Hello.
I'm trying to solve a problem with a LDAP query via ASP classic.
I have got a working code that tests if the credential of a user are correct
perfirming an Active Directory authentication. Here are the lines:

on error resume next
strDomainUser="myDomain\myUser"
strPassword="myPassword"
Set objDSObj = GetObject("LDAP:")
Set objAuth =
objDSObj.OpenDSObject("LDAP://SERVER2003/rootDSE",strDomainUser,
strPassword, 1)
Response.Write err.number
if err.number<>0 then
Response.Write "Not authenticated"
else
Response.Write "Authenticated"
end if

Now problem is that I don't know how to retrieve the 'name' of the user from
LDAP having just the UserID (that is in my example 'myUser').
In a real world scenario the web user will be presented an ASP page containg
the usual form with username and password; at the click on a 'submit' button
the above code will be called and I will be able to determine wether the
authentication failed or succeded. Let's suppose that the name assocataed in
Active Directory to 'myUser' is 'John Smith'. Is it possible to make a query
on LDAP, knowing only the userID 'myUser' to retrieve 'John Smith' ?

I thank you in advance for any help

Newcomsas

Newcomsas wrote:

> I'm trying to solve a problem with a LDAP query via ASP classic.
> I have got a working code that tests if the credential of a user are
> correct perfirming an Active Directory authentication. Here are the lines:
>
> on error resume next
> strDomainUser="myDomain\myUser"
> strPassword="myPassword"
> Set objDSObj = GetObject("LDAP:")
> Set objAuth =
> objDSObj.OpenDSObject("LDAP://SERVER2003/rootDSE",strDomainUser,
> strPassword, 1)
> Response.Write err.number
> if err.number<>0 then
> Response.Write "Not authenticated"
> else
> Response.Write "Authenticated"
> end if
>
> Now problem is that I don't know how to retrieve the 'name' of the user
> from LDAP having just the UserID (that is in my example 'myUser').
> In a real world scenario the web user will be presented an ASP page
> containg the usual form with username and password; at the click on a
> 'submit' button the above code will be called and I will be able to
> determine wether the authentication failed or succeded. Let's suppose that
> the name assocataed in Active Directory to 'myUser' is 'John Smith'. Is it
> possible to make a query on LDAP, knowing only the userID 'myUser' to
> retrieve 'John Smith' ?
>
> I thank you in advance for any help
>

You can use the NameTranslate object to convert the NT format of the user
name to the Distinguished Name (DN). See this link:

http://www.rlmueller.net/NameTranslateFAQ.htm

I believe the quick example (#6) is just what you need. Once you have the DN
you can bind to the user object and retrieve the value of the cn attribute
(Common Name). Or, you can parse the DN for the value.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

I thank you for the suggestion. Unfortunely the code at the example #6
doesn't work in my case.
Here is how my page looks like now:




strDomainUser="myDomain\testUser"
strPassword="123456"
Set objDSObj = GetObject("LDAP:")
Set objAuth =
objDSObj.OpenDSObject("LDAP://SERVER2003/rootDSE",strDomainUser,
strPassword, 1)
Response.Write err.number
if err.number<>0 then
Response.Write "Not authenticated"
else
Response.Write "Authenticated"
end if

' Constants for the NameTranslate object.

ADS_NAME_INITTYPE_GC = 3
ADS_NAME_TYPE_NT4 = 3
ADS_NAME_TYPE_1779 = 1

' Specify the NetBIOS name of the domain and the NT name of the user.
strNTName = strDomainUser

' Use the NameTranslate object to convert the NT user name to the
' Distinguished Name required for the LDAP provider.
Set objTrans = CreateObject("NameTranslate")

' Initialize NameTranslate by locating the Global Catalog.
objTrans.Init ADS_NAME_INITTYPE_GC, ""
' Use the Set method to specify the NT format of the object name.
objTrans.Set ADS_NAME_TYPE_NT4, strNTName

' Use the Get method to retrieve the RPC 1779 Distinguished Name.
strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)

' Escape any "/" characters with backslash escape character.

' All other characters that need to be escaped will be escaped.

strUserDN = Replace(strUserDN, "/", "\/")

' Bind to the user object in Active Directory with the LDAP provider.
Set objUser = GetObject("LDAP://" & strUserDN)
Response.Write strUserDN




An error (0x8007054B, not better specified) is thrown at this line:

objTrans.Init ADS_NAME_INITTYPE_GC, ""

Could the problem be that I had not impersonated a user to perform the
operation ? I've found a Microsoft article that talked about the creation of
a DLL, in order to logon from an ASP page:

http://support.microsoft.com/default...b;EN-US;248187

Is it really necessary to do such a thing ? I would prefer to keep my system
as simple as possible.

Thank you again for the help.

Newcomsas

Look at #17 in the FAQ I linked. You can specify credentials with
NameTranslate. You would use:

objTrans.InitEx ADS_NAME_INITTYPE_GC, "", strUser, strDomain, strPassword

and specify the user, domain, and password. Unfortunately, if anonymous
access does not work, I don't know of another solution.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

"Newcomsas" <newcomsas@xxxxxx> wrote in message
news:gbsnml$386$1@xxxxxx

>I thank you for the suggestion. Unfortunely the code at the example #6
>doesn't work in my case.
> Here is how my page looks like now:
>
>
>
>
> strDomainUser="myDomain\testUser"
> strPassword="123456"
> Set objDSObj = GetObject("LDAP:")
> Set objAuth =
> objDSObj.OpenDSObject("LDAP://SERVER2003/rootDSE",strDomainUser,
> strPassword, 1)
> Response.Write err.number
> if err.number<>0 then
> Response.Write "Not authenticated"
> else
> Response.Write "Authenticated"
> end if
>
> ' Constants for the NameTranslate object.
>
> ADS_NAME_INITTYPE_GC = 3
> ADS_NAME_TYPE_NT4 = 3
> ADS_NAME_TYPE_1779 = 1
>
> ' Specify the NetBIOS name of the domain and the NT name of the user.
> strNTName = strDomainUser
>
> ' Use the NameTranslate object to convert the NT user name to the
> ' Distinguished Name required for the LDAP provider.
> Set objTrans = CreateObject("NameTranslate")
>
> ' Initialize NameTranslate by locating the Global Catalog.
> objTrans.Init ADS_NAME_INITTYPE_GC, ""
> ' Use the Set method to specify the NT format of the object name.
> objTrans.Set ADS_NAME_TYPE_NT4, strNTName
>
> ' Use the Get method to retrieve the RPC 1779 Distinguished Name.
> strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
>
> ' Escape any "/" characters with backslash escape character.
>
> ' All other characters that need to be escaped will be escaped.
>
> strUserDN = Replace(strUserDN, "/", "\/")
>
> ' Bind to the user object in Active Directory with the LDAP provider.
> Set objUser = GetObject("LDAP://" & strUserDN)
> Response.Write strUserDN
>
>
>
>
> An error (0x8007054B, not better specified) is thrown at this line:
>
> objTrans.Init ADS_NAME_INITTYPE_GC, ""
>
> Could the problem be that I had not impersonated a user to perform the
> operation ? I've found a Microsoft article that talked about the creation
> of a DLL, in order to logon from an ASP page:
>
> http://support.microsoft.com/default...b;EN-US;248187
>
> Is it really necessary to do such a thing ? I would prefer to keep my
> system as simple as possible.
>
> Thank you again for the help.
>
> Newcomsas
>
>
>
>
>
>
>
>
>
>