Solved

LDAP lookup works for some users but not for others

Posted on 2009-03-30
4
649 Views
Last Modified: 2012-05-06
Hi
I created an ASP.NET website for our intranet and one of the things it does is takes the PC login name and finds the Display Name from Active Directory.

So say for example I login to our domain
username hmcgeehan
domain harry-corp

Now this works fine for me and some users it returns the correct display name but for some users it's not finding a display name. It returns "name not found"

Any ideas?

Thanks
H

Public Shared Function getFullnameFromLogonUser(ByVal logonUser As String) As String
 
        Try
 
            Dim rootDirectoryEntry As DirectoryEntry = New DirectoryEntry("LDAP://harry-corp.net/OU=Users,OU=Accounts,DC=harry-corp,DC=net")
            
            Dim directorySearcher As DirectorySearcher = New DirectorySearcher(rootDirectoryEntry)
            Dim searchResultCollection As SearchResultCollection
            Dim searchResult As SearchResult
 
            directorySearcher.Sort = New SortOption("cn", SortDirection.Ascending)
            directorySearcher.Filter = "(userPrincipalName=" + logonUser + "@harry-corp.net)"
            directorySearcher.PropertiesToLoad.Add("cn")
            searchResultCollection = directorySearcher.FindAll
 
            For Each searchResult In searchResultCollection
 
                Return searchResult.GetDirectoryEntry().Properties("cn").Value
 
            Next
 
 
            Dim rootDirectoryEntry2 As DirectoryEntry = New DirectoryEntry("LDAP://harry-corp.net/OU=Test Users,OU=Test Accounts2,DC=harry-corp,DC=net")
            
            Dim directorySearcher2 As DirectorySearcher = New DirectorySearcher(rootDirectoryEntry2)
            Dim searchResultCollection2 As SearchResultCollection
            Dim searchResult2 As SearchResult
 
            directorySearcher2.Sort = New SortOption("cn", SortDirection.Ascending)
            directorySearcher2.Filter = "(userPrincipalName=" + logonUser + "@harry-corp.net)"
            directorySearcher2.PropertiesToLoad.Add("cn")
            searchResultCollection2 = directorySearcher2.FindAll
 
            For Each searchResult2 In searchResultCollection2
 
                Return searchResult2.GetDirectoryEntry().Properties("cn").Value
 
            Next
 
            Dim rootDirectoryEntry3 As DirectoryEntry = New DirectoryEntry("LDAP://harry-corp.net/OU=Users,OU=Accounts2,DC=harry-corp,DC=net")
            
            Dim directorySearcher3 As DirectorySearcher = New DirectorySearcher(rootDirectoryEntry3)
            Dim searchResultCollection3 As SearchResultCollection
            Dim searchResult3 As SearchResult
 
            directorySearcher3.Sort = New SortOption("cn", SortDirection.Ascending)
            directorySearcher3.Filter = "(userPrincipalName=" + logonUser + "@harry-corp.net)"
            directorySearcher3.PropertiesToLoad.Add("cn")
            searchResultCollection3 = directorySearcher3.FindAll
 
            For Each searchResult3 In searchResultCollection3
 
                Return searchResult3.GetDirectoryEntry().Properties("cn").Value
 
            Next
 
            Return "name not found"
 
        Catch
            Return "error"
        End Try
 
    End Function

Open in new window

0
Comment
Question by:hmcgeehan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 27

Expert Comment

by:nmarun
ID: 24018905
Please see if this works:

If not, try generalizing your LDAP connection string to:
LDAP://harry-corp.net/DC=harry-corp,DC=net

This could result in you making only one call for all users irrespective of their OU's.

Public Shared Function getFullnameFromLogonUser(ByVal logonUser As String) As String
 
        Try
 
            Dim rootDirectoryEntry As DirectoryEntry = New DirectoryEntry("LDAP://harry-corp.net/OU=Users,OU=Accounts,DC=harry-corp,DC=net")
            
            Dim directorySearcher As DirectorySearcher = New DirectorySearcher(rootDirectoryEntry)
            Dim searchResultCollection As SearchResultCollection
            Dim searchResult As SearchResult
 
            directorySearcher.Sort = New SortOption("cn", SortDirection.Ascending)
            directorySearcher.Filter = "(userPrincipalName=" + logonUser + "@harry-corp.net)"
            directorySearcher.PropertiesToLoad.Add("cn")
            searchResultCollection = directorySearcher.FindAll
            
            Dim userFound as bool = False
            Dim userFullName as String = String.Empty
 
            For Each searchResult As SearchResult In searchResultCollection
 		If searchResult.Properties("cn").Count > 0 Then
	                userFullName = searchResult.GetDirectoryEntry().Properties("cn").Value
	                userFound = True
	                Exit For
	        End If
            Next
 
 	    If userFound = False Then
 
		    Dim rootDirectoryEntry2 As DirectoryEntry = New DirectoryEntry("LDAP://harry-corp.net/OU=Test Users,OU=Test Accounts2,DC=harry-corp,DC=net")
 
		    Dim directorySearcher2 As DirectorySearcher = New DirectorySearcher(rootDirectoryEntry2)
		    Dim searchResultCollection2 As SearchResultCollection
		    Dim searchResult2 As SearchResult
 
		    directorySearcher2.Sort = New SortOption("cn", SortDirection.Ascending)
		    directorySearcher2.Filter = "(userPrincipalName=" + logonUser + "@harry-corp.net)"
		    directorySearcher2.PropertiesToLoad.Add("cn")
		    searchResultCollection2 = directorySearcher2.FindAll
 
		    For Each searchResult As SearchResult In searchResultCollection
			If searchResult.Properties("cn").Count > 0 Then
				userFullName = searchResult.GetDirectoryEntry().Properties("cn").Value
				userFound = True
				Exit For
			End If
		    Next
	    End If
	    
	    If userFound = False Then
 
		    Dim rootDirectoryEntry3 As DirectoryEntry = New DirectoryEntry("LDAP://harry-corp.net/OU=Users,OU=Accounts2,DC=harry-corp,DC=net")
 
		    Dim directorySearcher3 As DirectorySearcher = New DirectorySearcher(rootDirectoryEntry3)
		    Dim searchResultCollection3 As SearchResultCollection
		    Dim searchResult3 As SearchResult
 
		    directorySearcher3.Sort = New SortOption("cn", SortDirection.Ascending)
		    directorySearcher3.Filter = "(userPrincipalName=" + logonUser + "@harry-corp.net)"
		    directorySearcher3.PropertiesToLoad.Add("cn")
		    searchResultCollection3 = directorySearcher3.FindAll
 
		    For Each searchResult As SearchResult In searchResultCollection
			If searchResult.Properties("cn").Count > 0 Then
				userFullName = searchResult.GetDirectoryEntry().Properties("cn").Value
				userFound = True
				Exit For
			End If
		    Next
	    End If
 
 	    If userFound = False Then
            	userFullName = "name not found"
            End If
            
            Return userFullName
 
        Catch
            Return "error"
        End Try
 
    End Function

Open in new window

0
 

Author Comment

by:hmcgeehan
ID: 24019874
I've worked out that - for the users it wasn't finding in AD - it was crashing out and the exception I caught said An Operations Error Has Occured.

Thanks

nmarun I will try your sggestion now thanks
0
 

Accepted Solution

by:
hmcgeehan earned 0 total points
ID: 24020134
I just noticed that in the web.config
<identity impersonate="true"/>

I changed this to
<identity impersonate="false"/>
and it seems to work now.

I don't fully understand why that worked!

The thing is the users who were getting errors with the .net page were in a specific OU of Active Directory.
Maybe when impersonate was set to true the web page ran under their login details and they didn't have the permissions to do an LDAP lookup?

thanks
0
 
LVL 27

Expert Comment

by:nmarun
ID: 24020203
That is weird. As you said, these users might be missing some permissions to do a LDAP lookup. Please assign points to your post and mark this issue for PAQ.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this Article, I will provide a few tips in problem and solution manner. Opening an ASPX page in Visual studio 2003 is very slow. To make it fast, please do follow below steps:   Open the Solution/Project. Right click the ASPX file to b…
In .NET 2.0, Microsoft introduced the Web Site.  This was the default way to create a web Project in Visual Studio 2005.  In Visual Studio 2008, the Web Application has been restored as the default web Project in Visual Studio/.NET 3.x The Web Si…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question