Windows Vista Forums

Bind to LDAP Directory

  1. #11


    Tom G. Guest

    Re: Bind to LDAP Directory

    Here's an example to list all accounts in the directory using the Novell
    LDAP library, which can be found here:
    http://forge.novell.com/modules/xfmo...ct/?ldapcsharp. Download the
    lib-v2.1.7.zip file for the library. There are also some great examples in
    C# that you can download.

    [Reflection.Assembly]::LoadFile("C:\dump\CsharpLDAP-v2.1.7\lib-v2.1.7\Novell.Directory.Ldap.dll")
    | out-null
    $ldap = new-object Novell.Directory.Ldap.LdapConnection
    $version = [Novell.Directory.Ldap.LdapConnection]::Ldap_V3
    $port = [Novell.Directory.Ldap.LdapConnection]:efault_Port
    $scope = [Novell.Directory.Ldap.LdapConnection]::Scope_One
    $filter = "(objectclass=*)"
    $attrs = [Novell.Directory.Ldap.LdapConnection]::All_User_Attrs

    $ldap.connect("servername.domain.com", $port)
    $ldap.bind($version, "cn=user,o=orgname,c=US", "password")
    $results = $ldap.Search("o=orgname,c=US", $scope, $filter, $attrs, $true)
    while ($results.hasMore())
    {
    $results.next()
    }
    $ldap.Disconnect()
    $ldap = $null

    Tom G.

    "Alex K. Angelopoulos [MVP]" <aka@online.mvps.org> wrote in message
    news:OG590u4HHHA.420@TK2MSFTNGP06.phx.gbl...
    >I never did see the compiled binary download link; I'll have to go back and
    >look. Care to post a couple of examples of using the library?
    >
    > FYI for anyone else playing with LDAP, Wikipedia seems to have a _lot_ of
    > useful resource links:
    > http://en.wikipedia.org/wiki/LDAP
    >
    >
    > "Tom G." <Tom.Glowacki@Sanford.com> wrote in message
    > news:Onj4TDkHHHA.3616@TK2MSFTNGP06.phx.gbl...
    >> Alex, the Novell library worked very well. It's pretty easy to use and
    >> comes with some good C# examples that are easy to adapt to PowerShell.
    >> Thank you very much for your help.
    >>
    >> Tom G.
    >>
    >> "Alex K. Angelopoulos [MVP]" <aka@online.mvps.org> wrote in message
    >> news:OIC38FhHHHA.1064@TK2MSFTNGP04.phx.gbl...
    >>> "Tom G." <Tom.Glowacki@Sanford.com> wrote in message
    >>> news:OKxmFfgHHHA.2112@TK2MSFTNGP03.phx.gbl...
    >>>> Does anyone have an example that can bind to a directory other than
    >>>> Active Directory?
    >>>
    >>> I don't know of a general LDAP server that I can test against, but there
    >>> are 2 possible ways to approach this. The following is based on the
    >>> assumption that .NET's System.DirectoryServices namespace does not
    >>> support easy "pure" LDAP server access.
    >>>
    >>> (1) Use inline VBScript with the script control.
    >>> This will allow you to directly retrieve an object instance. I can't
    >>> test the OpenDSObject statement, but the following form _should_ work
    >>> with a usable URL. (Bruce Payette talks about in-lining ActiveScript
    >>> languages such as VBScript within PowerShell to do tasks that .NET's COM
    >>> wrappers won't handle).
    >>> Here's an example:
    >>> $sc = New-Object -ComObject MSScriptControl.ScriptControl
    >>> $sc.Language = "VBScript"
    >>> $sc.AddCode('set ldap = GetObject("LDAP:")')
    >>> #next line wraps
    >>> $sc.AddCode('url =
    >>> "LDAP://myserver.mycompany.com/cn=users,o=MyCompany,c=US"')
    >>> $dso = $sc.Eval('ldap.OpenDSObject(url)')
    >>>
    >>> Warning: this may not work very well for getting back something
    >>> functional due to how nasty .NET gets about COM objects it doesn't
    >>> understand. For example, if I try to do this:
    >>>
    >>> $ldap = $sc.Eval('ldap')
    >>> $ldap | gm
    >>>
    >>> I get the dreaded "Get-Member : No object has been specified to
    >>> get-member" error that shows up a lot in COM interop.
    >>>
    >>> IF you want to use method 1 and it gives you this error when you look at
    >>> $dso (as I suspect it will) you'll need to get the data you need within
    >>> VBScript code and turn it into something you can return.
    >>>
    >>> A variation of this is to load the Microsoft.VisualBasic assembly and
    >>> use VB.NET's GetObject from PowerShell instead. This has the same
    >>> problems with COM objects, so I recommend you use another alternative.
    >>>
    >>> (2) Possibly use Novell's generic LDAP server library for .NET
    >>> See the following pages:
    >>> http://www.novell.com/coolsolutions/feature/11204.html
    >>> http://forge.novell.com/modules/xfco...rpLDAP-v2.1.7/
    >>>
    >>> This looks like it should provide working direct access to any
    >>> LDAP-standard server. Since it is also open code (MIT license) it has
    >>> some promise for longterm support. If you want to try this yourself and
    >>> can't find a binary or compile the source, holler.
    >>>

    >>
    >>

    >
    >




      My System SpecsSystem Spec

  2.   


  3. #12


    Lance Guest

    Re: Bind to LDAP Directory


    Tom G. wrote:
    > Lance,
    >
    > The NetCmdlets are pretty cool. However, I'm having some trouble
    > authenticating. I need to pass in a username in the format of
    > "cn=userid,o=orgname,c=US". The credential parameter in get-ldap doesn't
    > seem to support this. Any suggestions?
    >


    Just for the benefit of anyone else who was trying this: Tom and I
    have exchanged emails, but for the benefit of anyone else who was
    interested:

    get-ldap and set-ldap allow you to provide authentication info to the
    cmdlet in two ways: 1: through dn and password parameters, or 2:
    through a credential parameter that takes a standard PSCredential
    object.

    The problem with using the credential method was that if you were a non
    Active Directory user, and you didn't have an alias like MyDomain\Lance
    to authenticate with - get-credentials pop-up dialog wouldn't accept
    your full DN as valid input.

    Tom pointed out the "ConsolePrompting" registry string value ("True")
    in HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\, which tells
    get-credentials to take its input from the console instead of the
    pop-up dialog. Doing it this way allows you to specify a full DN as
    the username.

    To bind to the directory server:

    PS> $mycred = get-credential -credential "cn=Lance,ou=Employees,dc=NS"
    ....
    ....
    ....
    PS> get-ldap -server testboy -cred $mycred

    To bind and then search for a user (BillyBob) in the Employees
    organizational unit:

    PS> get-ldap -server testboy -cred $mycred -dn "ou=Employees,dc=NS"
    -search "cn=BillyBob"

    To bind, perform the same search, and return all attributes of the
    user:

    PS> get-ldap -server testboy -cred $mycred -dn "ou=Employees,dc=NS"
    -search "cn=BillyBob" -attr


      My System SpecsSystem Spec

Page 2 of 2 FirstFirst 12

Bind to LDAP Directory
Similar Threads
Thread Forum
can powershell v2 read SUNONE ldap directory ? PowerShell
LDAP The directory service is not available General Discussion
Microsoft LDAP Directory pop-up message in Outlook SBS Server
Re: LDAP Interface issue in Active Directory Domain Service Vista Forums
LDAP and Active Directory .NET General