Solved

LDAP lookup works for some users but not for others

Posted on 2009-03-30
4
631 Views
Last Modified: 2012-05-06
Hi
I created an ASP.NET website for our intranet and one of the things it does is takes the PC login name and finds the Display Name from Active Directory.

So say for example I login to our domain
username hmcgeehan
domain harry-corp

Now this works fine for me and some users it returns the correct display name but for some users it's not finding a display name. It returns "name not found"

Any ideas?

Thanks
H

Public Shared Function getFullnameFromLogonUser(ByVal logonUser As String) As String
 

        Try
 

            Dim rootDirectoryEntry As DirectoryEntry = New DirectoryEntry("LDAP://harry-corp.net/OU=Users,OU=Accounts,DC=harry-corp,DC=net")

            

            Dim directorySearcher As DirectorySearcher = New DirectorySearcher(rootDirectoryEntry)

            Dim searchResultCollection As SearchResultCollection

            Dim searchResult As SearchResult
 

            directorySearcher.Sort = New SortOption("cn", SortDirection.Ascending)

            directorySearcher.Filter = "(userPrincipalName=" + logonUser + "@harry-corp.net)"

            directorySearcher.PropertiesToLoad.Add("cn")

            searchResultCollection = directorySearcher.FindAll
 

            For Each searchResult In searchResultCollection
 

                Return searchResult.GetDirectoryEntry().Properties("cn").Value
 

            Next
 
 

            Dim rootDirectoryEntry2 As DirectoryEntry = New DirectoryEntry("LDAP://harry-corp.net/OU=Test Users,OU=Test Accounts2,DC=harry-corp,DC=net")

            

            Dim directorySearcher2 As DirectorySearcher = New DirectorySearcher(rootDirectoryEntry2)

            Dim searchResultCollection2 As SearchResultCollection

            Dim searchResult2 As SearchResult
 

            directorySearcher2.Sort = New SortOption("cn", SortDirection.Ascending)

            directorySearcher2.Filter = "(userPrincipalName=" + logonUser + "@harry-corp.net)"

            directorySearcher2.PropertiesToLoad.Add("cn")

            searchResultCollection2 = directorySearcher2.FindAll
 

            For Each searchResult2 In searchResultCollection2
 

                Return searchResult2.GetDirectoryEntry().Properties("cn").Value
 

            Next
 

            Dim rootDirectoryEntry3 As DirectoryEntry = New DirectoryEntry("LDAP://harry-corp.net/OU=Users,OU=Accounts2,DC=harry-corp,DC=net")

            

            Dim directorySearcher3 As DirectorySearcher = New DirectorySearcher(rootDirectoryEntry3)

            Dim searchResultCollection3 As SearchResultCollection

            Dim searchResult3 As SearchResult
 

            directorySearcher3.Sort = New SortOption("cn", SortDirection.Ascending)

            directorySearcher3.Filter = "(userPrincipalName=" + logonUser + "@harry-corp.net)"

            directorySearcher3.PropertiesToLoad.Add("cn")

            searchResultCollection3 = directorySearcher3.FindAll
 

            For Each searchResult3 In searchResultCollection3
 

                Return searchResult3.GetDirectoryEntry().Properties("cn").Value
 

            Next
 

            Return "name not found"
 

        Catch

            Return "error"

        End Try
 

    End Function

Open in new window

0
Comment
Question by:hmcgeehan
  • 2
  • 2
4 Comments
 
LVL 27

Expert Comment

by:nmarun
ID: 24018905
Please see if this works:

If not, try generalizing your LDAP connection string to:
LDAP://harry-corp.net/DC=harry-corp,DC=net

This could result in you making only one call for all users irrespective of their OU's.

Public Shared Function getFullnameFromLogonUser(ByVal logonUser As String) As String

 

        Try

 

            Dim rootDirectoryEntry As DirectoryEntry = New DirectoryEntry("LDAP://harry-corp.net/OU=Users,OU=Accounts,DC=harry-corp,DC=net")

            

            Dim directorySearcher As DirectorySearcher = New DirectorySearcher(rootDirectoryEntry)

            Dim searchResultCollection As SearchResultCollection

            Dim searchResult As SearchResult

 

            directorySearcher.Sort = New SortOption("cn", SortDirection.Ascending)

            directorySearcher.Filter = "(userPrincipalName=" + logonUser + "@harry-corp.net)"

            directorySearcher.PropertiesToLoad.Add("cn")

            searchResultCollection = directorySearcher.FindAll

            

            Dim userFound as bool = False

            Dim userFullName as String = String.Empty

 

            For Each searchResult As SearchResult In searchResultCollection

 		If searchResult.Properties("cn").Count > 0 Then

	                userFullName = searchResult.GetDirectoryEntry().Properties("cn").Value

	                userFound = True

	                Exit For

	        End If

            Next

 

 	    If userFound = False Then

 

		    Dim rootDirectoryEntry2 As DirectoryEntry = New DirectoryEntry("LDAP://harry-corp.net/OU=Test Users,OU=Test Accounts2,DC=harry-corp,DC=net")
 

		    Dim directorySearcher2 As DirectorySearcher = New DirectorySearcher(rootDirectoryEntry2)

		    Dim searchResultCollection2 As SearchResultCollection

		    Dim searchResult2 As SearchResult
 

		    directorySearcher2.Sort = New SortOption("cn", SortDirection.Ascending)

		    directorySearcher2.Filter = "(userPrincipalName=" + logonUser + "@harry-corp.net)"

		    directorySearcher2.PropertiesToLoad.Add("cn")

		    searchResultCollection2 = directorySearcher2.FindAll
 

		    For Each searchResult As SearchResult In searchResultCollection

			If searchResult.Properties("cn").Count > 0 Then

				userFullName = searchResult.GetDirectoryEntry().Properties("cn").Value

				userFound = True

				Exit For

			End If

		    Next

	    End If

	    

	    If userFound = False Then

 

		    Dim rootDirectoryEntry3 As DirectoryEntry = New DirectoryEntry("LDAP://harry-corp.net/OU=Users,OU=Accounts2,DC=harry-corp,DC=net")
 

		    Dim directorySearcher3 As DirectorySearcher = New DirectorySearcher(rootDirectoryEntry3)

		    Dim searchResultCollection3 As SearchResultCollection

		    Dim searchResult3 As SearchResult
 

		    directorySearcher3.Sort = New SortOption("cn", SortDirection.Ascending)

		    directorySearcher3.Filter = "(userPrincipalName=" + logonUser + "@harry-corp.net)"

		    directorySearcher3.PropertiesToLoad.Add("cn")

		    searchResultCollection3 = directorySearcher3.FindAll
 

		    For Each searchResult As SearchResult In searchResultCollection

			If searchResult.Properties("cn").Count > 0 Then

				userFullName = searchResult.GetDirectoryEntry().Properties("cn").Value

				userFound = True

				Exit For

			End If

		    Next

	    End If

 

 	    If userFound = False Then

            	userFullName = "name not found"

            End If

            

            Return userFullName

 

        Catch

            Return "error"

        End Try

 

    End Function

Open in new window

0
 

Author Comment

by:hmcgeehan
ID: 24019874
I've worked out that - for the users it wasn't finding in AD - it was crashing out and the exception I caught said An Operations Error Has Occured.

Thanks

nmarun I will try your sggestion now thanks
0
 

Accepted Solution

by:
hmcgeehan earned 0 total points
ID: 24020134
I just noticed that in the web.config
<identity impersonate="true"/>

I changed this to
<identity impersonate="false"/>
and it seems to work now.

I don't fully understand why that worked!

The thing is the users who were getting errors with the .net page were in a specific OU of Active Directory.
Maybe when impersonate was set to true the web page ran under their login details and they didn't have the permissions to do an LDAP lookup?

thanks
0
 
LVL 27

Expert Comment

by:nmarun
ID: 24020203
That is weird. As you said, these users might be missing some permissions to do a LDAP lookup. Please assign points to your post and mark this issue for PAQ.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses the ASP.NET AJAX ModalPopupExtender control. In this article we will show how to use the ModalPopupExtender control, how to display/show/call the ASP.NET AJAX ModalPopupExtender control from javascript, how to show/display/cal…
One of the pain points with developing AJAX, JavaScript, JQuery, and other client-side behaviors is that JavaScript doesn’t allow for cross domain request for pulling content. For example, JavaScript code on www.johnchapman.name could not pull conte…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now