LDAPMBS and Active Directory

  1. 4 months ago

    Jukka L

    Jun 8 Pre-Release Testers, Xojo Pro

    Hi,

    I am using LDAPMBS against Active Directory and it works fine.
    There are some examples I use:

    dim l as new LDAPMBS("ad.domain.fi", 389)
    if l.Lasterror <> 0 then
      MsgBox "LDAP Error "+str(l.Lasterror)
      return
    end if
    
    // Authentication with testuser
    l.Bind "testuser@domain.fi", "password", l.kAuthSimple
    if l.Lasterror <> 0 then
      MsgBox "Bind Error "+str(l.Lasterror)
      return
    end if
    
    // Info about "testuser"
    dim about() As Dictionary = l.Search("OU=company,DC=domain,DC=fi", l.kScopeSubtree, "(samAccountName=testuser)", array("distinguishedName", "cn", "displayName", "mail"))
    if l.Lasterror <> 0 then
      MsgBox "UserInfo Error "+str(l.Lasterror)
      return
    end if
    
    // list of members in "somegroup"
    dim results() as Dictionary = l.Search("CN=somegroup,OU=Groups,OU=company,DC=domain,DC=fi", l.kScopeSubtree, "(objectclass=*)", array("member"))
    if l.Lasterror <> 0 then
      MsgBox "Search Error "+str(l.Lasterror)
      return
    end if

    I'm trying to check if testuser is member of somegroup. There is enough information to check it now looping thru members list.
    There is still problem with nested group because this seartch just list nested groups (not users inside nested groups) with users.
    But I'm thinking there must be some way to check with ldap if testuser is memberOf somegroup. And this would solve the problem with nested groups also.

    So if there is someone who knows AD and winldap, please share Your wisdom :)

    Jukka

    ..continue my monologue
    Got it working. Error was my search base. It has to be root for nested groups, so I removed OU=Company and now nested groups works also.

    dim about() As Dictionary = l.Search("DC=domain,DC=fi", l.kScopeSubtree, "(&(objectCategory=person)(sAMAccountName=testuser)(memberOf:1.2.840.113556.1.4.1941:=CN=somegroup,OU=Groups,OU=company,DC=domain,DC=fi))", array("distinguishedName", "cn", "displayName", "mail"))
  2. Alexis C

    Jun 8 Pre-Release Testers, Xojo Pro Puerto Rico, USA

    Hi
    who you now is domain connection is l.kAuthSimple or no

    i have the same code but no validate any user

  3. Jukka L

    Jun 8 Pre-Release Testers, Xojo Pro

    What errorcode do you get?
    Do you give username as samAccountName@domain?
    It should work that way.

  4. Alexis C

    Jun 8 Pre-Release Testers, Xojo Pro Puerto Rico, USA

    yes user@domain.local
    error -1 and -6

  5. Jukka L

    Jun 13 Pre-Release Testers, Xojo Pro

    Ok, this returns info about user only if he's member of somegroup:

    dim about() As Dictionary = l.Search("OU=company,DC=domain,DC=fi", l.kScopeSubtree, "(&(objectCategory=person)(sAMAccountName=testuser)(memberOf=CN=somegroup,OU=Groups,OU=company,DC=domain,DC=fi))", array("distinguishedName", "cn", "displayName", "mail"))

    It does not work with nested groups. If I change:

    memberOf

    to:

    memberOf:1.2.840.113556.1.4.1941:

    should support nested groups but I coudn't get it to work. I can live with that.

  6. Jukka L

    Jun 13 Pre-Release Testers, Xojo Pro Answer

    ..continue my monologue
    Got it working. Error was my search base. It has to be root for nested groups, so I removed OU=Company and now nested groups works also.

    dim about() As Dictionary = l.Search("DC=domain,DC=fi", l.kScopeSubtree, "(&(objectCategory=person)(sAMAccountName=testuser)(memberOf:1.2.840.113556.1.4.1941:=CN=somegroup,OU=Groups,OU=company,DC=domain,DC=fi))", array("distinguishedName", "cn", "displayName", "mail"))

or Sign Up to reply!