Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > LDAP Authentication

Reply
Thread Tools

LDAP Authentication

 
 
Hutty
Guest
Posts: n/a
 
      02-02-2009
Hi,

I am trying to authenticate user and password against Sun One LDAP. I am
getting the following message when trying to connect:

This provider can target only Active Directory and ADAM directories

Any ideas why I am getting this messages?
Here's my connecting info:

<add name="ADConnectionString"
connectionString="LDAP://ldap-r.hutty.edu:123/ou=people,dc=hutty,dc=edu"/>

connectionStringName="ADConnectionString"
connectionUsername="cn=user1,ou=roles,dc=hutty,dc= edu
" connectionPassword="password"/>

Thanks


--
Hutty
 
Reply With Quote
 
 
 
 
Joe Kaplan
Guest
Posts: n/a
 
      02-02-2009
I think it is exactly as it says. The provider is specifically designed
only for AD and ADAM. You mentioned you had Sun One.

Are you asking how it is that the provider can tell your directory is not AD
or ADAM?

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"Hutty" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi,
>
> I am trying to authenticate user and password against Sun One LDAP. I am
> getting the following message when trying to connect:
>
> This provider can target only Active Directory and ADAM directories
>
> Any ideas why I am getting this messages?
> Here's my connecting info:
>
> <add name="ADConnectionString"
> connectionString="LDAP://ldap-r.hutty.edu:123/ou=people,dc=hutty,dc=edu"/>
>
> connectionStringName="ADConnectionString"
> connectionUsername="cn=user1,ou=roles,dc=hutty,dc= edu
> " connectionPassword="password"/>
>
> Thanks
>
>
> --
> Hutty


 
Reply With Quote
 
 
 
 
Hutty
Guest
Posts: n/a
 
      02-02-2009
Thanks for the reply Joe.

Actually, I am trying to connect using Visual Web Studio 2008. Do I need to
ask for permission to connect using this provider?

If I can't connect using this method, what are my alternatives?

Thanks
--
Hutty


"Joe Kaplan" wrote:

> I think it is exactly as it says. The provider is specifically designed
> only for AD and ADAM. You mentioned you had Sun One.
>
> Are you asking how it is that the provider can tell your directory is not AD
> or ADAM?
>
> --
> Joe Kaplan-MS MVP Directory Services Programming
> Co-author of "The .NET Developer's Guide to Directory Services Programming"
> http://www.directoryprogramming.net
> "Hutty" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Hi,
> >
> > I am trying to authenticate user and password against Sun One LDAP. I am
> > getting the following message when trying to connect:
> >
> > This provider can target only Active Directory and ADAM directories
> >
> > Any ideas why I am getting this messages?
> > Here's my connecting info:
> >
> > <add name="ADConnectionString"
> > connectionString="LDAP://ldap-r.hutty.edu:123/ou=people,dc=hutty,dc=edu"/>
> >
> > connectionStringName="ADConnectionString"
> > connectionUsername="cn=user1,ou=roles,dc=hutty,dc= edu
> > " connectionPassword="password"/>
> >
> > Thanks
> >
> >
> > --
> > Hutty

>
>

 
Reply With Quote
 
Joe Kaplan
Guest
Posts: n/a
 
      02-03-2009
The web server you are running this on shouldn't matter. What matters is
the backend LDAP store you are trying to use. In your case, the store is
not supported.

The membership provider framework is extensible, so you could write your own
LDAP auth membership provider that is coded to work with Sun One. You could
use S.DS.Protocols for this which is a lower level, less "MS-specific" LDAP
API.

You can use a tool like reflector to reverse engineer the existing provider
to see how it works.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"Hutty" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Thanks for the reply Joe.
>
> Actually, I am trying to connect using Visual Web Studio 2008. Do I need
> to
> ask for permission to connect using this provider?
>
> If I can't connect using this method, what are my alternatives?
>
> Thanks
> --
> Hutty
>
>
> "Joe Kaplan" wrote:
>
>> I think it is exactly as it says. The provider is specifically designed
>> only for AD and ADAM. You mentioned you had Sun One.
>>
>> Are you asking how it is that the provider can tell your directory is not
>> AD
>> or ADAM?
>>
>> --
>> Joe Kaplan-MS MVP Directory Services Programming
>> Co-author of "The .NET Developer's Guide to Directory Services
>> Programming"
>> http://www.directoryprogramming.net
>> "Hutty" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>> > Hi,
>> >
>> > I am trying to authenticate user and password against Sun One LDAP. I
>> > am
>> > getting the following message when trying to connect:
>> >
>> > This provider can target only Active Directory and ADAM directories
>> >
>> > Any ideas why I am getting this messages?
>> > Here's my connecting info:
>> >
>> > <add name="ADConnectionString"
>> > connectionString="LDAP://ldap-r.hutty.edu:123/ou=people,dc=hutty,dc=edu"/>
>> >
>> > connectionStringName="ADConnectionString"
>> > connectionUsername="cn=user1,ou=roles,dc=hutty,dc= edu
>> > " connectionPassword="password"/>
>> >
>> > Thanks
>> >
>> >
>> > --
>> > Hutty

>>
>>


 
Reply With Quote
 
Hutty
Guest
Posts: n/a
 
      02-03-2009
Thanks Joe for your responses. Not exactly what I was hoping to hear, but did
shed some light on the problem at hand. Building my own directory sounds like
the best course of action. Hopefully that will be straightforward.

Regards,
--
Hutty


"Joe Kaplan" wrote:

> The web server you are running this on shouldn't matter. What matters is
> the backend LDAP store you are trying to use. In your case, the store is
> not supported.
>
> The membership provider framework is extensible, so you could write your own
> LDAP auth membership provider that is coded to work with Sun One. You could
> use S.DS.Protocols for this which is a lower level, less "MS-specific" LDAP
> API.
>
> You can use a tool like reflector to reverse engineer the existing provider
> to see how it works.
>
> --
> Joe Kaplan-MS MVP Directory Services Programming
> Co-author of "The .NET Developer's Guide to Directory Services Programming"
> http://www.directoryprogramming.net
> "Hutty" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Thanks for the reply Joe.
> >
> > Actually, I am trying to connect using Visual Web Studio 2008. Do I need
> > to
> > ask for permission to connect using this provider?
> >
> > If I can't connect using this method, what are my alternatives?
> >
> > Thanks
> > --
> > Hutty
> >
> >
> > "Joe Kaplan" wrote:
> >
> >> I think it is exactly as it says. The provider is specifically designed
> >> only for AD and ADAM. You mentioned you had Sun One.
> >>
> >> Are you asking how it is that the provider can tell your directory is not
> >> AD
> >> or ADAM?
> >>
> >> --
> >> Joe Kaplan-MS MVP Directory Services Programming
> >> Co-author of "The .NET Developer's Guide to Directory Services
> >> Programming"
> >> http://www.directoryprogramming.net
> >> "Hutty" <(E-Mail Removed)> wrote in message
> >> news:(E-Mail Removed)...
> >> > Hi,
> >> >
> >> > I am trying to authenticate user and password against Sun One LDAP. I
> >> > am
> >> > getting the following message when trying to connect:
> >> >
> >> > This provider can target only Active Directory and ADAM directories
> >> >
> >> > Any ideas why I am getting this messages?
> >> > Here's my connecting info:
> >> >
> >> > <add name="ADConnectionString"
> >> > connectionString="LDAP://ldap-r.hutty.edu:123/ou=people,dc=hutty,dc=edu"/>
> >> >
> >> > connectionStringName="ADConnectionString"
> >> > connectionUsername="cn=user1,ou=roles,dc=hutty,dc= edu
> >> > " connectionPassword="password"/>
> >> >
> >> > Thanks
> >> >
> >> >
> >> > --
> >> > Hutty
> >>
> >>

>
>

 
Reply With Quote
 
Joe Kaplan
Guest
Posts: n/a
 
      02-03-2009
One of the things with the membership provider framework is that you don't
actually have to implement every single interface member when building your
provider. You only really need to implement the members that correspond to
the features you need. If all you need are the members for checking
credentials, you don't need to build the methods that write new users, reset
passwords or look people up for directory searches and such.

The key will be focusing in on the algorithm used to implement the LDAP
authentication. Normally, the core of this is a bind operation. In many
directories, you also must perform some sort of name translation prior to
the bind. This is because the bind may require that the username be
submitted in full "distinguished name" yet most users don't know this name
and it is too long to type anyway, so they supply some sort of short name.
You frequently need to look up the DN based on the short name but will need
a service account with permissions to perform this query in order to do so.
Most of the complexity stems from managing all that stuff and figuring out
the LDAP details to make that work on your given directory platform.

I'm sure there are some docs out there that have algorithmic descriptions of
how to implement LDAP auth on Sun One that can be applied to the .NET LDAP
APIs as needed.

Best of luck!

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"Hutty" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Thanks Joe for your responses. Not exactly what I was hoping to hear, but
> did
> shed some light on the problem at hand. Building my own directory sounds
> like
> the best course of action. Hopefully that will be straightforward.
>
> Regards,
> --
> Hutty
>
>
> "Joe Kaplan" wrote:
>
>> The web server you are running this on shouldn't matter. What matters is
>> the backend LDAP store you are trying to use. In your case, the store is
>> not supported.
>>
>> The membership provider framework is extensible, so you could write your
>> own
>> LDAP auth membership provider that is coded to work with Sun One. You
>> could
>> use S.DS.Protocols for this which is a lower level, less "MS-specific"
>> LDAP
>> API.
>>
>> You can use a tool like reflector to reverse engineer the existing
>> provider
>> to see how it works.
>>
>> --
>> Joe Kaplan-MS MVP Directory Services Programming
>> Co-author of "The .NET Developer's Guide to Directory Services
>> Programming"
>> http://www.directoryprogramming.net
>> "Hutty" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>> > Thanks for the reply Joe.
>> >
>> > Actually, I am trying to connect using Visual Web Studio 2008. Do I
>> > need
>> > to
>> > ask for permission to connect using this provider?
>> >
>> > If I can't connect using this method, what are my alternatives?
>> >
>> > Thanks
>> > --
>> > Hutty
>> >
>> >
>> > "Joe Kaplan" wrote:
>> >
>> >> I think it is exactly as it says. The provider is specifically
>> >> designed
>> >> only for AD and ADAM. You mentioned you had Sun One.
>> >>
>> >> Are you asking how it is that the provider can tell your directory is
>> >> not
>> >> AD
>> >> or ADAM?
>> >>
>> >> --
>> >> Joe Kaplan-MS MVP Directory Services Programming
>> >> Co-author of "The .NET Developer's Guide to Directory Services
>> >> Programming"
>> >> http://www.directoryprogramming.net
>> >> "Hutty" <(E-Mail Removed)> wrote in message
>> >> news:(E-Mail Removed)...
>> >> > Hi,
>> >> >
>> >> > I am trying to authenticate user and password against Sun One LDAP.
>> >> > I
>> >> > am
>> >> > getting the following message when trying to connect:
>> >> >
>> >> > This provider can target only Active Directory and ADAM directories
>> >> >
>> >> > Any ideas why I am getting this messages?
>> >> > Here's my connecting info:
>> >> >
>> >> > <add name="ADConnectionString"
>> >> > connectionString="LDAP://ldap-r.hutty.edu:123/ou=people,dc=hutty,dc=edu"/>
>> >> >
>> >> > connectionStringName="ADConnectionString"
>> >> > connectionUsername="cn=user1,ou=roles,dc=hutty,dc= edu
>> >> > " connectionPassword="password"/>
>> >> >
>> >> > Thanks
>> >> >
>> >> >
>> >> > --
>> >> > Hutty
>> >>
>> >>

>>
>>


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
python-ldap/win32 or python/ldap/win32 rcmn Python 1 11-06-2006 11:47 PM
Need to wrtie LDAP class to *answer* LDAP queries. junk1@davidbevan.co.uk Java 1 02-21-2006 09:59 PM
ruby-ldap: uninitialized constant LDAP::LDAP_CONTROL_PAGEDRESULTS James Hughes Ruby 4 12-13-2005 11:46 PM
[ANN] Ruby/LDAP 0.9.1: LDAP API (RFC1823) library. Ian Macdonald Ruby 0 03-15-2005 11:23 PM
using LDAP Controls in ruby-ldap Jason Wold Ruby 5 11-07-2004 03:35 AM



Advertisments