• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 548
  • Last Modified:

IIS6 and LDAP

I am in the process of migrating to IIS6 from 5 and am having problems with production code not running on 6. I have set NTFS permissions, IIS permissions, activated ASP, activated Parent paths, set the default scripting language to VBScript, installed SMTP service and configured LDAP Routing to point to my ADS domain. the code is:

IF Request.ServerVariables("AUTH_USER")<>"" THEN
      Set objUser = GetObject("LDAP://CN="&Request.ServerVariables("AUTH_USER")&",CN=XXXX,DC=XXXX,DC=XXXX,DC=XXXX")
      proxyaddresses = objUser.Get("proxyAddresses")
      firstone = 1
      username = objUser.Get("givenname") & " " & objUser.Get("sn")
      vunetid = Request.ServerVariables("AUTH_USER")
end if

If i do a response.write on Request.ServerVariables("AUTH_USER") I do get my authenticated user.
0
longjt
Asked:
longjt
  • 6
  • 5
1 Solution
 
deighcCommented:
What exactly is your problem? Are you getting errors?

When I bind to a user in the AD I do it like this:

set objSysInfo = Server.CreateObject("ADSystemInfo")
set objUser = GetObject("LDAP://" & objSysInfo.UserName)

This uses the built in ADSystemInfo object. Reading the UserName property will give you the LDAP path to the current user in the AD. It's nice because then you know for sure that your LDAP query is correct. I've used this code on both IIS5 on Win2000 and IIS6 on Win2003 and never had any problems.

If this doesn't help let me know the exact nature of your problem.
0
 
longjtAuthor Commented:
The code looks good but I get an error from the IIS server :500. the code it is running is:

set objSysInfo = Server.CreateObject("ADSystemInfo")
set objUser = GetObject("LDAP://" & objSysInfo.UserName)
User=objUser.CN
 
the getobject is where it fails. Could it be a setting on the IIS server?
0
 
deighcCommented:
> Could it be a setting on the IIS server?

Maybe. A permissions thing perhaps.

What type of Authentication is your web app using?
I've only ever used this with Integrated Authentication (sorry, I should've mentioned this earlier).
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
longjtAuthor Commented:
Yes I have Integrated Authentication set for this site, still get the error.
0
 
deighcCommented:
Maybe write out the value of objSysInfo.UserName and make sure it's returning a value.

It should return a LDAP path to the current user's object in the AD.
0
 
longjtAuthor Commented:
Just did that but no go. It has to be something to do with the server.
0
 
deighcCommented:
Hmmmm.

First make sure that the ADSystemInfo is being created successfully:

Response.write TypeName(objUser) should return "Object"
Response.write objUser.Name should return the name of the current user.
0
 
longjtAuthor Commented:
the TypeName(objUser) returned "Empty"
0
 
deighcCommented:
That's bad...

I have no idea why that's happening. The ADSystemInfo object returns info about the local machine (in this case the web server). The UserName property returns the name of the current logged in user. Because you're using Integrated authentication this should be the name of the client user accessing the web app.

So it seems like the client user isn't correctly being authenticated via your web app.

One thing to check (and sorry if seems obvious): is Anonymous access disabled in IIS ? (it should be).
0
 
longjtAuthor Commented:
Yes, to this site it is. would it help to have the site propt for authentication?
0
 
deighcCommented:
> would it help to have the site propt for authentication?

You could try it. But in my own experience I've never had problems with that code when using Integrated authentication.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now