ldap

How to connect with Java into Active Directory

Here is a simple code that authenticate and make an LDAP search usin JNDI on a W2K3 : class TestAD { static DirContext ldapContext; public static void main (String[] args) throws NamingException { try { System.out.println(“Début du test Active Directory”); Hashtable<String, String> ldapEnv = new Hashtable<String, String>(11); ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY, “com.sun.jndi.ldap.LdapCtxFactory”); //ldapEnv.put(Context.PROVIDER_URL, “ldap://societe.fr:389”); ldapEnv.put(Context.PROVIDER_URL, “ldap://dom.fr:389”); ldapEnv.put(Context.SECURITY_AUTHENTICATION, “simple”); … Read more

Querying an LDAP

@KenL Almost got me there. I also had to set the AuthenticationType of the DirectoryEntry to get it to work. Also, pay attention to how you are using wildcards (Kleene Stars). DirectoryEntry rootEntry = new DirectoryEntry(“LDAP://some.ldap.server.com”); rootEntry.AuthenticationType = AuthenticationTypes.None; //Or whatever it need be DirectorySearcher searcher = new DirectorySearcher(rootEntry); var queryFormat = “(&(objectClass=user)(objectCategory=person)(|(SAMAccountName=*{0}*)(cn=*{0}*)(gn=*{0}*)(sn=*{0}*)(email=*{0}*)))”; searcher.Filter = … Read more

LDAP root query syntax to search more than one specific OU

You can!!! In short use this as the connection string: ldap://<host>:3268/DC=<my>,DC=<domain>?cn together with your search filter, e.g. (&(sAMAccountName={0})(&((objectCategory=person)(objectclass=user)(mail=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(memberOf:1.2.840.113556.1.4.1941:=CN=<some-special-nested-group>,OU=<ou3>,OU=<ou2>,OU=<ou1>,DC=<dc3>,DC=<dc2>,DC=<dc1>)))) That will search in the so called Global Catalog, that had been available out-of-the-box in our environment. Instead of the known/common other versions (or combinations thereof) that did NOT work in our environment with multiple OUs: ldap://<host>/DC=<my>,DC=<domain> … Read more

How do I resolve “WILL_NOT_PERFORM” MS AD reply when trying to change password in scala w/ the unboundid LDAP SDK?

connection not secure enough Quote from: http://support.microsoft.com/kb/269190 In order to modify this attribute, the client must have a 128-bit Secure Socket Layer (SSL) connection to the server. So even if everything else looks right, you may still get an SvcErr: DSID-03190F4C, problem 5003 (WILL_NOT_PERFORM) if the connection is deemed insecure. lacking admin rights A modify … Read more

Using LDAP for authentication in iOS

I have a port of OpenLDAP with Cyrus-SASL and OpenSSL in my iOS Ports project: https://github.com/bindle/iOSPorts If using Xcode 4.3 or later, please verify that the Xcode commandline tools are installed before using the following instructions. To include LDAP support: Clone the project: git clone git://github.com/bindle/iOSPorts.git Add the project file iOSPorts/ports/database/openldap/openldap.xcodeproj to your Xcode project. … Read more

How to get all the AD groups for a particular user?

You should use System.DirectoryServices.AccountManagement. It’s much easier. Here is a nice code project article giving you an overview on all the classes in this DLL. As you pointed out, your current approach doesn’t find out the primary group. Actually, it’s much worse than you thought. There are some more cases that it doesn’t work, like … Read more

Adding and removing users from Active Directory groups in .NET

Ugh. LDAP. If you’re using the .Net Framework 3.5 or above, I highly recommend using the System.DirectoryServices.AccountManagement namespace. That makes things so much easier. public void AddUserToGroup(string userId, string groupName) { try { using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, “COMPANY”)) { GroupPrincipal group = GroupPrincipal.FindByIdentity(pc, groupName); group.Members.Add(pc, IdentityType.UserPrincipalName, userId); group.Save(); } } catch (System.DirectoryServices.DirectoryServicesCOMException E) … Read more