«

I have a simple LDAP query (grabs all users from a particular AD group and
populates a checkboxlist) that works perfectly fine on the development
machine logged on locally as any user. When I access the website and run
the query from a client however the query fails to run. Someone please
help?

Here's the code for the query (in CheckBoxListsFill sub):

'Impersonate the Windows AD user running the application
Dim impersonationContext As
System.Security.Principal.WindowsImpersonationCont ext
Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity
currentWindowsIdentity = CType(User.Identity,
System.Security.Principal.WindowsIdentity)
impersonationContext = currentWindowsIdentity.Impersonate()

Try
'Fill Approvers checkbox lists from AD LDAP
'Get all users in the G_SCA_Change_Control_Approvers group
Dim Approvers_entry As New
DirectoryEntry("LDAP://CN=G_SCA_Change_Control_Approvers,OU=Groups,DC=sca ,DC
=hin,DC=sk,DC=ca")
Dim Approvers_result As String
Dim entry As New DirectoryEntry("LDAP://SCA")
Dim searcher As New DirectorySearcher(entry)
Dim result As SearchResult
Dim results As SearchResultCollection
searcher.PropertiesToLoad.Add("samAccountName")

'Get the members of the group
For Each Approvers_result In Approvers_entry.Properties("member")
Approvers_result = Approvers_result.ToString.Split(",")(0)
Approvers_result = Approvers_result.ToString.Split("=")(1)
'Find the samAccountName of the current Approvers_result
searcher.Filter = ("(&(objectClass=person)(cn=" & Approvers_result &
"))")
result = searcher.FindOne
cblApprovers.Items.Add(New
ListItem(result.Properties("samAccountName")(0).To String))
Next

Catch ex As Exception
Response.Write(ex.Message)
End Try
impersonationContext.Undo()

And here's the error message I get as any remote client running the web
page:

Source Error:

An unhandled exception was generated during the execution of the
current web request. Information regarding the origin and location of the
exception can be identified using the exception stack trace below.

Stack Trace:

[COMException (0x80072020): An operations error occurred]
System.DirectoryServices.DirectoryEntry.Bind(Boole an throwIfFail) +513
System.DirectoryServices.DirectoryEntry.Bind() +10
System.DirectoryServices.DirectoryEntry.get_AdsObj ect() +10
System.DirectoryServices.PropertyValueCollection.P opulateList() +234
System.DirectoryServices.PropertyCollection.get_It em(String propertyName)
+45
Change_Request.frmNewRequest.CheckBoxListsFill() +210
Change_Request.frmNewRequest.Page_Load(Object sender, EventArgs e) +395
System.Web.UI.Control.OnLoad(EventArgs e) +67
System.Web.UI.Control.LoadRecursive() +35
System.Web.UI.Page.ProcessRequestMain() +731

Like I said, any help in this would be very very much appreciated.

Thanks in advance,

Jason

Hi,

As far as I know the default ASP.NET user doesn't have rights to access
remote LDAP. You need to set user with right permissions.
http://msdn.microsoft.com/library/de.../en-us/dnnetse
c/html/threatcounter.asp

Natty Gur[MVP]

blog : http://weblogs.asp.net/ngur
Mobile: +972-(0)58-888377


*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

I've looked in the 'rights' section in user manager and nothing jumps out at
me as to which right the aspnet user requires. I couldn't find anything on
the provide link either. Could you be more specific please?

Thanks again,

Jay

"Natty Gur" <> wrote in message
news:...
> Hi,
>
> As far as I know the default ASP.NET user doesn't have rights to access
> remote LDAP. You need to set user with right permissions.
> http://msdn.microsoft.com/library/de.../en-us/dnnetse
> c/html/threatcounter.asp
>
> Natty Gur[MVP]
>
> blog : http://weblogs.asp.net/ngur
> Mobile: +972-(0)58-888377
>
>
> *** Sent via Developersdex http://www.developersdex.com ***
> Don't just participate in USENET...get rewarded for it!

unless you are using digest (and have delagation turned on), credentials
will not delegate. you will have to have your code impersonate a primary
token with access to the ad.

-- bruce (sqlwork.com)



"Jay" <> wrote in message
news:...
> I have a simple LDAP query (grabs all users from a particular AD group and
> populates a checkboxlist) that works perfectly fine on the development
> machine logged on locally as any user. When I access the website and run
> the query from a client however the query fails to run. Someone please
> help?
>
> Here's the code for the query (in CheckBoxListsFill sub):
>
> 'Impersonate the Windows AD user running the application
> Dim impersonationContext As
> System.Security.Principal.WindowsImpersonationCont ext
> Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity
> currentWindowsIdentity = CType(User.Identity,
> System.Security.Principal.WindowsIdentity)
> impersonationContext = currentWindowsIdentity.Impersonate()
>
> Try
> 'Fill Approvers checkbox lists from AD LDAP
> 'Get all users in the G_SCA_Change_Control_Approvers group
> Dim Approvers_entry As New
>
DirectoryEntry("LDAP://CN=G_SCA_Change_Control_Approvers,OU=Groups,DC=sca ,DC
> =hin,DC=sk,DC=ca")
> Dim Approvers_result As String
> Dim entry As New DirectoryEntry("LDAP://SCA")
> Dim searcher As New DirectorySearcher(entry)
> Dim result As SearchResult
> Dim results As SearchResultCollection
> searcher.PropertiesToLoad.Add("samAccountName")
>
> 'Get the members of the group
> For Each Approvers_result In Approvers_entry.Properties("member")
> Approvers_result = Approvers_result.ToString.Split(",")(0)
> Approvers_result = Approvers_result.ToString.Split("=")(1)
> 'Find the samAccountName of the current Approvers_result
> searcher.Filter = ("(&(objectClass=person)(cn=" & Approvers_result
&
> "))")
> result = searcher.FindOne
> cblApprovers.Items.Add(New
> ListItem(result.Properties("samAccountName")(0).To String))
> Next
>
> Catch ex As Exception
> Response.Write(ex.Message)
> End Try
> impersonationContext.Undo()
>
> And here's the error message I get as any remote client running the web
> page:
>
> Source Error:
>
> An unhandled exception was generated during the execution of the
> current web request. Information regarding the origin and location of the
> exception can be identified using the exception stack trace below.
>
> Stack Trace:
>
> [COMException (0x80072020): An operations error occurred]
> System.DirectoryServices.DirectoryEntry.Bind(Boole an throwIfFail) +513
> System.DirectoryServices.DirectoryEntry.Bind() +10
> System.DirectoryServices.DirectoryEntry.get_AdsObj ect() +10
> System.DirectoryServices.PropertyValueCollection.P opulateList() +234
> System.DirectoryServices.PropertyCollection.get_It em(String
propertyName)
> +45
> Change_Request.frmNewRequest.CheckBoxListsFill() +210
> Change_Request.frmNewRequest.Page_Load(Object sender, EventArgs e) +395
> System.Web.UI.Control.OnLoad(EventArgs e) +67
> System.Web.UI.Control.LoadRecursive() +35
> System.Web.UI.Page.ProcessRequestMain() +731
>
> Like I said, any help in this would be very very much appreciated.
>
> Thanks in advance,
>
> Jason
>
>