); return result[0].GetDirectoryEntry().Name.Replace("CN=",string.Empty); }

    What am I missing?

    How to fix this?

    Thanks

    Wednesday, July 30, 2014 10:38 AM

All replies

  • User-166373564 posted

    Hi venkatzeus,

    Could you post the error message you got? I think it will give us some hints why this happens.

    Regards

    Angie 

    Sunday, August 3, 2014 11:19 PM
  • User-73514677 posted

    Hi,

    I am not getting any error message.

    Thanks

    Monday, August 4, 2014 8:31 AM
  • User-73514677 posted

    Hi,

    Any solution for this? There is no error message,, result variable count is 0.

            DirectoryEntry entry = new DirectoryEntry(LDAPAddress, LDAPusername, LDAPPassword);
                // Create a DirectorySearcher object.
                DirectorySearcher mySearcher = new DirectorySearcher(entry);
    
                string LDAPGroupMemberFilterRecursive = string.Format("(member:1.2.840.113556.1.4.1941:=CN={0},OU=groupsOU,DC=ACEINS,DC=COM)", groupname) ;
    
      mySearcher.Filter = string.Format(LDAPGroupMemberFilterRecursive, GetUserContainerName(username));
                mySearcher.SearchScope = SearchScope.Subtree; //Search from base down to ALL children. 
                SearchResultCollection result = mySearcher.FindAll();
              //result.count is 0 here
                for (int i = 0; i < result.Count ; i++)
                {
                    if (result[i].Path.ToUpper().Contains(string.Format("CN={0}", groupname.ToUpper())))
                        return true; //Success - group found
                }
                //No match found
                return false;
            }
    
     public  string GetUserContainerName(string userName)
            {
                
                DirectoryEntry entry = new DirectoryEntry(LDAPAddress, LDAPusername, LDAPPassword);
                // Create a DirectorySearcher object.
                DirectorySearcher mySearcher = new DirectorySearcher(entry);
                mySearcher.Filter = string.Format("(&(sAMAccountName={0}))", userName);
                mySearcher.SearchScope = SearchScope.Subtree; //Search from base down to ALL children. 
                SearchResultCollection result = mySearcher.FindAll();
                if (result.Count == 0)
                    throw new ApplicationException(string.Format("User '{0}' Not Found in Active Directory.", userName));
                return result[0].GetDirectoryEntry().Name.Replace("CN=",string.Empty);  
            }

    Thanks

    Wednesday, March 23, 2016 3:33 PM
  • User-2009597737 posted

    I replied to your earlier post. The following Stored procedure in SQLSERVER works for me:

    http://www.sqlservercentral.com/scripts/LDAP/61519/

    This is via SQLSERVER and you need to have access to it.

    Friday, April 1, 2016 5:21 PM