Solved

getting users againest LDAP group

Posted on 2009-04-14
24
285 Views
Last Modified: 2012-08-14
i am trying to get LDAP group users but user are not retreaving i am putting code please look into it.

Public Function GetUsersForGroup() As ArrayList

        Dim userNames As New ArrayList
        Dim username = "******"
        Dim pwd = "******"

        Dim strLDAPPath As String
        strLDAPPath = "LDAP://domain name"

        Dim de As New DirectoryServices.DirectoryEntry(strLDAPPath) '<---make sure to change to your ad connstring
        de.Username = username
        de.Password = pwd '<--- domain account password
        de.AuthenticationType = DirectoryServices.AuthenticationTypes.None

        Dim deSearch As New DirectoryServices.DirectorySearcher(de)
        Dim groupname As String = "groupname" '<---group you wish to load

        deSearch.Filter = "(&(objectClass=group)(cn=" + groupname + "))"

        Dim results As DirectoryServices.SearchResultCollection = deSearch.FindAll()
        Dim result As DirectoryServices.SearchResult

        If (results.Count > 0) Then
            For Each result In results
                For Each member As String In result.Properties("member")
                    userNames.Add(member)
                Next
            Next
        End If

        Return userNames

    End Function

please check and give me feedback.

Thanks
0
Comment
Question by:farjack1
  • 13
  • 8
24 Comments
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Hey,

Have you confirmed that the search is returning the group correctly?

Chris
0
 

Author Comment

by:farjack1
Comment Utility
no not exactly, basicaly  groups are retreaving but not we required that are other, we have checked from LDAP guys they confirmed groups are on ldap the code of retreaving groups againest user is below, i don't know where is the problem in the code

Public Function GetUserGroups(ByVal UserName As String, ByVal Password As String, ByVal Environment As String) As List(Of String)

        Dim i As Integer
        Dim lineArray As Object
        Dim m_GroupList As New List(Of String)
     
        Dim entry As DirectoryEntry = New DirectoryEntry(strPathofLDAP)
        entry.AuthenticationType = AuthenticationTypes.None
        entry.Username = "uid=" & UserName & ",ou=people,dc=abc,dc=com"
        entry.Password = Password

        Dim search As DirectorySearcher = New DirectorySearcher(entry)
        Dim _filterAttribute = getUserName(UserName)

        search.Filter = "(cn=" & _filterAttribute & ")"

        search.PropertiesToLoad.Add("memberOf")

        Dim groupNames As New System.Text.StringBuilder()

        Try
            Dim result As SearchResult = search.FindOne()
            Dim propertyCount As Integer = result.Properties("memberOf").Count()
            Dim dn As String
            Dim equalsIndex, commaIndex As Integer
            Dim propertyCounter As Integer

            For propertyCounter = 0 To propertyCount - 1

                dn = result.Properties("memberOf")(propertyCounter)
                equalsIndex = dn.IndexOf("=", 1)
                commaIndex = dn.IndexOf(",", 1)

                If (-1 = equalsIndex) Then
                    groupNames.Append(dn)
                Else
                    groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1))
                    groupNames.Append("|")
                End If

            Next propertyCounter

        Catch ex As Exception
            Throw New Exception("Error obtaining group names. " + ex.Message)
        Finally
            'entry.Dispose()
            'entry = Nothing
            search = Nothing
        End Try

        'Spliting group name in in lineArray
        lineArray = Split(groupNames.ToString(), "|")

        'loop through on array and add in list
        For i = 0 To UBound(lineArray) - 1
            m_GroupList.Add(UCase(lineArray(i)))
        Next

        Return m_GroupList

    End Function
0
 

Author Comment

by:farjack1
Comment Utility
Hry Chris can you please responde?
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Sorry... quite busy.

This won't work against Active Directory:

        entry.Username = "uid=" & UserName & ",ou=people,dc=abc,dc=com"

You will find you won't be able to bind using UID=. Instead it would be:

        entry.Username = "CN=Users Name,OU=people,DC=abc,DC=com"

That makes getUserName a bit pointless as you already have the portion it retrieves as "Users Name".

Chris
0
 

Author Comment

by:farjack1
Comment Utility
if i am defining like that

entry.Username = "CN=" & UserName & ",ou=people,dc=abc,dc=com"
its giving me error

as i am defining CN in filter

please suggest as per my above code

0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Is it giving you a invalid username and password error? That exception isn't handled by the Try / Catch above.

Chris
0
 

Author Comment

by:farjack1
Comment Utility
now i handled exception like this, basically if put this line

entry.Username = "CN=" & UserName & ",ou=people,dc=ssga,dc=com"

ldap server is saying wrong uid and pass

 Try
            Dim entry As DirectoryEntry = New DirectoryEntry(strPath)
            entry.AuthenticationType = AuthenticationTypes.None
            entry.Username = "CN=" & UserName & ",ou=people,dc=ssga,dc=com"
            entry.Password = Password
            search = New DirectorySearcher(entry)

            search.Filter = "(cn=" & _filterAttribute & ")"
            search.PropertiesToLoad.Add("memberOf")
            result = search.FindOne()

            propertyCount = result.Properties("memberOf").Count()

        Catch ex As Exception
        End Try

but still have error object referance not set
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

When you say "UserName" do you mean the "name" attribute or sAMAccountName (user logon name)? The latter will not work, it must be the name of the object as it appears in the directory (AD Users and Computers, ADSIEdit, etc).

Chris
0
 

Author Comment

by:farjack1
Comment Utility
UserName means userid AD user, its not sAMAccountName

when i am putting

entry.Username = "uid=" & UserName & ",ou=people,dc=abc,dc=com"

its connecting on ldap and working but groups are not retreaving agaiest

search.Filter = "(cn=" & _filterAttribute & ")"
search.PropertiesToLoad.Add("memberOf")
result = search.FindOne()
0
 

Author Comment

by:farjack1
Comment Utility
i am sorry Chris i am bothering again , but now it became urgent
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:farjack1
Comment Utility
Chris i am still waiting of your response.
0
 

Author Comment

by:farjack1
Comment Utility
Hi Chris can you please responde?
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Hey,

Sorry for the late reply.

I think you should test the Directory Entry you've created. After all, if the DirectoryEntry fails then the search will fail (as the DE is used as the search base).

As a minimum the Directory Entry should have name and distinguishedName attributes which can be tested.

Chris
0
 

Author Comment

by:farjack1
Comment Utility
can you send me code example.

Thanks
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

This should be good enough:

Dim entry As DirectoryEntry = New DirectoryEntry(strPath)
entry.AuthenticationType = AuthenticationTypes.None
entry.Username = "CN=" & UserName & ",ou=people,dc=ssga,dc=com"
entry.Password = Password

Label1.Text = entry.Properties("distinguishedName").Item(0).ToString()

Obviously you should replace Label1.Text with something else that will help you see the value there.

Chris
0
 

Author Comment

by:farjack1
Comment Utility
this is giving me error

'entry.Properties' is not declared or the module containing it is not loaded in the debugging session.
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Rather suggests that the DirectoryEntry failed. What value is being used in strPath?

Chris
0
 

Author Comment

by:farjack1
Comment Utility
yes DirectoryEntry  is getting failed and ldap path that is strPath is correct

LDAP://path/ou=people,dc=abc,dc=com
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Okay, so either the user name and password used in the authentication string are incorrect, or the server / path are incorrect. Both of those should provide you with distinct error messages, but you don't get any?

Chris
0
 

Author Comment

by:farjack1
Comment Utility
Chris today i will test this thing and will responde you.

Thanks
0
 

Accepted Solution

by:
farjack1 earned 0 total points
Comment Utility
Thanks Chris, i solved by my self
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
This article will show, step by step, how to integrate R code into a R Sweave document
Learn the basics of lists in Python. Lists, as their name suggests, are a means for ordering and storing values. : Lists are declared using brackets; for example: t = [1, 2, 3]: Lists may contain a mix of data types; for example: t = ['string', 1, T…
The viewer will learn how to count occurrences of each item in an array.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now