Vista - How to retrieve a user name from LDAP after authentication

permalink · 09-29-2008

Hello.
I'm trying to solve a problem with a LDAP query via ASP classic.
I have got a working code that tests if the credential of a user are correct
perfirming an Active Directory authentication. Here are the lines:

on error resume next
strDomainUser="myDomain\myUser"
strPassword="myPassword"
Set objDSObj = GetObject("LDAP:")
Set objAuth =
objDSObj.OpenDSObject("LDAP://SERVER2003/rootDSE",strDomainUser,
strPassword, 1)
Response.Write err.number
if err.number<>0 then
Response.Write "Not authenticated"
else
Response.Write "Authenticated"
end if

Now problem is that I don't know how to retrieve the 'name' of the user from
LDAP having just the UserID (that is in my example 'myUser').
In a real world scenario the web user will be presented an ASP page containg
the usual form with username and password; at the click on a 'submit' button
the above code will be called and I will be able to determine wether the
authentication failed or succeded. Let's suppose that the name assocataed in
Active Directory to 'myUser' is 'John Smith'. Is it possible to make a query
on LDAP, knowing only the userID 'myUser' to retrieve 'John Smith' ?

I thank you in advance for any help

Newcomsas

permalink · 09-29-2008

Newcomsas wrote:

Quote:

> I'm trying to solve a problem with a LDAP query via ASP classic.
> I have got a working code that tests if the credential of a user are
> correct perfirming an Active Directory authentication. Here are the lines:
>
> on error resume next
> strDomainUser="myDomain\myUser"
> strPassword="myPassword"
> Set objDSObj = GetObject("LDAP:")
> Set objAuth =
> objDSObj.OpenDSObject("LDAP://SERVER2003/rootDSE",strDomainUser,
> strPassword, 1)
> Response.Write err.number
> if err.number<>0 then
> Response.Write "Not authenticated"
> else
> Response.Write "Authenticated"
> end if
>
> Now problem is that I don't know how to retrieve the 'name' of the user
> from LDAP having just the UserID (that is in my example 'myUser').
> In a real world scenario the web user will be presented an ASP page
> containg the usual form with username and password; at the click on a
> 'submit' button the above code will be called and I will be able to
> determine wether the authentication failed or succeded. Let's suppose that
> the name assocataed in Active Directory to 'myUser' is 'John Smith'. Is it
> possible to make a query on LDAP, knowing only the userID 'myUser' to
> retrieve 'John Smith' ?
>
> I thank you in advance for any help
>

You can use the NameTranslate object to convert the NT format of the user
name to the Distinguished Name (DN). See this link:

http://www.rlmueller.net/NameTranslateFAQ.htm

I believe the quick example (#6) is just what you need. Once you have the DN
you can bind to the user object and retrieve the value of the cn attribute
(Common Name). Or, you can parse the DN for the value.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

permalink · 09-30-2008

I thank you for the suggestion. Unfortunely the code at the example #6
doesn't work in my case.
Here is how my page looks like now:

strDomainUser="myDomain\testUser"
strPassword="123456"
Set objDSObj = GetObject("LDAP:")
Set objAuth =
objDSObj.OpenDSObject("LDAP://SERVER2003/rootDSE",strDomainUser,
strPassword, 1)
Response.Write err.number
if err.number<>0 then
Response.Write "Not authenticated"
else
Response.Write "Authenticated"
end if

' Constants for the NameTranslate object.

ADS_NAME_INITTYPE_GC = 3
ADS_NAME_TYPE_NT4 = 3
ADS_NAME_TYPE_1779 = 1

' Specify the NetBIOS name of the domain and the NT name of the user.
strNTName = strDomainUser

' Use the NameTranslate object to convert the NT user name to the
' Distinguished Name required for the LDAP provider.
Set objTrans = CreateObject("NameTranslate")

' Initialize NameTranslate by locating the Global Catalog.
objTrans.Init ADS_NAME_INITTYPE_GC, ""
' Use the Set method to specify the NT format of the object name.
objTrans.Set ADS_NAME_TYPE_NT4, strNTName

' Use the Get method to retrieve the RPC 1779 Distinguished Name.
strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)

' Escape any "/" characters with backslash escape character.

' All other characters that need to be escaped will be escaped.

strUserDN = Replace(strUserDN, "/", "\/")

' Bind to the user object in Active Directory with the LDAP provider.
Set objUser = GetObject("LDAP://" & strUserDN)
Response.Write strUserDN

An error (0x8007054B, not better specified) is thrown at this line:

objTrans.Init ADS_NAME_INITTYPE_GC, ""

Could the problem be that I had not impersonated a user to perform the
operation ? I've found a Microsoft article that talked about the creation of
a DLL, in order to logon from an ASP page:

http://support.microsoft.com/default...b;EN-US;248187

Is it really necessary to do such a thing ? I would prefer to keep my system
as simple as possible.

Thank you again for the help.

Newcomsas

permalink · 09-30-2008

Look at #17 in the FAQ I linked. You can specify credentials with
NameTranslate. You would use:

objTrans.InitEx ADS_NAME_INITTYPE_GC, "", strUser, strDomain, strPassword

and specify the user, domain, and password. Unfortunately, if anonymous
access does not work, I don't know of another solution.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

"Newcomsas" <newcomsas@xxxxxx> wrote in message
news:gbsnml$386$1@xxxxxx

Quote:

>I thank you for the suggestion. Unfortunely the code at the example #6
>doesn't work in my case.
> Here is how my page looks like now:
>
>
>
>
> strDomainUser="myDomain\testUser"
> strPassword="123456"
> Set objDSObj = GetObject("LDAP:")
> Set objAuth =
> objDSObj.OpenDSObject("LDAP://SERVER2003/rootDSE",strDomainUser,
> strPassword, 1)
> Response.Write err.number
> if err.number<>0 then
> Response.Write "Not authenticated"
> else
> Response.Write "Authenticated"
> end if
>
> ' Constants for the NameTranslate object.
>
> ADS_NAME_INITTYPE_GC = 3
> ADS_NAME_TYPE_NT4 = 3
> ADS_NAME_TYPE_1779 = 1
>
> ' Specify the NetBIOS name of the domain and the NT name of the user.
> strNTName = strDomainUser
>
> ' Use the NameTranslate object to convert the NT user name to the
> ' Distinguished Name required for the LDAP provider.
> Set objTrans = CreateObject("NameTranslate")
>
> ' Initialize NameTranslate by locating the Global Catalog.
> objTrans.Init ADS_NAME_INITTYPE_GC, ""
> ' Use the Set method to specify the NT format of the object name.
> objTrans.Set ADS_NAME_TYPE_NT4, strNTName
>
> ' Use the Get method to retrieve the RPC 1779 Distinguished Name.
> strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
>
> ' Escape any "/" characters with backslash escape character.
>
> ' All other characters that need to be escaped will be escaped.
>
> strUserDN = Replace(strUserDN, "/", "\/")
>
> ' Bind to the user object in Active Directory with the LDAP provider.
> Set objUser = GetObject("LDAP://" & strUserDN)
> Response.Write strUserDN
>
>
>
>
> An error (0x8007054B, not better specified) is thrown at this line:
>
> objTrans.Init ADS_NAME_INITTYPE_GC, ""
>
> Could the problem be that I had not impersonated a user to perform the
> operation ? I've found a Microsoft article that talked about the creation
> of a DLL, in order to logon from an ASP page:
>
> http://support.microsoft.com/default...b;EN-US;248187
>
> Is it really necessary to do such a thing ? I would prefer to keep my
> system as simple as possible.
>
> Thank you again for the help.
>
> Newcomsas
>
>
>
>
>
>
>
>
>
>

09-29-2008	#1 (permalink)
Newcomsas n/a posts	How to retrieve a user name from LDAP after authentication Hello. I'm trying to solve a problem with a LDAP query via ASP classic. I have got a working code that tests if the credential of a user are correct perfirming an Active Directory authentication. Here are the lines: on error resume next strDomainUser="myDomain\myUser" strPassword="myPassword" Set objDSObj = GetObject("LDAP:") Set objAuth = objDSObj.OpenDSObject("LDAP://SERVER2003/rootDSE",strDomainUser, strPassword, 1) Response.Write err.number if err.number<>0 then Response.Write "Not authenticated" else Response.Write "Authenticated" end if Now problem is that I don't know how to retrieve the 'name' of the user from LDAP having just the UserID (that is in my example 'myUser'). In a real world scenario the web user will be presented an ASP page containg the usual form with username and password; at the click on a 'submit' button the above code will be called and I will be able to determine wether the authentication failed or succeded. Let's suppose that the name assocataed in Active Directory to 'myUser' is 'John Smith'. Is it possible to make a query on LDAP, knowing only the userID 'myUser' to retrieve 'John Smith' ? I thank you in advance for any help Newcomsas
My System Specs

09-29-2008	#2 (permalink)
Richard Mueller [MVP] n/a posts	Re: How to retrieve a user name from LDAP after authentication Newcomsas wrote: Quote: > I'm trying to solve a problem with a LDAP query via ASP classic. > I have got a working code that tests if the credential of a user are > correct perfirming an Active Directory authentication. Here are the lines: > > on error resume next > strDomainUser="myDomain\myUser" > strPassword="myPassword" > Set objDSObj = GetObject("LDAP:") > Set objAuth = > objDSObj.OpenDSObject("LDAP://SERVER2003/rootDSE",strDomainUser, > strPassword, 1) > Response.Write err.number > if err.number<>0 then > Response.Write "Not authenticated" > else > Response.Write "Authenticated" > end if > > Now problem is that I don't know how to retrieve the 'name' of the user > from LDAP having just the UserID (that is in my example 'myUser'). > In a real world scenario the web user will be presented an ASP page > containg the usual form with username and password; at the click on a > 'submit' button the above code will be called and I will be able to > determine wether the authentication failed or succeded. Let's suppose that > the name assocataed in Active Directory to 'myUser' is 'John Smith'. Is it > possible to make a query on LDAP, knowing only the userID 'myUser' to > retrieve 'John Smith' ? > > I thank you in advance for any help > You can use the NameTranslate object to convert the NT format of the user name to the Distinguished Name (DN). See this link: http://www.rlmueller.net/NameTranslateFAQ.htm I believe the quick example (#6) is just what you need. Once you have the DN you can bind to the user object and retrieve the value of the cn attribute (Common Name). Or, you can parse the DN for the value. -- Richard Mueller MVP Directory Services Hilltop Lab - http://www.rlmueller.net --
My System Specs

09-30-2008	#3 (permalink)
Newcomsas n/a posts	Re: How to retrieve a user name from LDAP after authentication I thank you for the suggestion. Unfortunely the code at the example #6 doesn't work in my case. Here is how my page looks like now: strDomainUser="myDomain\testUser" strPassword="123456" Set objDSObj = GetObject("LDAP:") Set objAuth = objDSObj.OpenDSObject("LDAP://SERVER2003/rootDSE",strDomainUser, strPassword, 1) Response.Write err.number if err.number<>0 then Response.Write "Not authenticated" else Response.Write "Authenticated" end if ' Constants for the NameTranslate object. ADS_NAME_INITTYPE_GC = 3 ADS_NAME_TYPE_NT4 = 3 ADS_NAME_TYPE_1779 = 1 ' Specify the NetBIOS name of the domain and the NT name of the user. strNTName = strDomainUser ' Use the NameTranslate object to convert the NT user name to the ' Distinguished Name required for the LDAP provider. Set objTrans = CreateObject("NameTranslate") ' Initialize NameTranslate by locating the Global Catalog. objTrans.Init ADS_NAME_INITTYPE_GC, "" ' Use the Set method to specify the NT format of the object name. objTrans.Set ADS_NAME_TYPE_NT4, strNTName ' Use the Get method to retrieve the RPC 1779 Distinguished Name. strUserDN = objTrans.Get(ADS_NAME_TYPE_1779) ' Escape any "/" characters with backslash escape character. ' All other characters that need to be escaped will be escaped. strUserDN = Replace(strUserDN, "/", "\/") ' Bind to the user object in Active Directory with the LDAP provider. Set objUser = GetObject("LDAP://" & strUserDN) Response.Write strUserDN An error (0x8007054B, not better specified) is thrown at this line: objTrans.Init ADS_NAME_INITTYPE_GC, "" Could the problem be that I had not impersonated a user to perform the operation ? I've found a Microsoft article that talked about the creation of a DLL, in order to logon from an ASP page: http://support.microsoft.com/default...b;EN-US;248187 Is it really necessary to do such a thing ? I would prefer to keep my system as simple as possible. Thank you again for the help. Newcomsas
My System Specs

09-30-2008	#4 (permalink)
Richard Mueller [MVP] n/a posts	Re: How to retrieve a user name from LDAP after authentication Look at #17 in the FAQ I linked. You can specify credentials with NameTranslate. You would use: objTrans.InitEx ADS_NAME_INITTYPE_GC, "", strUser, strDomain, strPassword and specify the user, domain, and password. Unfortunately, if anonymous access does not work, I don't know of another solution. -- Richard Mueller MVP Directory Services Hilltop Lab - http://www.rlmueller.net -- "Newcomsas" <newcomsas@xxxxxx> wrote in message news:gbsnml$386$1@xxxxxx Quote: >I thank you for the suggestion. Unfortunely the code at the example #6 >doesn't work in my case. > Here is how my page looks like now: > > > > > strDomainUser="myDomain\testUser" > strPassword="123456" > Set objDSObj = GetObject("LDAP:") > Set objAuth = > objDSObj.OpenDSObject("LDAP://SERVER2003/rootDSE",strDomainUser, > strPassword, 1) > Response.Write err.number > if err.number<>0 then > Response.Write "Not authenticated" > else > Response.Write "Authenticated" > end if > > ' Constants for the NameTranslate object. > > ADS_NAME_INITTYPE_GC = 3 > ADS_NAME_TYPE_NT4 = 3 > ADS_NAME_TYPE_1779 = 1 > > ' Specify the NetBIOS name of the domain and the NT name of the user. > strNTName = strDomainUser > > ' Use the NameTranslate object to convert the NT user name to the > ' Distinguished Name required for the LDAP provider. > Set objTrans = CreateObject("NameTranslate") > > ' Initialize NameTranslate by locating the Global Catalog. > objTrans.Init ADS_NAME_INITTYPE_GC, "" > ' Use the Set method to specify the NT format of the object name. > objTrans.Set ADS_NAME_TYPE_NT4, strNTName > > ' Use the Get method to retrieve the RPC 1779 Distinguished Name. > strUserDN = objTrans.Get(ADS_NAME_TYPE_1779) > > ' Escape any "/" characters with backslash escape character. > > ' All other characters that need to be escaped will be escaped. > > strUserDN = Replace(strUserDN, "/", "\/") > > ' Bind to the user object in Active Directory with the LDAP provider. > Set objUser = GetObject("LDAP://" & strUserDN) > Response.Write strUserDN > > > > > An error (0x8007054B, not better specified) is thrown at this line: > > objTrans.Init ADS_NAME_INITTYPE_GC, "" > > Could the problem be that I had not impersonated a user to perform the > operation ? I've found a Microsoft article that talked about the creation > of a DLL, in order to logon from an ASP page: > > http://support.microsoft.com/default...b;EN-US;248187 > > Is it really necessary to do such a thing ? I would prefer to keep my > system as simple as possible. > > Thank you again for the help. > > Newcomsas > > > > > > > > > >
My System Specs

Similar Threads
Thread	Forum
Query LDAP to get user Telephone	VB Script
Getting LDAP to work?	Live Mail
LDAP not working	Live Mail
help with LDAP query	PowerShell
LDAP user authentification	PowerShell