1.    15 Dec 2006 #11
    Tom G. Guest

    Re: Bind to LDAP Directory


    Here's an example to list all accounts in the directory using the Novell
    LDAP library, which can be found here:
    http://forge.novell.com/modules/xfmo...ct/?ldapcsharp. Download the
    lib-v2.1.7.zip file for the library. There are also some great examples in
    C# that you can download.

    [Reflection.Assembly]::LoadFile("C:\dump\CsharpLDAP-v2.1.7\lib-v2.1.7\Novell.Directory.Ldap.dll")
    | out-null
    $ldap = new-object Novell.Directory.Ldap.LdapConnection
    $version = [Novell.Directory.Ldap.LdapConnection]::Ldap_V3
    $port = [Novell.Directory.Ldap.LdapConnection]:efault_Port
    $scope = [Novell.Directory.Ldap.LdapConnection]::Scope_One
    $filter = "(objectclass=*)"
    $attrs = [Novell.Directory.Ldap.LdapConnection]::All_User_Attrs

    $ldap.connect("servername.domain.com", $port)
    $ldap.bind($version, "cn=user,o=orgname,c=US", "password")
    $results = $ldap.Search("o=orgname,c=US", $scope, $filter, $attrs, $true)
    while ($results.hasMore())
    {
    $results.next()
    }
    $ldap.Disconnect()
    $ldap = $null

    Tom G.

    "Alex K. Angelopoulos [MVP]" <aka@online.mvps.org> wrote in message
    news:OG590u4HHHA.420@TK2MSFTNGP06.phx.gbl...
    >I never did see the compiled binary download link; I'll have to go back and
    >look. Care to post a couple of examples of using the library?
    >
    > FYI for anyone else playing with LDAP, Wikipedia seems to have a _lot_ of
    > useful resource links:
    > http://en.wikipedia.org/wiki/LDAP
    >
    >
    > "Tom G." <Tom.Glowacki@Sanford.com> wrote in message
    > news:Onj4TDkHHHA.3616@TK2MSFTNGP06.phx.gbl...
    >> Alex, the Novell library worked very well. It's pretty easy to use and
    >> comes with some good C# examples that are easy to adapt to PowerShell.
    >> Thank you very much for your help.
    >>
    >> Tom G.
    >>
    >> "Alex K. Angelopoulos [MVP]" <aka@online.mvps.org> wrote in message
    >> news:OIC38FhHHHA.1064@TK2MSFTNGP04.phx.gbl...
    >>> "Tom G." <Tom.Glowacki@Sanford.com> wrote in message
    >>> news:OKxmFfgHHHA.2112@TK2MSFTNGP03.phx.gbl...
    >>>> Does anyone have an example that can bind to a directory other than
    >>>> Active Directory?
    >>>
    >>> I don't know of a general LDAP server that I can test against, but there
    >>> are 2 possible ways to approach this. The following is based on the
    >>> assumption that .NET's System.DirectoryServices namespace does not
    >>> support easy "pure" LDAP server access.
    >>>
    >>> (1) Use inline VBScript with the script control.
    >>> This will allow you to directly retrieve an object instance. I can't
    >>> test the OpenDSObject statement, but the following form _should_ work
    >>> with a usable URL. (Bruce Payette talks about in-lining ActiveScript
    >>> languages such as VBScript within PowerShell to do tasks that .NET's COM
    >>> wrappers won't handle).
    >>> Here's an example:
    >>> $sc = New-Object -ComObject MSScriptControl.ScriptControl
    >>> $sc.Language = "VBScript"
    >>> $sc.AddCode('set ldap = GetObject("LDAP:")')
    >>> #next line wraps
    >>> $sc.AddCode('url =
    >>> "LDAP://myserver.mycompany.com/cn=users,o=MyCompany,c=US"')
    >>> $dso = $sc.Eval('ldap.OpenDSObject(url)')
    >>>
    >>> Warning: this may not work very well for getting back something
    >>> functional due to how nasty .NET gets about COM objects it doesn't
    >>> understand. For example, if I try to do this:
    >>>
    >>> $ldap = $sc.Eval('ldap')
    >>> $ldap | gm
    >>>
    >>> I get the dreaded "Get-Member : No object has been specified to
    >>> get-member" error that shows up a lot in COM interop.
    >>>
    >>> IF you want to use method 1 and it gives you this error when you look at
    >>> $dso (as I suspect it will) you'll need to get the data you need within
    >>> VBScript code and turn it into something you can return.
    >>>
    >>> A variation of this is to load the Microsoft.VisualBasic assembly and
    >>> use VB.NET's GetObject from PowerShell instead. This has the same
    >>> problems with COM objects, so I recommend you use another alternative.
    >>>
    >>> (2) Possibly use Novell's generic LDAP server library for .NET
    >>> See the following pages:
    >>> http://www.novell.com/coolsolutions/feature/11204.html
    >>> http://forge.novell.com/modules/xfco...rpLDAP-v2.1.7/
    >>>
    >>> This looks like it should provide working direct access to any
    >>> LDAP-standard server. Since it is also open code (MIT license) it has
    >>> some promise for longterm support. If you want to try this yourself and
    >>> can't find a binary or compile the source, holler.
    >>>

    >>
    >>

    >
    >



      My System SpecsSystem Spec

  2.    27 Dec 2006 #12
    Lance Guest

    Re: Bind to LDAP Directory



    Tom G. wrote:
    > Lance,
    >
    > The NetCmdlets are pretty cool. However, I'm having some trouble
    > authenticating. I need to pass in a username in the format of
    > "cn=userid,o=orgname,c=US". The credential parameter in get-ldap doesn't
    > seem to support this. Any suggestions?
    >


    Just for the benefit of anyone else who was trying this: Tom and I
    have exchanged emails, but for the benefit of anyone else who was
    interested:

    get-ldap and set-ldap allow you to provide authentication info to the
    cmdlet in two ways: 1: through dn and password parameters, or 2:
    through a credential parameter that takes a standard PSCredential
    object.

    The problem with using the credential method was that if you were a non
    Active Directory user, and you didn't have an alias like MyDomain\Lance
    to authenticate with - get-credentials pop-up dialog wouldn't accept
    your full DN as valid input.

    Tom pointed out the "ConsolePrompting" registry string value ("True")
    in HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\, which tells
    get-credentials to take its input from the console instead of the
    pop-up dialog. Doing it this way allows you to specify a full DN as
    the username.

    To bind to the directory server:

    PS> $mycred = get-credential -credential "cn=Lance,ou=Employees,dc=NS"
    ....
    ....
    ....
    PS> get-ldap -server testboy -cred $mycred

    To bind and then search for a user (BillyBob) in the Employees
    organizational unit:

    PS> get-ldap -server testboy -cred $mycred -dn "ou=Employees,dc=NS"
    -search "cn=BillyBob"

    To bind, perform the same search, and return all attributes of the
    user:

    PS> get-ldap -server testboy -cred $mycred -dn "ou=Employees,dc=NS"
    -search "cn=BillyBob" -attr

      My System SpecsSystem Spec

Page 2 of 2 FirstFirst 12

Similar Threads
Thread Forum
can powershell v2 read SUNONE ldap directory ?
microsoft powershell can read microsoft AD. How about reading other vendor's directory eg oracle, sunone, etc
PowerShell
LDAP The directory service is not available
Hi I have a problem with LDAP, I use apache directory server and I would add a new user ....I use Visual Studio and the code is: public static...
General Discussion
Microsoft LDAP Directory pop-up message in Outlook
Hi, I have a very unusual issue on one SBS workstation with Outlook installed. When the user creates an Outlook message and clicks the To button,...
SBS Server
Re: LDAP Interface issue in Active Directory Domain Service
Hi Miles, Thanks for your post. There has been no warning during the past 24 hours. Regards, Rajiv K Khandelwal "Miles Li "...
Vista Forums
LDAP and Active Directory
Hello all and thank you for your time. I have an app that uses DirectorySearcher. Everything works on my localhost using the following path:...
.NET General
in a bind
every time i try to email , I receive a error report stating that host stmp and host imp could not be found . What am I doing wrong
Vista mail
How to bind to a DataRelation in a DataSet
I am trying to display a list of people, and for each person I want to show their corresponding phone numbers. This should be straightforward but it...
Avalon

Our Sites
  • Ten Forums
  • Eight Forums
  • Seven Forums
  • PC Help Forum
  • Help Me Bake
  • Site Links
  • Contact Us
  • Privacy and Cookies
  • About Us
    Windows Vista Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

    Designer Media Ltd
    All times are GMT -5. The time now is 04:57.
    .