locked
Cross-Forests LDAP Connection string RRS feed

  • Question

  • User-1778886131 posted

    Hi,

    Is it possible to have a LDAP connection string that searches across forests?

    If I have 2 forests: forest A with domain A, forest B with domain B, there is a one-way trust between domain A and domain B.

    Domain B is the trusted domain, domain A is the trusting domain.

    Can I write a LDAP connection string that binds to domain A but able to forward users searches to domain B?

    eg: LDAP://domainA - forward searches to domain B if authenticating with domain B users or LDAP://domainA/DC=domainB

    Sunday, August 26, 2012 11:38 PM

All replies

  • User633205417 posted

    Here is you solution

    string ldapBase = "LDAP://DC_DNS_NAME:389/";
    string sFromWhere = ldapBase + "rootDSE";
    DirectoryEntry root = new DirectoryEntry(sFromWhere, "AdminLogin", "PWD");
    string configurationNamingContext = root.Properties["configurationNamingContext"][0].ToString();
    
    /* Retreiving the root of all the domains
     */
    sFromWhere = ldapBase + configurationNamingContext;
    DirectoryEntry deBase = new DirectoryEntry(sFromWhere, "AdminLogin", "PWD");
    
    DirectorySearcher dsLookForDomain = new DirectorySearcher(deBase);
    dsLookForDomain.Filter = "(&(objectClass=crossRef)(nETBIOSName=*))";
    dsLookForDomain.SearchScope = SearchScope.Subtree;
    dsLookForDomain.PropertiesToLoad.Add("nCName");
    dsLookForDomain.PropertiesToLoad.Add("dnsRoot");
    
    SearchResultCollection srcDomains = dsLookForDomain.FindAll();
    
    foreach (SearchResult aSRDomain in srcDomains)
    {
    }


    Then foreach domain, you can look for what you need.

    Wednesday, September 26, 2012 9:39 AM
  • User-1778886131 posted

    Thank You! I used the following to do authentication:

     

        DirectoryEntry root = new DirectoryEntry(
            adsPath,
            username,
            password,
            AuthenticationTypes.Secure
            | AuthenticationTypes.FastBind
            );
    
         try{
                object tmp = root.NativeObject;
                return true;
            }
    

    It works ok - What do you reckon about the approach above?

    http://forums.asp.net/t/1832296.aspx/1?ActiveDirectoryMembershipProvider+class+across+multiple+domains

     

    Wednesday, September 26, 2012 10:11 PM