Solved

LDAP lookup works for some users but not for others

Posted on 2009-03-30
4
627 Views
Last Modified: 2012-05-06
Hi
I created an ASP.NET website for our intranet and one of the things it does is takes the PC login name and finds the Display Name from Active Directory.

So say for example I login to our domain
username hmcgeehan
domain harry-corp

Now this works fine for me and some users it returns the correct display name but for some users it's not finding a display name. It returns "name not found"

Any ideas?

Thanks
H

Public Shared Function getFullnameFromLogonUser(ByVal logonUser As String) As String
 

        Try
 

            Dim rootDirectoryEntry As DirectoryEntry = New DirectoryEntry("LDAP://harry-corp.net/OU=Users,OU=Accounts,DC=harry-corp,DC=net")

            

            Dim directorySearcher As DirectorySearcher = New DirectorySearcher(rootDirectoryEntry)

            Dim searchResultCollection As SearchResultCollection

            Dim searchResult As SearchResult
 

            directorySearcher.Sort = New SortOption("cn", SortDirection.Ascending)

            directorySearcher.Filter = "(userPrincipalName=" + logonUser + "@harry-corp.net)"

            directorySearcher.PropertiesToLoad.Add("cn")

            searchResultCollection = directorySearcher.FindAll
 

            For Each searchResult In searchResultCollection
 

                Return searchResult.GetDirectoryEntry().Properties("cn").Value
 

            Next
 
 

            Dim rootDirectoryEntry2 As DirectoryEntry = New DirectoryEntry("LDAP://harry-corp.net/OU=Test Users,OU=Test Accounts2,DC=harry-corp,DC=net")

            

            Dim directorySearcher2 As DirectorySearcher = New DirectorySearcher(rootDirectoryEntry2)

            Dim searchResultCollection2 As SearchResultCollection

            Dim searchResult2 As SearchResult
 

            directorySearcher2.Sort = New SortOption("cn", SortDirection.Ascending)

            directorySearcher2.Filter = "(userPrincipalName=" + logonUser + "@harry-corp.net)"

            directorySearcher2.PropertiesToLoad.Add("cn")

            searchResultCollection2 = directorySearcher2.FindAll
 

            For Each searchResult2 In searchResultCollection2
 

                Return searchResult2.GetDirectoryEntry().Properties("cn").Value
 

            Next
 

            Dim rootDirectoryEntry3 As DirectoryEntry = New DirectoryEntry("LDAP://harry-corp.net/OU=Users,OU=Accounts2,DC=harry-corp,DC=net")

            

            Dim directorySearcher3 As DirectorySearcher = New DirectorySearcher(rootDirectoryEntry3)

            Dim searchResultCollection3 As SearchResultCollection

            Dim searchResult3 As SearchResult
 

            directorySearcher3.Sort = New SortOption("cn", SortDirection.Ascending)

            directorySearcher3.Filter = "(userPrincipalName=" + logonUser + "@harry-corp.net)"

            directorySearcher3.PropertiesToLoad.Add("cn")

            searchResultCollection3 = directorySearcher3.FindAll
 

            For Each searchResult3 In searchResultCollection3
 

                Return searchResult3.GetDirectoryEntry().Properties("cn").Value
 

            Next
 

            Return "name not found"
 

        Catch

            Return "error"

        End Try
 

    End Function

Open in new window

0
Comment
Question by:hmcgeehan
  • 2
  • 2
4 Comments
 
LVL 27

Expert Comment

by:nmarun
ID: 24018905
Please see if this works:

If not, try generalizing your LDAP connection string to:
LDAP://harry-corp.net/DC=harry-corp,DC=net

This could result in you making only one call for all users irrespective of their OU's.

Public Shared Function getFullnameFromLogonUser(ByVal logonUser As String) As String

 

        Try

 

            Dim rootDirectoryEntry As DirectoryEntry = New DirectoryEntry("LDAP://harry-corp.net/OU=Users,OU=Accounts,DC=harry-corp,DC=net")

            

            Dim directorySearcher As DirectorySearcher = New DirectorySearcher(rootDirectoryEntry)

            Dim searchResultCollection As SearchResultCollection

            Dim searchResult As SearchResult

 

            directorySearcher.Sort = New SortOption("cn", SortDirection.Ascending)

            directorySearcher.Filter = "(userPrincipalName=" + logonUser + "@harry-corp.net)"

            directorySearcher.PropertiesToLoad.Add("cn")

            searchResultCollection = directorySearcher.FindAll

            

            Dim userFound as bool = False

            Dim userFullName as String = String.Empty

 

            For Each searchResult As SearchResult In searchResultCollection

 		If searchResult.Properties("cn").Count > 0 Then

	                userFullName = searchResult.GetDirectoryEntry().Properties("cn").Value

	                userFound = True

	                Exit For

	        End If

            Next

 

 	    If userFound = False Then

 

		    Dim rootDirectoryEntry2 As DirectoryEntry = New DirectoryEntry("LDAP://harry-corp.net/OU=Test Users,OU=Test Accounts2,DC=harry-corp,DC=net")
 

		    Dim directorySearcher2 As DirectorySearcher = New DirectorySearcher(rootDirectoryEntry2)

		    Dim searchResultCollection2 As SearchResultCollection

		    Dim searchResult2 As SearchResult
 

		    directorySearcher2.Sort = New SortOption("cn", SortDirection.Ascending)

		    directorySearcher2.Filter = "(userPrincipalName=" + logonUser + "@harry-corp.net)"

		    directorySearcher2.PropertiesToLoad.Add("cn")

		    searchResultCollection2 = directorySearcher2.FindAll
 

		    For Each searchResult As SearchResult In searchResultCollection

			If searchResult.Properties("cn").Count > 0 Then

				userFullName = searchResult.GetDirectoryEntry().Properties("cn").Value

				userFound = True

				Exit For

			End If

		    Next

	    End If

	    

	    If userFound = False Then

 

		    Dim rootDirectoryEntry3 As DirectoryEntry = New DirectoryEntry("LDAP://harry-corp.net/OU=Users,OU=Accounts2,DC=harry-corp,DC=net")
 

		    Dim directorySearcher3 As DirectorySearcher = New DirectorySearcher(rootDirectoryEntry3)

		    Dim searchResultCollection3 As SearchResultCollection

		    Dim searchResult3 As SearchResult
 

		    directorySearcher3.Sort = New SortOption("cn", SortDirection.Ascending)

		    directorySearcher3.Filter = "(userPrincipalName=" + logonUser + "@harry-corp.net)"

		    directorySearcher3.PropertiesToLoad.Add("cn")

		    searchResultCollection3 = directorySearcher3.FindAll
 

		    For Each searchResult As SearchResult In searchResultCollection

			If searchResult.Properties("cn").Count > 0 Then

				userFullName = searchResult.GetDirectoryEntry().Properties("cn").Value

				userFound = True

				Exit For

			End If

		    Next

	    End If

 

 	    If userFound = False Then

            	userFullName = "name not found"

            End If

            

            Return userFullName

 

        Catch

            Return "error"

        End Try

 

    End Function

Open in new window

0
 

Author Comment

by:hmcgeehan
ID: 24019874
I've worked out that - for the users it wasn't finding in AD - it was crashing out and the exception I caught said An Operations Error Has Occured.

Thanks

nmarun I will try your sggestion now thanks
0
 

Accepted Solution

by:
hmcgeehan earned 0 total points
ID: 24020134
I just noticed that in the web.config
<identity impersonate="true"/>

I changed this to
<identity impersonate="false"/>
and it seems to work now.

I don't fully understand why that worked!

The thing is the users who were getting errors with the .net page were in a specific OU of Active Directory.
Maybe when impersonate was set to true the web page ran under their login details and they didn't have the permissions to do an LDAP lookup?

thanks
0
 
LVL 27

Expert Comment

by:nmarun
ID: 24020203
That is weird. As you said, these users might be missing some permissions to do a LDAP lookup. Please assign points to your post and mark this issue for PAQ.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

User art_snob (http://www.experts-exchange.com/M_6114203.html) encountered strange behavior of Android Web browser on his Mobile Web site. It took a while to find the true cause. It happens so, that the Android Web browser (at least up to OS ver. 2.…
Problem Hi all,    While many today have fast Internet connection, there are many still who do not, or are connecting through devices with a slower connect, so light web pages and fast load times are still popular.    If your ASP.NET page …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now