LDAP Password and Login

Posted on 2011-10-09
Last Modified: 2012-05-12
I need to be to read the userPassword for a user logging into a LDAP server.  I can successfully write out the uid property but the password is stored as a byte array.  How can I see the password so I can compare what the user enters when logging in to what is stored in the LDAP server?  

Sub LDAP_Login()
        Dim objEntry As DirectoryEntry
        Dim objSearcher As DirectorySearcher
        Dim objSearchResult As SearchResult

        objEntry = New DirectoryEntry("LDAP://localhost/ou=users,ou=dmcs,dc=ed,dc=gov", "cn=Manager,dc=ed,dc=gov", "secret", AuthenticationTypes.ServerBind)        
        ' Set up to search for UserMan on the Users node
        objSearcher = New DirectorySearcher(objEntry, "(uid=" & "vanbure" & ")")

        ' Find the user
        objSearchResult = objSearcher.FindOne()
        If Not objSearchResult Is Nothing Then
            Dim pbytBytes As Byte() = DirectCast(objSearchResult.GetDirectoryEntry().Properties("userPassword")(0), Byte())
        End If
    End Sub
Question by:evanburen
    LVL 74

    Accepted Solution

    How can I see the password so I can compare what the user enters when logging in to what is stored in the LDAP server?
    You can't. Passwords are hashed, which is why it's nearly impossible, even for system admins, to recover a lost password. Admins may only reset a password. You essentially need to send the password to the LDAP and let it respond with good/bad. I don't have an immediate example, but hopefully someone else can pop in with one. I'll see if I can work one up in the meantime.
    LVL 83

    Assisted Solution

    Here is one example


    Public Function IsAuthenticated(ByVal domain As String, ByVal username As String, ByVal pwd As String) As Boolean
                Dim domainAndUsername As String = domain & "\" & username
                Dim entry As DirectoryEntry = New DirectoryEntry(_path, domainAndUsername, pwd)
                    'Bind to the native AdsObject to force authentication.			
                    Dim obj As Object = entry.NativeObject
                    Dim search As DirectorySearcher = New DirectorySearcher(entry)
                    search.Filter = "(SAMAccountName=" & username & ")"
                    Dim result As SearchResult = search.FindOne()
                    If (result Is Nothing) Then
                        Return False
                    End If
                    'Update the new path to the user in the directory.
                    _path = result.Path
                    _filterAttribute = CType(result.Properties("cn")(0), String)
                Catch ex As Exception
                    Throw New Exception("Error authenticating user. " & ex.Message)
                End Try
                Return True
            End Function

    Open in new window

    LVL 8

    Assisted Solution

    No need to compare passwords. You should use following overloaded constructor of DirectoryEntry passing user-provided password for the 3rd argument.

    public DirectoryEntry(string path, string username, string password);

    Next we do,


    This statement will fail with an exception message "Logon failure: unknown user name or bad password."
    for un-authenticated user.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    I recently went through the process of creating a Calendar Control of events with the basis of using a database to keep track of the dates that are selectable, one requirement was to have the selected date pop-up in a simple lightbox.  At first this…
    Calculating holidays and working days is a function that is often needed yet it is not one found within the Framework. This article presents one approach to building a working-day calculator for use in .NET.
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now