Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

IIS6 and LDAP

Posted on 2004-10-13
11
Medium Priority
?
543 Views
Last Modified: 2012-06-22
I am in the process of migrating to IIS6 from 5 and am having problems with production code not running on 6. I have set NTFS permissions, IIS permissions, activated ASP, activated Parent paths, set the default scripting language to VBScript, installed SMTP service and configured LDAP Routing to point to my ADS domain. the code is:

IF Request.ServerVariables("AUTH_USER")<>"" THEN
      Set objUser = GetObject("LDAP://CN="&Request.ServerVariables("AUTH_USER")&",CN=XXXX,DC=XXXX,DC=XXXX,DC=XXXX")
      proxyaddresses = objUser.Get("proxyAddresses")
      firstone = 1
      username = objUser.Get("givenname") & " " & objUser.Get("sn")
      vunetid = Request.ServerVariables("AUTH_USER")
end if

If i do a response.write on Request.ServerVariables("AUTH_USER") I do get my authenticated user.
0
Comment
Question by:longjt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 15

Accepted Solution

by:
deighc earned 800 total points
ID: 12306378
What exactly is your problem? Are you getting errors?

When I bind to a user in the AD I do it like this:

set objSysInfo = Server.CreateObject("ADSystemInfo")
set objUser = GetObject("LDAP://" & objSysInfo.UserName)

This uses the built in ADSystemInfo object. Reading the UserName property will give you the LDAP path to the current user in the AD. It's nice because then you know for sure that your LDAP query is correct. I've used this code on both IIS5 on Win2000 and IIS6 on Win2003 and never had any problems.

If this doesn't help let me know the exact nature of your problem.
0
 

Author Comment

by:longjt
ID: 12308580
The code looks good but I get an error from the IIS server :500. the code it is running is:

set objSysInfo = Server.CreateObject("ADSystemInfo")
set objUser = GetObject("LDAP://" & objSysInfo.UserName)
User=objUser.CN
 
the getobject is where it fails. Could it be a setting on the IIS server?
0
 
LVL 15

Expert Comment

by:deighc
ID: 12308655
> Could it be a setting on the IIS server?

Maybe. A permissions thing perhaps.

What type of Authentication is your web app using?
I've only ever used this with Integrated Authentication (sorry, I should've mentioned this earlier).
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:longjt
ID: 12308695
Yes I have Integrated Authentication set for this site, still get the error.
0
 
LVL 15

Expert Comment

by:deighc
ID: 12308733
Maybe write out the value of objSysInfo.UserName and make sure it's returning a value.

It should return a LDAP path to the current user's object in the AD.
0
 

Author Comment

by:longjt
ID: 12308765
Just did that but no go. It has to be something to do with the server.
0
 
LVL 15

Expert Comment

by:deighc
ID: 12308857
Hmmmm.

First make sure that the ADSystemInfo is being created successfully:

Response.write TypeName(objUser) should return "Object"
Response.write objUser.Name should return the name of the current user.
0
 

Author Comment

by:longjt
ID: 12308911
the TypeName(objUser) returned "Empty"
0
 
LVL 15

Expert Comment

by:deighc
ID: 12309015
That's bad...

I have no idea why that's happening. The ADSystemInfo object returns info about the local machine (in this case the web server). The UserName property returns the name of the current logged in user. Because you're using Integrated authentication this should be the name of the client user accessing the web app.

So it seems like the client user isn't correctly being authenticated via your web app.

One thing to check (and sorry if seems obvious): is Anonymous access disabled in IIS ? (it should be).
0
 

Author Comment

by:longjt
ID: 12309060
Yes, to this site it is. would it help to have the site propt for authentication?
0
 
LVL 15

Expert Comment

by:deighc
ID: 12309100
> would it help to have the site propt for authentication?

You could try it. But in my own experience I've never had problems with that code when using Integrated authentication.
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I would like to start this tip/trick by saying Thank You, to all who said that this could not be done, as it forced me to make sure that it could be accomplished. :) To start, I want to make sure everyone understands the importance of utilizing p…
Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question