Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 854
  • Last Modified:

LDAP Password and Login

I need to be to read the userPassword for a user logging into a LDAP server.  I can successfully write out the uid property but the password is stored as a byte array.  How can I see the password so I can compare what the user enters when logging in to what is stored in the LDAP server?  

Sub LDAP_Login()
        Dim objEntry As DirectoryEntry
        Dim objSearcher As DirectorySearcher
        Dim objSearchResult As SearchResult

        objEntry = New DirectoryEntry("LDAP://localhost/ou=users,ou=dmcs,dc=ed,dc=gov", "cn=Manager,dc=ed,dc=gov", "secret", AuthenticationTypes.ServerBind)        
        ' Set up to search for UserMan on the Users node
        objSearcher = New DirectorySearcher(objEntry, "(uid=" & "vanbure" & ")")

        ' Find the user
        objSearchResult = objSearcher.FindOne()
        If Not objSearchResult Is Nothing Then
            Dim pbytBytes As Byte() = DirectCast(objSearchResult.GetDirectoryEntry().Properties("userPassword")(0), Byte())
        End If
    End Sub
3 Solutions
käµfm³d 👽Commented:
How can I see the password so I can compare what the user enters when logging in to what is stored in the LDAP server?
You can't. Passwords are hashed, which is why it's nearly impossible, even for system admins, to recover a lost password. Admins may only reset a password. You essentially need to send the password to the LDAP and let it respond with good/bad. I don't have an immediate example, but hopefully someone else can pop in with one. I'll see if I can work one up in the meantime.
Here is one example




Public Function IsAuthenticated(ByVal domain As String, ByVal username As String, ByVal pwd As String) As Boolean

            Dim domainAndUsername As String = domain & "\" & username
            Dim entry As DirectoryEntry = New DirectoryEntry(_path, domainAndUsername, pwd)

                'Bind to the native AdsObject to force authentication.			
                Dim obj As Object = entry.NativeObject
                Dim search As DirectorySearcher = New DirectorySearcher(entry)

                search.Filter = "(SAMAccountName=" & username & ")"
                Dim result As SearchResult = search.FindOne()

                If (result Is Nothing) Then
                    Return False
                End If

                'Update the new path to the user in the directory.
                _path = result.Path
                _filterAttribute = CType(result.Properties("cn")(0), String)

            Catch ex As Exception
                Throw New Exception("Error authenticating user. " & ex.Message)
            End Try

            Return True
        End Function

Open in new window

No need to compare passwords. You should use following overloaded constructor of DirectoryEntry passing user-provided password for the 3rd argument.

public DirectoryEntry(string path, string username, string password);

Next we do,


This statement will fail with an exception message "Logon failure: unknown user name or bad password."
for un-authenticated user.

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now