LDAPMBS and Active Directory

Hi,

I am using LDAPMBS against Active Directory and it works fine.
There are some examples I use:

dim l as new LDAPMBS("ad.domain.fi", 389)
if l.Lasterror <> 0 then
  MsgBox "LDAP Error "+str(l.Lasterror)
  return
end if

// Authentication with testuser
l.Bind "testuser@domain.fi", "password", l.kAuthSimple
if l.Lasterror <> 0 then
  MsgBox "Bind Error "+str(l.Lasterror)
  return
end if

// Info about "testuser"
dim about() As Dictionary = l.Search("OU=company,DC=domain,DC=fi", l.kScopeSubtree, "(samAccountName=testuser)", array("distinguishedName", "cn", "displayName", "mail"))
if l.Lasterror <> 0 then
  MsgBox "UserInfo Error "+str(l.Lasterror)
  return
end if

// list of members in "somegroup"
dim results() as Dictionary = l.Search("CN=somegroup,OU=Groups,OU=company,DC=domain,DC=fi", l.kScopeSubtree, "(objectclass=*)", array("member"))
if l.Lasterror <> 0 then
  MsgBox "Search Error "+str(l.Lasterror)
  return
end if

I’m trying to check if testuser is member of somegroup. There is enough information to check it now looping thru members list.
There is still problem with nested group because this seartch just list nested groups (not users inside nested groups) with users.
But I’m thinking there must be some way to check with ldap if testuser is memberOf somegroup. And this would solve the problem with nested groups also.

So if there is someone who knows AD and winldap, please share Your wisdom :slight_smile:

Jukka

Hi
who you now is domain connection is l.kAuthSimple or no

i have the same code but no validate any user

What errorcode do you get?
Do you give username as samAccountName@domain?
It should work that way.

yes user@domain.local
error -1 and -6

Ok, this returns info about user only if he’s member of somegroup:

dim about() As Dictionary = l.Search("OU=company,DC=domain,DC=fi", l.kScopeSubtree, "(&(objectCategory=person)(sAMAccountName=testuser)(memberOf=CN=somegroup,OU=Groups,OU=company,DC=domain,DC=fi))", array("distinguishedName", "cn", "displayName", "mail"))

It does not work with nested groups. If I change:

memberOf

to:

memberOf:1.2.840.113556.1.4.1941:

should support nested groups but I coudn’t get it to work. I can live with that.

…continue my monologue
Got it working. Error was my search base. It has to be root for nested groups, so I removed OU=Company and now nested groups works also.

dim about() As Dictionary = l.Search("DC=domain,DC=fi", l.kScopeSubtree, "(&(objectCategory=person)(sAMAccountName=testuser)(memberOf:1.2.840.113556.1.4.1941:=CN=somegroup,OU=Groups,OU=company,DC=domain,DC=fi))", array("distinguishedName", "cn", "displayName", "mail"))