?
Solved

IIS6 and LDAP

Posted on 2004-10-13
11
Medium Priority
?
540 Views
Last Modified: 2012-06-22
I am in the process of migrating to IIS6 from 5 and am having problems with production code not running on 6. I have set NTFS permissions, IIS permissions, activated ASP, activated Parent paths, set the default scripting language to VBScript, installed SMTP service and configured LDAP Routing to point to my ADS domain. the code is:

IF Request.ServerVariables("AUTH_USER")<>"" THEN
      Set objUser = GetObject("LDAP://CN="&Request.ServerVariables("AUTH_USER")&",CN=XXXX,DC=XXXX,DC=XXXX,DC=XXXX")
      proxyaddresses = objUser.Get("proxyAddresses")
      firstone = 1
      username = objUser.Get("givenname") & " " & objUser.Get("sn")
      vunetid = Request.ServerVariables("AUTH_USER")
end if

If i do a response.write on Request.ServerVariables("AUTH_USER") I do get my authenticated user.
0
Comment
Question by:longjt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 15

Accepted Solution

by:
deighc earned 800 total points
ID: 12306378
What exactly is your problem? Are you getting errors?

When I bind to a user in the AD I do it like this:

set objSysInfo = Server.CreateObject("ADSystemInfo")
set objUser = GetObject("LDAP://" & objSysInfo.UserName)

This uses the built in ADSystemInfo object. Reading the UserName property will give you the LDAP path to the current user in the AD. It's nice because then you know for sure that your LDAP query is correct. I've used this code on both IIS5 on Win2000 and IIS6 on Win2003 and never had any problems.

If this doesn't help let me know the exact nature of your problem.
0
 

Author Comment

by:longjt
ID: 12308580
The code looks good but I get an error from the IIS server :500. the code it is running is:

set objSysInfo = Server.CreateObject("ADSystemInfo")
set objUser = GetObject("LDAP://" & objSysInfo.UserName)
User=objUser.CN
 
the getobject is where it fails. Could it be a setting on the IIS server?
0
 
LVL 15

Expert Comment

by:deighc
ID: 12308655
> Could it be a setting on the IIS server?

Maybe. A permissions thing perhaps.

What type of Authentication is your web app using?
I've only ever used this with Integrated Authentication (sorry, I should've mentioned this earlier).
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:longjt
ID: 12308695
Yes I have Integrated Authentication set for this site, still get the error.
0
 
LVL 15

Expert Comment

by:deighc
ID: 12308733
Maybe write out the value of objSysInfo.UserName and make sure it's returning a value.

It should return a LDAP path to the current user's object in the AD.
0
 

Author Comment

by:longjt
ID: 12308765
Just did that but no go. It has to be something to do with the server.
0
 
LVL 15

Expert Comment

by:deighc
ID: 12308857
Hmmmm.

First make sure that the ADSystemInfo is being created successfully:

Response.write TypeName(objUser) should return "Object"
Response.write objUser.Name should return the name of the current user.
0
 

Author Comment

by:longjt
ID: 12308911
the TypeName(objUser) returned "Empty"
0
 
LVL 15

Expert Comment

by:deighc
ID: 12309015
That's bad...

I have no idea why that's happening. The ADSystemInfo object returns info about the local machine (in this case the web server). The UserName property returns the name of the current logged in user. Because you're using Integrated authentication this should be the name of the client user accessing the web app.

So it seems like the client user isn't correctly being authenticated via your web app.

One thing to check (and sorry if seems obvious): is Anonymous access disabled in IIS ? (it should be).
0
 

Author Comment

by:longjt
ID: 12309060
Yes, to this site it is. would it help to have the site propt for authentication?
0
 
LVL 15

Expert Comment

by:deighc
ID: 12309100
> would it help to have the site propt for authentication?

You could try it. But in my own experience I've never had problems with that code when using Integrated authentication.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference: Let's make the introductions... Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interact…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question