Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Active Directory Search fails ("The directory service is unavailab

Reply
Thread Tools

Active Directory Search fails ("The directory service is unavailab

 
 
ejcosta
Guest
Posts: n/a
 
      10-07-2004
Hi all,

I'm having one of those nerve wrecking errors, when trying to perform a
simple search in an Active Directory. The objective of the code is to, given
a user name, search the AD for couple of specified properties, including the
groups the user belongs to.

The odd thing is that, if I set filter simply as "(objectCategory=user)", it
works. If I add any other search criteria, it throws an exception with the
message "the directory service is unavailable.".

Can any of you help? Here's the code that I'm using to perform the search:

public static void GetADUserGroups(string LoggedInUser){
DirectorySearcher search = new DirectorySearcher("LDAP://" +
Common.getValue("SPDomain"));
search.Filter = @"(objectCategory=user)(samaccountname=" + LoggedInUser +
")";

search.PropertiesToLoad.Add("memberof");
search.PropertiesToLoad.Add("department");
search.PropertiesToLoad.Add("cn");
search.PropertiesToLoad.Add("sn");
search.PropertiesToLoad.Add("name");
search.PropertiesToLoad.Add("samaccountname");

System.Text.StringBuilder groupNames = new System.Text.StringBuilder();

// Search time out
TimeSpan waitTime;
try{
waitTime = new TimeSpan(0, 0, 60); //hh--mm-ss
search.ClientTimeout = waitTime; //wait this much time to display results
}
catch (Exception Ex){
throw new SystemException("Error = " + Ex.Message + Ex.InnerException, Ex);
}

try{
SearchResult result = search.FindOne();
if(result != null){
int propertyCount = result.Properties["memberOf"].Count;
String dn;
int equalsIndex, commaIndex;

for(int propertyCounter = 0; propertyCounter < propertyCount;
propertyCounter++){
dn = (String)result.Properties["memberOf"][propertyCounter];
equalsIndex = dn.IndexOf("=", 1);
commaIndex = dn.IndexOf(",", 1);
if(-1 == equalsIndex){
return;
}
groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex
- equalsIndex) - 1));
groupNames.Append("|");
}
}
}
catch(Exception ex){
throw new Exception("Error obtaining group names. " + ex.Message);
}
}

Thanks in advance for all the help you guys can provide!
ejcosta
 
Reply With Quote
 
 
 
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      10-07-2004
Your search filter should look like this for a compound query:
(&(objectCategory=user)(samaccountname=username) )

Normally, I'd expect an invalid filter syntax error though.

You might also need to include credentials in your DirectoryEntry
constructor if your security context isn't a domain account or can't hop to
the domain controller due to impersonation/delegation issues. This is
common in ASP.NET.

Joe K.

"ejcosta" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi all,
>
> I'm having one of those nerve wrecking errors, when trying to perform a
> simple search in an Active Directory. The objective of the code is to,
> given
> a user name, search the AD for couple of specified properties, including
> the
> groups the user belongs to.
>
> The odd thing is that, if I set filter simply as "(objectCategory=user)",
> it
> works. If I add any other search criteria, it throws an exception with the
> message "the directory service is unavailable.".
>
> Can any of you help? Here's the code that I'm using to perform the search:
>
> public static void GetADUserGroups(string LoggedInUser){
> DirectorySearcher search = new DirectorySearcher("LDAP://" +
> Common.getValue("SPDomain"));
> search.Filter = @"(objectCategory=user)(samaccountname=" + LoggedInUser +
> ")";
>
> search.PropertiesToLoad.Add("memberof");
> search.PropertiesToLoad.Add("department");
> search.PropertiesToLoad.Add("cn");
> search.PropertiesToLoad.Add("sn");
> search.PropertiesToLoad.Add("name");
> search.PropertiesToLoad.Add("samaccountname");
>
> System.Text.StringBuilder groupNames = new System.Text.StringBuilder();
>
> // Search time out
> TimeSpan waitTime;
> try{
> waitTime = new TimeSpan(0, 0, 60); //hh--mm-ss
> search.ClientTimeout = waitTime; //wait this much time to display results
> }
> catch (Exception Ex){
> throw new SystemException("Error = " + Ex.Message + Ex.InnerException,
> Ex);
> }
>
> try{
> SearchResult result = search.FindOne();
> if(result != null){
> int propertyCount = result.Properties["memberOf"].Count;
> String dn;
> int equalsIndex, commaIndex;
>
> for(int propertyCounter = 0; propertyCounter < propertyCount;
> propertyCounter++){
> dn = (String)result.Properties["memberOf"][propertyCounter];
> equalsIndex = dn.IndexOf("=", 1);
> commaIndex = dn.IndexOf(",", 1);
> if(-1 == equalsIndex){
> return;
> }
> groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex
> - equalsIndex) - 1));
> groupNames.Append("|");
> }
> }
> }
> catch(Exception ex){
> throw new Exception("Error obtaining group names. " + ex.Message);
> }
> }
>
> Thanks in advance for all the help you guys can provide!
> ejcosta



 
Reply With Quote
 
 
 
 
Eurico Costa
Guest
Posts: n/a
 
      10-08-2004
Joe,

Thank you so much for your help. Your answer worked perfectly.

Regards,
Eurico

"Joe Kaplan (MVP - ADSI)" wrote:

> Your search filter should look like this for a compound query:
> (&(objectCategory=user)(samaccountname=username) )
>
> Normally, I'd expect an invalid filter syntax error though.
>
> You might also need to include credentials in your DirectoryEntry
> constructor if your security context isn't a domain account or can't hop to
> the domain controller due to impersonation/delegation issues. This is
> common in ASP.NET.
>
> Joe K.
>
> "ejcosta" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Hi all,
> >
> > I'm having one of those nerve wrecking errors, when trying to perform a
> > simple search in an Active Directory. The objective of the code is to,
> > given
> > a user name, search the AD for couple of specified properties, including
> > the
> > groups the user belongs to.
> >
> > The odd thing is that, if I set filter simply as "(objectCategory=user)",
> > it
> > works. If I add any other search criteria, it throws an exception with the
> > message "the directory service is unavailable.".
> >
> > Can any of you help? Here's the code that I'm using to perform the search:
> >
> > public static void GetADUserGroups(string LoggedInUser){
> > DirectorySearcher search = new DirectorySearcher("LDAP://" +
> > Common.getValue("SPDomain"));
> > search.Filter = @"(objectCategory=user)(samaccountname=" + LoggedInUser +
> > ")";
> >
> > search.PropertiesToLoad.Add("memberof");
> > search.PropertiesToLoad.Add("department");
> > search.PropertiesToLoad.Add("cn");
> > search.PropertiesToLoad.Add("sn");
> > search.PropertiesToLoad.Add("name");
> > search.PropertiesToLoad.Add("samaccountname");
> >
> > System.Text.StringBuilder groupNames = new System.Text.StringBuilder();
> >
> > // Search time out
> > TimeSpan waitTime;
> > try{
> > waitTime = new TimeSpan(0, 0, 60); //hh--mm-ss
> > search.ClientTimeout = waitTime; //wait this much time to display results
> > }
> > catch (Exception Ex){
> > throw new SystemException("Error = " + Ex.Message + Ex.InnerException,
> > Ex);
> > }
> >
> > try{
> > SearchResult result = search.FindOne();
> > if(result != null){
> > int propertyCount = result.Properties["memberOf"].Count;
> > String dn;
> > int equalsIndex, commaIndex;
> >
> > for(int propertyCounter = 0; propertyCounter < propertyCount;
> > propertyCounter++){
> > dn = (String)result.Properties["memberOf"][propertyCounter];
> > equalsIndex = dn.IndexOf("=", 1);
> > commaIndex = dn.IndexOf(",", 1);
> > if(-1 == equalsIndex){
> > return;
> > }
> > groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex
> > - equalsIndex) - 1));
> > groupNames.Append("|");
> > }
> > }
> > }
> > catch(Exception ex){
> > throw new Exception("Error obtaining group names. " + ex.Message);
> > }
> > }
> >
> > Thanks in advance for all the help you guys can provide!
> > ejcosta

>
>
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Active Directory LDAP Authentication Fails in IIS 6 P Webster ASP .Net 2 03-25-2006 02:48 PM
RE: Search Filter Syntax in Active Directory Tim Golden Python 2 10-12-2004 08:36 AM
Active Directory Role-Based Authentication Fails for Users - Local PPL-KMS ASP .Net Security 1 10-05-2004 03:49 PM
Search Filter Syntax in Active Directory Dirk Hagemann Python 0 09-29-2004 08:33 PM
Active Directory problem - search.FindAll() =?Utf-8?B?bWc=?= ASP .Net 0 02-22-2004 02:16 PM



Advertisments