Does anyone know of or have an experience with a class or plugin to authenticate credentials against an LDAP / Active Directory server? There doesn’t seem to be anything in documentation.xojo.com that match “LDAP”. I found some old realbasic topics that hint that there’s a plugin available, and MBS seems to have a mac-only somethingnerother.
I’m sure it’s possible to subclass TCPSocket to do that, but whew… it would be nice to have that already done, for sure.
[quote=34203:@Michael Mars Landis]Does anyone know of or have an experience with a class or plugin to authenticate credentials against an LDAP / Active Directory server? There doesn’t seem to be anything in documentation.xojo.com that match “LDAP”. I found some old realbasic topics that hint that there’s a plugin available, and MBS seems to have a mac-only somethingnerother.
I’m sure it’s possible to subclass TCPSocket to do that, but whew… it would be nice to have that already done, for sure.
I wrote a very basic RB plugin just for the sake of testing LDAP connectivity and learning how to create plugins (that was about 16,734 years ago). It was done on a Mac and it had no features besides a simple bind. No security, no nothing. These are the relevant lines of code. Someone might be interested in taking this somewhere else…
[code]#include “rb_plugin.h” #include <ldap.h>
#define SCOPE LDAP_SCOPE_SUBTREE
static int ldapsimplebindsfunc(REALstring host, int port, REALstring basedn, REALstring password) {
LDAP *ld;
int rc;
int result;
if ((ld = ldap_init(host->CString(), port)) == NULL) {
printf("MDLDAPAuthentication: Initialization Error.");
result = -1;
}
int version = LDAP_VERSION3;
ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version);
rc = ldap_simple_bind_s(ld, basedn->CString(), password->CString());
if (rc != LDAP_SUCCESS) {
fprintf(stderr, "MDLDAPAuthentication (ldap_simple_bind_s: %s\
(REALproc) ldapsimplebindsfunc,
REALnoImplementation,
"ldapsimplebinds(host as String, port as Integer, basedn as String, password as String) as integer"
Using a shell with ldapsearch and CURL, I have been able to achieve simple authentication but not with users in a specific security group within Active Directory (may have my search base wrong).
Is there a plugin or library that would enable editing AD entries and attributes without using a shell?