Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > LDAP lookup: fails on remote computers -- Please help

Reply
Thread Tools

LDAP lookup: fails on remote computers -- Please help

 
 
Jay
Guest
Posts: n/a
 
      04-28-2004
I have a simple LDAP query (grabs all users from a particular AD group and
populates a checkboxlist) that works perfectly fine on the development
machine logged on locally as any user. When I access the website and run
the query from a client however the query fails to run. Someone please
help?

Here's the code for the query (in CheckBoxListsFill sub):

'Impersonate the Windows AD user running the application
Dim impersonationContext As
System.Security.Principal.WindowsImpersonationCont ext
Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity
currentWindowsIdentity = CType(User.Identity,
System.Security.Principal.WindowsIdentity)
impersonationContext = currentWindowsIdentity.Impersonate()

Try
'Fill Approvers checkbox lists from AD LDAP
'Get all users in the G_SCA_Change_Control_Approvers group
Dim Approvers_entry As New
DirectoryEntry("LDAP://CN=G_SCA_Change_Control_Approvers,OU=Groups,DC=sca ,DC
=hin,DC=sk,DC=ca")
Dim Approvers_result As String
Dim entry As New DirectoryEntry("LDAP://SCA")
Dim searcher As New DirectorySearcher(entry)
Dim result As SearchResult
Dim results As SearchResultCollection
searcher.PropertiesToLoad.Add("samAccountName")

'Get the members of the group
For Each Approvers_result In Approvers_entry.Properties("member")
Approvers_result = Approvers_result.ToString.Split(",")(0)
Approvers_result = Approvers_result.ToString.Split("=")(1)
'Find the samAccountName of the current Approvers_result
searcher.Filter = ("(&(objectClass=person)(cn=" & Approvers_result &
"))")
result = searcher.FindOne
cblApprovers.Items.Add(New
ListItem(result.Properties("samAccountName")(0).To String))
Next

Catch ex As Exception
Response.Write(ex.Message)
End Try
impersonationContext.Undo()

And here's the error message I get as any remote client running the web
page:

Source Error:

An unhandled exception was generated during the execution of the
current web request. Information regarding the origin and location of the
exception can be identified using the exception stack trace below.

Stack Trace:

[COMException (0x80072020): An operations error occurred]
System.DirectoryServices.DirectoryEntry.Bind(Boole an throwIfFail) +513
System.DirectoryServices.DirectoryEntry.Bind() +10
System.DirectoryServices.DirectoryEntry.get_AdsObj ect() +10
System.DirectoryServices.PropertyValueCollection.P opulateList() +234
System.DirectoryServices.PropertyCollection.get_It em(String propertyName)
+45
Change_Request.frmNewRequest.CheckBoxListsFill() +210
Change_Request.frmNewRequest.Page_Load(Object sender, EventArgs e) +395
System.Web.UI.Control.OnLoad(EventArgs e) +67
System.Web.UI.Control.LoadRecursive() +35
System.Web.UI.Page.ProcessRequestMain() +731

Like I said, any help in this would be very very much appreciated.

Thanks in advance,

Jason


 
Reply With Quote
 
 
 
 
Natty Gur
Guest
Posts: n/a
 
      04-29-2004
Hi,

As far as I know the default ASP.NET user doesn't have rights to access
remote LDAP. You need to set user with right permissions.
http://msdn.microsoft.com/library/de.../en-us/dnnetse
c/html/threatcounter.asp

Natty Gur[MVP]

blog : http://weblogs.asp.net/ngur
Mobile: +972-(0)58-888377


*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
 
Reply With Quote
 
 
 
 
Jay
Guest
Posts: n/a
 
      04-29-2004
I've looked in the 'rights' section in user manager and nothing jumps out at
me as to which right the aspnet user requires. I couldn't find anything on
the provide link either. Could you be more specific please?

Thanks again,

Jay

"Natty Gur" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi,
>
> As far as I know the default ASP.NET user doesn't have rights to access
> remote LDAP. You need to set user with right permissions.
> http://msdn.microsoft.com/library/de.../en-us/dnnetse
> c/html/threatcounter.asp
>
> Natty Gur[MVP]
>
> blog : http://weblogs.asp.net/ngur
> Mobile: +972-(0)58-888377
>
>
> *** Sent via Developersdex http://www.developersdex.com ***
> Don't just participate in USENET...get rewarded for it!



 
Reply With Quote
 
bruce barker
Guest
Posts: n/a
 
      04-29-2004
unless you are using digest (and have delagation turned on), credentials
will not delegate. you will have to have your code impersonate a primary
token with access to the ad.

-- bruce (sqlwork.com)



"Jay" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I have a simple LDAP query (grabs all users from a particular AD group and
> populates a checkboxlist) that works perfectly fine on the development
> machine logged on locally as any user. When I access the website and run
> the query from a client however the query fails to run. Someone please
> help?
>
> Here's the code for the query (in CheckBoxListsFill sub):
>
> 'Impersonate the Windows AD user running the application
> Dim impersonationContext As
> System.Security.Principal.WindowsImpersonationCont ext
> Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity
> currentWindowsIdentity = CType(User.Identity,
> System.Security.Principal.WindowsIdentity)
> impersonationContext = currentWindowsIdentity.Impersonate()
>
> Try
> 'Fill Approvers checkbox lists from AD LDAP
> 'Get all users in the G_SCA_Change_Control_Approvers group
> Dim Approvers_entry As New
>

DirectoryEntry("LDAP://CN=G_SCA_Change_Control_Approvers,OU=Groups,DC=sca ,DC
> =hin,DC=sk,DC=ca")
> Dim Approvers_result As String
> Dim entry As New DirectoryEntry("LDAP://SCA")
> Dim searcher As New DirectorySearcher(entry)
> Dim result As SearchResult
> Dim results As SearchResultCollection
> searcher.PropertiesToLoad.Add("samAccountName")
>
> 'Get the members of the group
> For Each Approvers_result In Approvers_entry.Properties("member")
> Approvers_result = Approvers_result.ToString.Split(",")(0)
> Approvers_result = Approvers_result.ToString.Split("=")(1)
> 'Find the samAccountName of the current Approvers_result
> searcher.Filter = ("(&(objectClass=person)(cn=" & Approvers_result

&
> "))")
> result = searcher.FindOne
> cblApprovers.Items.Add(New
> ListItem(result.Properties("samAccountName")(0).To String))
> Next
>
> Catch ex As Exception
> Response.Write(ex.Message)
> End Try
> impersonationContext.Undo()
>
> And here's the error message I get as any remote client running the web
> page:
>
> Source Error:
>
> An unhandled exception was generated during the execution of the
> current web request. Information regarding the origin and location of the
> exception can be identified using the exception stack trace below.
>
> Stack Trace:
>
> [COMException (0x80072020): An operations error occurred]
> System.DirectoryServices.DirectoryEntry.Bind(Boole an throwIfFail) +513
> System.DirectoryServices.DirectoryEntry.Bind() +10
> System.DirectoryServices.DirectoryEntry.get_AdsObj ect() +10
> System.DirectoryServices.PropertyValueCollection.P opulateList() +234
> System.DirectoryServices.PropertyCollection.get_It em(String

propertyName)
> +45
> Change_Request.frmNewRequest.CheckBoxListsFill() +210
> Change_Request.frmNewRequest.Page_Load(Object sender, EventArgs e) +395
> System.Web.UI.Control.OnLoad(EventArgs e) +67
> System.Web.UI.Control.LoadRecursive() +35
> System.Web.UI.Page.ProcessRequestMain() +731
>
> Like I said, any help in this would be very very much appreciated.
>
> Thanks in advance,
>
> Jason
>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
python-ldap/win32 or python/ldap/win32 rcmn Python 1 11-06-2006 11:47 PM
Need to wrtie LDAP class to *answer* LDAP queries. junk1@davidbevan.co.uk Java 1 02-21-2006 09:59 PM
[ANN] Ruby/LDAP 0.9.1: LDAP API (RFC1823) library. Ian Macdonald Ruby 0 03-15-2005 11:23 PM
Remote Assistance fails to connect, remote remote host name could not be resolved Peter Sale Wireless Networking 1 12-11-2004 09:09 PM
using LDAP Controls in ruby-ldap Jason Wold Ruby 5 11-07-2004 03:35 AM



Advertisments