LDAP Not all users returning Memberof information Asp.Net
I am using asp.net 2.0 with C#. I am authenticating users against LDAP and that is working fine. Once they are authenticated, I want to pull more information from LDAP, however, I have noticed that not all users will return information such as memberof. I am however able to get the displayName. I have the LDAP connection string in the web.config file, and I created a special user account that I use to query LDAP. Below is the code that I am using. For some reason not all users will return memberof information.
Please see the attached code snippet.
With the code, the display name is set regardless of the user, the memberOf will only set on certin users. I have looked through my LDAP directory and I do not see a connection between the users that do not show.
Any help would be appreciated.
Thank you.
Please see the attached code snippet.
With the code, the display name is set regardless of the user, the memberOf will only set on certin users. I have looked through my LDAP directory and I do not see a connection between the users that do not show.
Any help would be appreciated.
Thank you.
DirectoryEntry entry = new DirectoryEntry();
DirectorySearcher Dsearch = new DirectorySearcher(entry);
String filterText = "sAMAccountName=" + _userName;
Dsearch.Filter = filterText;
SearchResult sResultSet = Dsearch.FindOne();
if (sResultSet.Properties["displayName"].Count > 0)
{
_displayName = sResultSet.Properties["displayName"][0].ToString();
string memberOF = (String)sResultSet.Properties["memberof"][0];
}ASKER
Thank you for the response. Based on your comments, I added the following code to see if I could pull any other LDAP data from member. Please see the attached code. For some reason the only information being pulled on certain users is the "displayName" property. The code works because I always get a displayName. For some user I get most of the information, for some users I get nothing. Again, thank you, any help would be greatly appreciated.
names[0] = "Given Name = " + sResultSet.Properties["givenName"][0].ToString();
names[1] = "initials = " + sResultSet.Properties["initials"][0].ToString();
names[2] = "sn = " + sResultSet.Properties["sn"][0].ToString();
names[3] = "homemdb = " + sResultSet.Properties["homemdb"][0].ToString();
names[4] = "countrycode = " + sResultSet.Properties["countrycode"][0].ToString();
names[5] = "cn = " + sResultSet.Properties["cn"][0].ToString();
names[6] = "msexchuseraccountcontrol = " + sResultSet.Properties["msexchuseraccountcontrol"][0].ToString();
names[7] = "mailnickname = " + sResultSet.Properties["mailnickname"][0].ToString();
names[8] = "msexchhomeservername = " + sResultSet.Properties["msexchhomeservername"][0].ToString();
names[9] = "msexchhidefromaddresslists = " + sResultSet.Properties["msexchhidefromaddresslists"][0].ToString();
names[10] = "msexchalobjectversion = " + sResultSet.Properties["msexchalobjectversion"][0].ToString();
names[11] = "usncreated = " + sResultSet.Properties["usncreated"][0].ToString();
names[12] = "objectguid = " + sResultSet.Properties["objectguid"][0].ToString();
names[13] = "msexchrequireauthtosendto = " + sResultSet.Properties["msexchrequireauthtosendto"][0].ToString();
names[14] = "whenchanged = " + sResultSet.Properties["whenchanged"][0].ToString();
names[15] = "memberof = " + sResultSet.Properties["memberof"][0].ToString();
names[16] = "accountexpires = " + sResultSet.Properties["accountexpires"][0].ToString();
names[17] = "displayname = " + sResultSet.Properties["displayname"][0].ToString();
names[18] = "primarygroupid = " + sResultSet.Properties["primarygroupid"][0].ToString();
names[19] = "badpwdcount = " + sResultSet.Properties["badpwdcount"][0].ToString();
names[20] = "objectclass = " + sResultSet.Properties["objectclass"][0].ToString();
names[21] = "instancetype = " + sResultSet.Properties["instancetype"][0].ToString();
names[22] = "msmqdigests = " + sResultSet.Properties["msmqdigests"][0].ToString();
names[23] = "objectcategory = " + sResultSet.Properties["objectcategory"][0].ToString();
names[24] = "samaccounttype = " + sResultSet.Properties["samaccounttype"][0].ToString();
names[25] = "whencreated = " + sResultSet.Properties["whencreated"][0].ToString();
names[26] = "lastlogon = " + sResultSet.Properties["lastlogon"][0].ToString();
names[27] = "useraccountcontrol = " + sResultSet.Properties["useraccountcontrol"][0].ToString();
names[28] = "msmqsigncertificates = " + sResultSet.Properties["msmqsigncertificates"][0].ToString();
names[29] = "samaccountname = " + sResultSet.Properties["samaccountname"][0].ToString();
names[30] = "userparameters = " + sResultSet.Properties["userparameters"][0].ToString();
names[31] = "mail = " + sResultSet.Properties["mail"][0].ToString();
names[32] = "msexchmailboxsecuritydescriptor = " + sResultSet.Properties["msexchmailboxsecuritydescriptor"][0].ToString();
names[33] = "adspath = " + sResultSet.Properties["adspath"][0].ToString();
names[34] = "lockouttime = " + sResultSet.Properties["lockouttime"][0].ToString();
names[35] = "homemta = " + sResultSet.Properties["homemta"][0].ToString();
names[36] = "description = " + sResultSet.Properties["description"][0].ToString();
names[37] = "msexchmailboxguid = " + sResultSet.Properties["msexchmailboxguid"][0].ToString();
names[38] = "pwdlastset = " + sResultSet.Properties["pwdlastset"][0].ToString();
names[39] = "logoncount = " + sResultSet.Properties["logoncount"][0].ToString();
names[40] = "codepage = " + sResultSet.Properties["codepage"][0].ToString();
names[41] = "name = " + sResultSet.Properties["name"][0].ToString();
names[42] = "usnchanged = " + sResultSet.Properties["usnchanged"][0].ToString();
names[43] = "legacyexchangedn = " + sResultSet.Properties["legacyexchangedn"][0].ToString();
names[44] = "proxyaddresses = " + sResultSet.Properties["proxyaddresses"][0].ToString();
names[45] = "userprincipalname = " + sResultSet.Properties["userprincipalname"][0].ToString();
names[46] = "admincount = " + sResultSet.Properties["admincount"][0].ToString();
names[47] = "badpasswordtime = " + sResultSet.Properties["badpasswordtime"][0].ToString();
names[48] = "objectsid = " + sResultSet.Properties["objectsid"][0].ToString();
names[49] = "msexchpoliciesincluded = " + sResultSet.Properties["msexchpoliciesincluded"][0].ToString();
names[50] = "mdbusedefaults = " + sResultSet.Properties["mdbusedefaults"][0].ToString();
names[51] = "distinguishedname = " + sResultSet.Properties["distinguishedname"][0].ToString();
names[52] = "showinaddressbook = " + sResultSet.Properties["showinaddressbook"][0].ToString();
names[53] = "givenname = " + sResultSet.Properties["givenname"][0].ToString();
names[54] = "textencodedoraddress = " + sResultSet.Properties["textencodedoraddress"][0].ToString();
names[55] = "lastlogontimestamp = " + sResultSet.Properties["lastlogontimestamp"][0].ToString();
I'd have to guess it was how you were attempting to return / display the values that's at fault. Reading them in like that should work, although some will be pretty useless. If I use the method above and simply write the response to a Label it works.
For memberOf, it's an array, so you'd have to loop through each value rather than just the first index.
Chris
For memberOf, it's an array, so you'd have to loop through each value rather than just the first index.
Chris
ASKER
Thank you again for the reply. Below is the code that I use to display the information. I agree. It should work, and it does for some users. For others I get nothing. I feel that it is a permission issue, but I am not sure were to begin. I used the generic label names for testing just to see what it would return. Do you think it could have to do with the account the manages the asp.net worker thread? I am really at a loss.
lblDisplayName.Text = _displayName;
_fullUserName = DOMAIN_PREFIX + _userName;
lblGroupName.Text = _groupName;
lblLDAPMember.Text = _LDAPMembership;
DateTime myDate = new DateTime();
myDate = DateTime.Now;
lblDate.Text = myDate.ToLongDateString();
Label1.Text = names[0];
Label2.Text = names[1];
Label3.Text = names[2];
Label4.Text = names[3];
Label5.Text = names[4];
Label6.Text = names[5];
Label7.Text = names[6];
Label8.Text = names[7];
Label9.Text = names[8];
Label10.Text = names[9];
Label11.Text = names[10];
Label12.Text = names[11];
Label13.Text = names[12];
Label14.Text = names[13];
Label15.Text = names[14];
Label16.Text = names[15];
Label17.Text = names[16];
Label18.Text = names[17];
Label19.Text = names[18];
Label20.Text = names[19];
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you for the reply, when you suggest that the user have admin access on Active Directory, do you mean the user should have admin access to the server. I am running windows Server 2003. Also, I am using windows authentication. I created a log in page that authenticates against my LDAP. I will make the changes on Monday and reply back. Again, thank you for the suggestion.
I think initially you should understand the concept of impersonation. Pls read this article
http://www.c-sharpcorner.com/UploadFile/manishkdwivedi/impersonation10092007065217AM/impersonation.aspx
http://msdn.microsoft.com/en-us/library/xh507fc5(VS.71).aspx
The user who uses the application does not need to have Admin rights on the Server.
but the problem is with out having admin rights he can not see the memberof() information So,
Use your login screen to authenticate the user, and turn on impersonation.
when you turn on the impersonation No matter who logged in to the application, just uses the user credentials what you have specified in the impersonation node to hit the Active directory.
http://www.c-sharpcorner.com/UploadFile/manishkdwivedi/impersonation10092007065217AM/impersonation.aspx
http://msdn.microsoft.com/en-us/library/xh507fc5(VS.71).aspx
The user who uses the application does not need to have Admin rights on the Server.
but the problem is with out having admin rights he can not see the memberof() information So,
Use your login screen to authenticate the user, and turn on impersonation.
when you turn on the impersonation No matter who logged in to the application, just uses the user credentials what you have specified in the impersonation node to hit the Active directory.
> but the problem is with out having admin rights he can not see the memberof() information So
Yes he can.
All attributes are have authenticated users Read unless that has been explicitly removed on the directory level.
Web Applications do not need to run as Administrator to read the directory.
Chris
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you your help. This worked out perfectly. Again, thank you.
Hey,
If the user is only a member of Domain Users of their Primary Group then memberOf will not return. Primary group membership is evaluated outside of memberOf / member.
Chris