Solved

getting users againest LDAP group

Posted on 2009-04-14
24
290 Views
Last Modified: 2012-08-14
i am trying to get LDAP group users but user are not retreaving i am putting code please look into it.

Public Function GetUsersForGroup() As ArrayList

        Dim userNames As New ArrayList
        Dim username = "******"
        Dim pwd = "******"

        Dim strLDAPPath As String
        strLDAPPath = "LDAP://domain name"

        Dim de As New DirectoryServices.DirectoryEntry(strLDAPPath) '<---make sure to change to your ad connstring
        de.Username = username
        de.Password = pwd '<--- domain account password
        de.AuthenticationType = DirectoryServices.AuthenticationTypes.None

        Dim deSearch As New DirectoryServices.DirectorySearcher(de)
        Dim groupname As String = "groupname" '<---group you wish to load

        deSearch.Filter = "(&(objectClass=group)(cn=" + groupname + "))"

        Dim results As DirectoryServices.SearchResultCollection = deSearch.FindAll()
        Dim result As DirectoryServices.SearchResult

        If (results.Count > 0) Then
            For Each result In results
                For Each member As String In result.Properties("member")
                    userNames.Add(member)
                Next
            Next
        End If

        Return userNames

    End Function

please check and give me feedback.

Thanks
0
Comment
Question by:farjack1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 13
  • 8
24 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24178460

Hey,

Have you confirmed that the search is returning the group correctly?

Chris
0
 

Author Comment

by:farjack1
ID: 24179174
no not exactly, basicaly  groups are retreaving but not we required that are other, we have checked from LDAP guys they confirmed groups are on ldap the code of retreaving groups againest user is below, i don't know where is the problem in the code

Public Function GetUserGroups(ByVal UserName As String, ByVal Password As String, ByVal Environment As String) As List(Of String)

        Dim i As Integer
        Dim lineArray As Object
        Dim m_GroupList As New List(Of String)
     
        Dim entry As DirectoryEntry = New DirectoryEntry(strPathofLDAP)
        entry.AuthenticationType = AuthenticationTypes.None
        entry.Username = "uid=" & UserName & ",ou=people,dc=abc,dc=com"
        entry.Password = Password

        Dim search As DirectorySearcher = New DirectorySearcher(entry)
        Dim _filterAttribute = getUserName(UserName)

        search.Filter = "(cn=" & _filterAttribute & ")"

        search.PropertiesToLoad.Add("memberOf")

        Dim groupNames As New System.Text.StringBuilder()

        Try
            Dim result As SearchResult = search.FindOne()
            Dim propertyCount As Integer = result.Properties("memberOf").Count()
            Dim dn As String
            Dim equalsIndex, commaIndex As Integer
            Dim propertyCounter As Integer

            For propertyCounter = 0 To propertyCount - 1

                dn = result.Properties("memberOf")(propertyCounter)
                equalsIndex = dn.IndexOf("=", 1)
                commaIndex = dn.IndexOf(",", 1)

                If (-1 = equalsIndex) Then
                    groupNames.Append(dn)
                Else
                    groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1))
                    groupNames.Append("|")
                End If

            Next propertyCounter

        Catch ex As Exception
            Throw New Exception("Error obtaining group names. " + ex.Message)
        Finally
            'entry.Dispose()
            'entry = Nothing
            search = Nothing
        End Try

        'Spliting group name in in lineArray
        lineArray = Split(groupNames.ToString(), "|")

        'loop through on array and add in list
        For i = 0 To UBound(lineArray) - 1
            m_GroupList.Add(UCase(lineArray(i)))
        Next

        Return m_GroupList

    End Function
0
 

Author Comment

by:farjack1
ID: 24184922
Hry Chris can you please responde?
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 71

Expert Comment

by:Chris Dent
ID: 24185171

Sorry... quite busy.

This won't work against Active Directory:

        entry.Username = "uid=" & UserName & ",ou=people,dc=abc,dc=com"

You will find you won't be able to bind using UID=. Instead it would be:

        entry.Username = "CN=Users Name,OU=people,DC=abc,DC=com"

That makes getUserName a bit pointless as you already have the portion it retrieves as "Users Name".

Chris
0
 

Author Comment

by:farjack1
ID: 24185475
if i am defining like that

entry.Username = "CN=" & UserName & ",ou=people,dc=abc,dc=com"
its giving me error

as i am defining CN in filter

please suggest as per my above code

0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24185685

Is it giving you a invalid username and password error? That exception isn't handled by the Try / Catch above.

Chris
0
 

Author Comment

by:farjack1
ID: 24185776
now i handled exception like this, basically if put this line

entry.Username = "CN=" & UserName & ",ou=people,dc=ssga,dc=com"

ldap server is saying wrong uid and pass

 Try
            Dim entry As DirectoryEntry = New DirectoryEntry(strPath)
            entry.AuthenticationType = AuthenticationTypes.None
            entry.Username = "CN=" & UserName & ",ou=people,dc=ssga,dc=com"
            entry.Password = Password
            search = New DirectorySearcher(entry)

            search.Filter = "(cn=" & _filterAttribute & ")"
            search.PropertiesToLoad.Add("memberOf")
            result = search.FindOne()

            propertyCount = result.Properties("memberOf").Count()

        Catch ex As Exception
        End Try

but still have error object referance not set
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24185923

When you say "UserName" do you mean the "name" attribute or sAMAccountName (user logon name)? The latter will not work, it must be the name of the object as it appears in the directory (AD Users and Computers, ADSIEdit, etc).

Chris
0
 

Author Comment

by:farjack1
ID: 24186017
UserName means userid AD user, its not sAMAccountName

when i am putting

entry.Username = "uid=" & UserName & ",ou=people,dc=abc,dc=com"

its connecting on ldap and working but groups are not retreaving agaiest

search.Filter = "(cn=" & _filterAttribute & ")"
search.PropertiesToLoad.Add("memberOf")
result = search.FindOne()
0
 

Author Comment

by:farjack1
ID: 24186897
i am sorry Chris i am bothering again , but now it became urgent
0
 

Author Comment

by:farjack1
ID: 24188946
Chris i am still waiting of your response.
0
 

Author Comment

by:farjack1
ID: 24193781
Hi Chris can you please responde?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24204640

Hey,

Sorry for the late reply.

I think you should test the Directory Entry you've created. After all, if the DirectoryEntry fails then the search will fail (as the DE is used as the search base).

As a minimum the Directory Entry should have name and distinguishedName attributes which can be tested.

Chris
0
 

Author Comment

by:farjack1
ID: 24204714
can you send me code example.

Thanks
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24204892

This should be good enough:

Dim entry As DirectoryEntry = New DirectoryEntry(strPath)
entry.AuthenticationType = AuthenticationTypes.None
entry.Username = "CN=" & UserName & ",ou=people,dc=ssga,dc=com"
entry.Password = Password

Label1.Text = entry.Properties("distinguishedName").Item(0).ToString()

Obviously you should replace Label1.Text with something else that will help you see the value there.

Chris
0
 

Author Comment

by:farjack1
ID: 24205189
this is giving me error

'entry.Properties' is not declared or the module containing it is not loaded in the debugging session.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24205236

Rather suggests that the DirectoryEntry failed. What value is being used in strPath?

Chris
0
 

Author Comment

by:farjack1
ID: 24205357
yes DirectoryEntry  is getting failed and ldap path that is strPath is correct

LDAP://path/ou=people,dc=abc,dc=com
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24205438

Okay, so either the user name and password used in the authentication string are incorrect, or the server / path are incorrect. Both of those should provide you with distinct error messages, but you don't get any?

Chris
0
 

Author Comment

by:farjack1
ID: 24205868
Chris today i will test this thing and will responde you.

Thanks
0
 

Accepted Solution

by:
farjack1 earned 0 total points
ID: 24221326
Thanks Chris, i solved by my self
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question