helloaamir
asked on
memberOf attribute not working in LDAP
I just want to get the groups list to which a user belongs using directory services in c#.
I have done as follows:
string AD_Path = "LDAP://dc/DC=test,DC=com"
DirectoryEntry objADEntry = new DirectoryEntry(AD_Path,str
object obj = objADEntry.NativeObject;
DirectorySearcher objADSearcher = new DirectorySearcher(objADEnt
objADSearcher.SearchScope = SearchScope.Subtree;
objADSearcher.Filter = "(&(objectCategory=user)(u
SearchResult result = objADSearcher.FindOne();
ResultPropertyValueCollect
If i see the properties collection of SearchResult i couldnt fine that property, but in different examples people done like that, so tell me plzz how to get this memberOf attribute so that i can know to which groups user belongs.
thanks in Advance.
I have done as follows:
string AD_Path = "LDAP://dc/DC=test,DC=com"
DirectoryEntry objADEntry = new DirectoryEntry(AD_Path,str
object obj = objADEntry.NativeObject;
DirectorySearcher objADSearcher = new DirectorySearcher(objADEnt
objADSearcher.SearchScope = SearchScope.Subtree;
objADSearcher.Filter = "(&(objectCategory=user)(u
SearchResult result = objADSearcher.FindOne();
ResultPropertyValueCollect
If i see the properties collection of SearchResult i couldnt fine that property, but in different examples people done like that, so tell me plzz how to get this memberOf attribute so that i can know to which groups user belongs.
thanks in Advance.
Actually, the code i send you grabs a random user.
change
string AD_Path = "LDAP://dc/DC=TEST,DC=COM"
to
string AD_Path = "LDAP://CN=Some User,CN=Users,DC=test,DC=c
Also, have a look at these pages:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sds/sds/enumerating_user_memberships.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sds/sds/quick_list_for_c__code_examples.asp
hth
Vasco
change
string AD_Path = "LDAP://dc/DC=TEST,DC=COM"
to
string AD_Path = "LDAP://CN=Some User,CN=Users,DC=test,DC=c
Also, have a look at these pages:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sds/sds/enumerating_user_memberships.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sds/sds/quick_list_for_c__code_examples.asp
hth
Vasco
ASKER
i tried the way u described as well, but the SearchResult collection contains 31 properties memberOf is not available in these properties, but the examples which i saw from msdn and from other sites using that property.
The user object to which i am binding is normal Domain Users group user, Is the problem is with member's Gruop.
tell me can i get memberOf attribute by authenticating using Domain Users group member not by Administrator group member, Or only Administrator group member can see this memberOf attribute.
The user object to which i am binding is normal Domain Users group user, Is the problem is with member's Gruop.
tell me can i get memberOf attribute by authenticating using Domain Users group member not by Administrator group member, Or only Administrator group member can see this memberOf attribute.
ASKER
vascov thanks for ur comments, as i mentioned in my previous example, that actually to get memberOf attribute binding authenticator should be in any of following groups
Administrator
Printer Operators
Client Operators
Server Operators
Backup Operators
otherwise we cant get memberOf attribute.
Administrator
Printer Operators
Client Operators
Server Operators
Backup Operators
otherwise we cant get memberOf attribute.
Actually, i can grab my groups from my domain, and i'm a regular user.
Can you post your exact code ?
Vasco
Can you post your exact code ?
Vasco
Helloamir,
Try it with this code:
string alias = "vascov";
DirectorySearcher searcher = new DirectorySearcher();
searcher.Filter = "samAccountName=" + alias;
DirectoryEntry entry = searcher.FindOne().GetDire
Console.WriteLine(entry.Pa
Console.WriteLine(entry.Pr
You'll see that you'll have memberOf as a property.
hth
Vasco
Try it with this code:
string alias = "vascov";
DirectorySearcher searcher = new DirectorySearcher();
searcher.Filter = "samAccountName=" + alias;
DirectoryEntry entry = searcher.FindOne().GetDire
Console.WriteLine(entry.Pa
Console.WriteLine(entry.Pr
You'll see that you'll have memberOf as a property.
hth
Vasco
amir, i didn't have the code in the previous code to show, but if you ask for "memberOf" (entry.Properties[ "memberOf" ] ) you'll have what you wanted.
Vasco
Vasco
ASKER
No,it doesnt show to me if i dont impersonate with a least privillage account so i added myself in printer Operator group then impersonate with IIS Annonymous account,and added myself in iis annonymous account then it should me that.
I followed
ms-help://MS.MSDNQTR.2003A
topic from msdn.
but now the problem which m facing is it authenticate well but after authenticate it doesnt redirect to the page,from which actual request was initiated.
I followed
ms-help://MS.MSDNQTR.2003A
topic from msdn.
but now the problem which m facing is it authenticate well but after authenticate it doesnt redirect to the page,from which actual request was initiated.
Amir,
you didn't mention ASP.NET before. That depends on the configuration of ASP.NET.
I don't understand the language of the article Q316748 :) Is there an equivalent in other languages ?
If you run the code i sent you in a console or window forms app, you'll see that it works.
What's your goal ? Show a user's membership in a web page ?
Vasco
you didn't mention ASP.NET before. That depends on the configuration of ASP.NET.
I don't understand the language of the article Q316748 :) Is there an equivalent in other languages ?
If you run the code i sent you in a console or window forms app, you'll see that it works.
What's your goal ? Show a user's membership in a web page ?
Vasco
ASKER
Thanks Vasco for providing help, I followed ur code in my .aspx page and m running my application on my local iis server, and am a member of Domain Users group. So exactly following ur code it doesnt show me memberOf attribute in the properties of SearchResult collection. So what i found the work around is that i should be a member of some least privillage group , example, Print Operators, Administrator etc . I did that, i added myself in Print Operators group, Now its showing me memberOf attribute now i can authenticate the user.
string AD_Path = "LDAP://dc/DC=test,DC=com"
DirectoryEntry objADEntry = new DirectoryEntry(
AD_Path,
strLoginID,
strPswd,
AuthenticationTypes.Secure
object obj = objADEntry.NativeObject;
DirectorySearcher objADSearcher = new DirectorySearcher(objADEnt
objADSearcher.SearchScope = SearchScope.Subtree;
objADSearcher.Filter = "(&(objectClass=user))";
SearchResult result = objADSearcher.FindOne();
ResultPropertyValueCollect
foreach( object o in valcol )
Console.WriteLine( o.ToString() );
string AD_Path = "LDAP://dc/DC=test,DC=com"
DirectoryEntry objADEntry = new DirectoryEntry(
AD_Path,
strLoginID,
strPswd,
AuthenticationTypes.Secure
object obj = objADEntry.NativeObject;
DirectorySearcher objADSearcher = new DirectorySearcher(objADEnt
objADSearcher.SearchScope = SearchScope.Subtree;
objADSearcher.Filter = "(&(objectClass=user))";
SearchResult result = objADSearcher.FindOne();
ResultPropertyValueCollect
foreach( object o in valcol )
Console.WriteLine( o.ToString() );
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
string AD_Path = "LDAP://dc/DC=test,DC=com"
DirectoryEntry objADEntry = new DirectoryEntry(
AD_Path,
strLoginID,
strPswd,
AuthenticationTypes.Secure
object obj = objADEntry.NativeObject;
DirectorySearcher objADSearcher = new DirectorySearcher(objADEnt
objADSearcher.SearchScope = SearchScope.Subtree;
objADSearcher.Filter = "(&(objectClass=user))";
SearchResult result = objADSearcher.FindOne();
ResultPropertyValueCollect
foreach( object o in valcol )
Console.WriteLine( o.ToString() );
hth
Vasco