![]() |
![]() | ![]() | ![]() | ![]() | ![]() | ![]() | ![]() |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
![]() |
| |
| | #1 (permalink) |
| | How to retrieve a user name from LDAP after authentication Hello. I'm trying to solve a problem with a LDAP query via ASP classic. I have got a working code that tests if the credential of a user are correct perfirming an Active Directory authentication. Here are the lines: on error resume next strDomainUser="myDomain\myUser" strPassword="myPassword" Set objDSObj = GetObject("LDAP:") Set objAuth = objDSObj.OpenDSObject("LDAP://SERVER2003/rootDSE",strDomainUser, strPassword, 1) Response.Write err.number if err.number<>0 then Response.Write "Not authenticated" else Response.Write "Authenticated" end if Now problem is that I don't know how to retrieve the 'name' of the user from LDAP having just the UserID (that is in my example 'myUser'). In a real world scenario the web user will be presented an ASP page containg the usual form with username and password; at the click on a 'submit' button the above code will be called and I will be able to determine wether the authentication failed or succeded. Let's suppose that the name assocataed in Active Directory to 'myUser' is 'John Smith'. Is it possible to make a query on LDAP, knowing only the userID 'myUser' to retrieve 'John Smith' ? I thank you in advance for any help Newcomsas |
My System Specs![]() |
| | #2 (permalink) |
| | Re: How to retrieve a user name from LDAP after authentication Newcomsas wrote: Quote: > I'm trying to solve a problem with a LDAP query via ASP classic. > I have got a working code that tests if the credential of a user are > correct perfirming an Active Directory authentication. Here are the lines: > > on error resume next > strDomainUser="myDomain\myUser" > strPassword="myPassword" > Set objDSObj = GetObject("LDAP:") > Set objAuth = > objDSObj.OpenDSObject("LDAP://SERVER2003/rootDSE",strDomainUser, > strPassword, 1) > Response.Write err.number > if err.number<>0 then > Response.Write "Not authenticated" > else > Response.Write "Authenticated" > end if > > Now problem is that I don't know how to retrieve the 'name' of the user > from LDAP having just the UserID (that is in my example 'myUser'). > In a real world scenario the web user will be presented an ASP page > containg the usual form with username and password; at the click on a > 'submit' button the above code will be called and I will be able to > determine wether the authentication failed or succeded. Let's suppose that > the name assocataed in Active Directory to 'myUser' is 'John Smith'. Is it > possible to make a query on LDAP, knowing only the userID 'myUser' to > retrieve 'John Smith' ? > > I thank you in advance for any help > name to the Distinguished Name (DN). See this link: http://www.rlmueller.net/NameTranslateFAQ.htm I believe the quick example (#6) is just what you need. Once you have the DN you can bind to the user object and retrieve the value of the cn attribute (Common Name). Or, you can parse the DN for the value. -- Richard Mueller MVP Directory Services Hilltop Lab - http://www.rlmueller.net -- |
My System Specs![]() |
| | #3 (permalink) |
| | Re: How to retrieve a user name from LDAP after authentication I thank you for the suggestion. Unfortunely the code at the example #6 doesn't work in my case. Here is how my page looks like now: strDomainUser="myDomain\testUser" strPassword="123456" Set objDSObj = GetObject("LDAP:") Set objAuth = objDSObj.OpenDSObject("LDAP://SERVER2003/rootDSE",strDomainUser, strPassword, 1) Response.Write err.number if err.number<>0 then Response.Write "Not authenticated" else Response.Write "Authenticated" end if ' Constants for the NameTranslate object. ADS_NAME_INITTYPE_GC = 3 ADS_NAME_TYPE_NT4 = 3 ADS_NAME_TYPE_1779 = 1 ' Specify the NetBIOS name of the domain and the NT name of the user. strNTName = strDomainUser ' Use the NameTranslate object to convert the NT user name to the ' Distinguished Name required for the LDAP provider. Set objTrans = CreateObject("NameTranslate") ' Initialize NameTranslate by locating the Global Catalog. objTrans.Init ADS_NAME_INITTYPE_GC, "" ' Use the Set method to specify the NT format of the object name. objTrans.Set ADS_NAME_TYPE_NT4, strNTName ' Use the Get method to retrieve the RPC 1779 Distinguished Name. strUserDN = objTrans.Get(ADS_NAME_TYPE_1779) ' Escape any "/" characters with backslash escape character. ' All other characters that need to be escaped will be escaped. strUserDN = Replace(strUserDN, "/", "\/") ' Bind to the user object in Active Directory with the LDAP provider. Set objUser = GetObject("LDAP://" & strUserDN) Response.Write strUserDN An error (0x8007054B, not better specified) is thrown at this line: objTrans.Init ADS_NAME_INITTYPE_GC, "" Could the problem be that I had not impersonated a user to perform the operation ? I've found a Microsoft article that talked about the creation of a DLL, in order to logon from an ASP page: http://support.microsoft.com/default...b;EN-US;248187 Is it really necessary to do such a thing ? I would prefer to keep my system as simple as possible. Thank you again for the help. Newcomsas |
My System Specs![]() |
| | #4 (permalink) |
| | Re: How to retrieve a user name from LDAP after authentication Look at #17 in the FAQ I linked. You can specify credentials with NameTranslate. You would use: objTrans.InitEx ADS_NAME_INITTYPE_GC, "", strUser, strDomain, strPassword and specify the user, domain, and password. Unfortunately, if anonymous access does not work, I don't know of another solution. -- Richard Mueller MVP Directory Services Hilltop Lab - http://www.rlmueller.net -- "Newcomsas" <newcomsas@xxxxxx> wrote in message news:gbsnml$386$1@xxxxxx Quote: >I thank you for the suggestion. Unfortunely the code at the example #6 >doesn't work in my case. > Here is how my page looks like now: > > > > > strDomainUser="myDomain\testUser" > strPassword="123456" > Set objDSObj = GetObject("LDAP:") > Set objAuth = > objDSObj.OpenDSObject("LDAP://SERVER2003/rootDSE",strDomainUser, > strPassword, 1) > Response.Write err.number > if err.number<>0 then > Response.Write "Not authenticated" > else > Response.Write "Authenticated" > end if > > ' Constants for the NameTranslate object. > > ADS_NAME_INITTYPE_GC = 3 > ADS_NAME_TYPE_NT4 = 3 > ADS_NAME_TYPE_1779 = 1 > > ' Specify the NetBIOS name of the domain and the NT name of the user. > strNTName = strDomainUser > > ' Use the NameTranslate object to convert the NT user name to the > ' Distinguished Name required for the LDAP provider. > Set objTrans = CreateObject("NameTranslate") > > ' Initialize NameTranslate by locating the Global Catalog. > objTrans.Init ADS_NAME_INITTYPE_GC, "" > ' Use the Set method to specify the NT format of the object name. > objTrans.Set ADS_NAME_TYPE_NT4, strNTName > > ' Use the Get method to retrieve the RPC 1779 Distinguished Name. > strUserDN = objTrans.Get(ADS_NAME_TYPE_1779) > > ' Escape any "/" characters with backslash escape character. > > ' All other characters that need to be escaped will be escaped. > > strUserDN = Replace(strUserDN, "/", "\/") > > ' Bind to the user object in Active Directory with the LDAP provider. > Set objUser = GetObject("LDAP://" & strUserDN) > Response.Write strUserDN > > > > > An error (0x8007054B, not better specified) is thrown at this line: > > objTrans.Init ADS_NAME_INITTYPE_GC, "" > > Could the problem be that I had not impersonated a user to perform the > operation ? I've found a Microsoft article that talked about the creation > of a DLL, in order to logon from an ASP page: > > http://support.microsoft.com/default...b;EN-US;248187 > > Is it really necessary to do such a thing ? I would prefer to keep my > system as simple as possible. > > Thank you again for the help. > > Newcomsas > > > > > > > > > > |
My System Specs![]() |
![]() |
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| Query LDAP to get user Telephone | VB Script | |||
| Getting LDAP to work? | Live Mail | |||
| LDAP not working | Live Mail | |||
| help with LDAP query | PowerShell | |||
| LDAP user authentification | PowerShell | |||