Search Results

Search found 1139 results on 46 pages for 'ldap'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 24/46 | < Previous Page | 20 21 22 23 24 25 26 27 28 29 30 31  | Next Page >

  • How to Authenticate to Active Directory Services (ADs) using .NET 3.5 / C#

    - by Ranger Pretzel
    After much struggling, I've figured out how to authenticate to my company's Active Directory using just 2 lines of code with the Domain, Username, and Password in .NET 2.0 (in C#): // set domain, username, password, and security parameters DirectoryEntry entry = new DirectoryEntry("LDAP://" + domain, username, password, AuthenticationTypes.Secure | AuthenticationTypes.SecureSocketsLayer); // force Bind to AD server to authenticate object obj = entry.NativeObject; If the 2nd line throws an exception, then the credentials and/or parameters were bad. (Specific reason can be found in the exception.) If no exception, then the credentials are good. Trying to do this in .NET 3.5 looks like it should be easy, but has me at a roadblock instead. Specifically, I've been working with this example: PrincipalContext domainContext = new PrincipalContext(ContextType.Domain, domain); using (domainContext) { return domainContext.ValidateCredentials(UserName, Password); } Unfortunately, this doesn't work for me as I don't have both ContextOptions set to Sealed/Secure and SSL (like I did above in the .NET 2.0 code.) There is an alternate constructor for PrincipalContext that allows setting the ContextOptions, but this also requires supplying a Distinguished Name (DN) of a Container Object and I don't know exactly what mine is or how I would find out. public PrincipalContext(ContextType contextType, string name, string container, ContextOptions options); // container: // The container on the store to use as the root of the context. All queries // are performed under this root, and all inserts are performed into this container. // For System.DirectoryServices.AccountManagement.ContextType.Domain and System.DirectoryServices.AccountManagement.ContextType.ApplicationDirectory // context types, this parameter is the distinguished name of a container object. Any suggestions?

    Read the article

  • Ldap_add() : Invalid Syntax

    - by Suezy
    I have a program here that uses the ldap_add, when i try to run the program, it displays an error: Warning: ldap_add() [function.ldap-add]: Add: Invalid syntax in /var/www/suey/costcenter.20090617.php on line 780 My lil' code here is: $ldapservers='ourServer'; $ds = ldap_connect($ldapservers); if ($ds){ $r = ldap_bind($ds, $ldaprootun, $ldaprootpw); $add = ldap_add($ds, "uid=$fuid, $ldapbasedn", $infonew); } ldapbasedn is set to o=ourGroup; infonew is an array of entries (person information) and am so sure that the array is not empty because i already tested it. the uid is not empty too. What could be wrong? Is it the entries(array)? or the server am trying to connect to? I tried testing the ldap_bind, and it also works well too..hmmm.. Pls help.. thanks! I found the problem.. it's in the index infonew["createdBy"] = getenv("REMOTE_USER"); it returns NULL! now, is that right?

    Read the article

  • Different approaches for finding users within Active Directory

    - by EvilDr
    I'm a newbie to AD programming, but after a couple of weeks of research have found the following three ways to search for users in Active Directory using the account name as the search parameter: Option 1 - FindByIdentity Dim ctx As New PrincipalContext(ContextType.Domain, Environment.MachineName) Dim u As UserPrincipal = UserPrincipal.FindByIdentity(ctx, IdentityType.SamAccountName, "MYDOMAIN\Administrator") If u Is Nothing Then Trace.Warn("No user found.") Else Trace.Warn("Name=" & u.Name) Trace.Warn("DisplayName=" & u.DisplayName) Trace.Warn("DistinguishedName=" & u.DistinguishedName) Trace.Warn("EmployeeId=" & u.EmployeeId) Trace.Warn("EmailAddress=" & u.EmailAddress) End If Option 2 - DirectorySearcher Dim connPath As String = "LDAP://" & Environment.MachineName Dim de As New DirectoryEntry(connPath) Dim ds As New DirectorySearcher(de) ds.Filter = String.Format("(&(objectClass=user)(anr={0}))", Split(User.Identity.Name, "\")(1)) ds.PropertiesToLoad.Add("name") ds.PropertiesToLoad.Add("displayName") ds.PropertiesToLoad.Add("distinguishedName") ds.PropertiesToLoad.Add("employeeId") ds.PropertiesToLoad.Add("mail") Dim src As SearchResult = ds.FindOne() If src Is Nothing Then Trace.Warn("No user found.") Else For Each propertyKey As String In src.Properties.PropertyNames Dim valueCollection As ResultPropertyValueCollection = src.Properties(propertyKey) For Each propertyValue As Object In valueCollection Trace.Warn(propertyKey & "=" & propertyValue.ToString) Next Next End If Option 3 - PrincipalSearcher Dim ctx2 As New PrincipalContext(ContextType.Domain, Environment.MachineName) Dim sp As New UserPrincipal(ctx2) sp.SamAccountName = "MYDOMAIN\Administrator" Dim s As New PrincipalSearcher s.QueryFilter = sp Dim p2 As UserPrincipal = s.FindOne() If p2 Is Nothing Then Trace.Warn("No user found.") Else Trace.Warn(p2.Name) Trace.Warn(p2.DisplayName) Trace.Warn(p2.DistinguishedName) Trace.Warn(p2.EmployeeId) Trace.Warn(p2.EmailAddress) End If All three of these methods return the same results, but I was wondering if any particular method is better or worse than the others? Option 1 or 3 seem to be the best as they provide strongly-typed property names, but I might be wrong? My overall objective is to find a single user within AD based on the user principal value passed via the web browser when using Windows Authentication on a site (e.g. "MYDOMAIN\MyUserAccountName")

    Read the article

  • How to keep group-writeable shares on Samba with OSX clients?

    - by Oliver Salzburg
    I have a FreeNAS server on a network with OSX and Windows clients. When the OSX clients interact with SMB/CIFS shares on the server, they are causing permission problems for all other clients. Update: I can no longer verify any answers because we abandoned the project, but feel free to post any help for future visitors. The details of this behavior seem to also be dependent on the version of OSX the client is running. For this question, let's assume a client running 10.8.2. When I mount the CIFS share on an OSX client and create a new directory on it, the directory will be created with drwxr-x-rx permissions. This is undesirable because it will not allow anyone but me to write to the directory. There are other users in my group which should have write permissions as well. This behavior happens even though the following settings are present in smb.conf on the server: [global] create mask= 0666 directory mask= 0777 [share] force directory mode= 0775 force create mode= 0660 I was under the impression that these settings should make sure that directories are at least created with rwxrwxr-x permissions. But, I guess, that doesn't stop the client from changing the permissions after creating the directory. When I create a folder on the same share from a Windows client, the new folder will have the desired access permissions (rwxrwxrwx), so I'm currently assuming that the problem lies with the OSX client. I guess this wouldn't be such an issue if you could easily change the permissions of the directories you've created, but you can't. When opening the directory info in Finder, I get the old "You have custom access" notice with no ability to make any changes. I'm assuming that this is caused because we're using Windows ACLs on the share, but that's just a wild guess. Changing the write permissions for the group through the terminal works fine, but this is unpractical for the deployment and unreasonable to expect from anyone to do. This is the complete smb.conf: [global] encrypt passwords = yes dns proxy = no strict locking = no read raw = yes write raw = yes oplocks = yes max xmit = 65535 deadtime = 15 display charset = LOCALE max log size = 10 syslog only = yes syslog = 1 load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes smb passwd file = /var/etc/private/smbpasswd private dir = /var/etc/private getwd cache = yes guest account = nobody map to guest = Bad Password obey pam restrictions = Yes # NOTE: read smb.conf. directory name cache size = 0 max protocol = SMB2 netbios name = freenas workgroup = COMPANY server string = FreeNAS Server store dos attributes = yes hostname lookups = yes security = user passdb backend = ldapsam:ldap://ldap.company.local ldap admin dn = cn=admin,dc=company,dc=local ldap suffix = dc=company,dc=local ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap ssl = off ldap replication sleep = 1000 ldap passwd sync = yes #ldap debug level = 1 #ldap debug threshold = 1 ldapsam:trusted = yes idmap uid = 10000-39999 idmap gid = 10000-39999 create mask = 0666 directory mask = 0777 client ntlmv2 auth = yes dos charset = CP437 unix charset = UTF-8 log level = 1 [share] path = /mnt/zfs0 printable = no veto files = /.snap/.windows/.zfs/ writeable = yes browseable = yes inherit owner = no inherit permissions = no vfs objects = zfsacl guest ok = no inherit acls = Yes map archive = No map readonly = no nfs4:mode = special nfs4:acedup = merge nfs4:chown = yes hide dot files force directory mode = 0775 force create mode = 0660

    Read the article

  • C# Active Directory - Check username / password

    - by Michael G
    I'm using the following code on Windows Vista Ultimate SP1 to query our active directory server to check the user name and password of a user on a domain. public Object IsAuthenticated() { String domainAndUsername = strDomain + @"\" + strUser; DirectoryEntry entry = new DirectoryEntry(_path, domainAndUsername, strPass); SearchResult result; try { //Bind to the native AdsObject to force authentication. DirectorySearcher search = new DirectorySearcher(entry) { Filter = ("(SAMAccountName=" + strUser + ")") }; search.PropertiesToLoad.Add("givenName"); // First Name search.PropertiesToLoad.Add("sn"); // Last Name search.PropertiesToLoad.Add("cn"); // Last Name result = search.FindOne(); if (null == result) { return null; } //Update the new path to the user in the directory. _path = result.Path; _filterAttribute = (String)result.Properties["cn"][0]; } catch (Exception ex) { return new Exception("Error authenticating user. " + ex.Message); } return user; } the target is using .NET 3.5, and compiled with VS 2008 standard I'm logged in under a domain account that is a domain admin where the application is running. The code works perfectly on windows XP; but i get the following exception when running it on Vista: System.DirectoryServices.DirectoryServicesCOMException (0x8007052E): Logon failure: unknown user name or bad password. at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) at System.DirectoryServices.DirectorySearcher.FindOne() at Chain_Of_Custody.Classes.Authentication.LdapAuthentication.IsAuthenticated() at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) at System.DirectoryServices.DirectorySearcher.FindOne() at Chain_Of_Custody.Classes.Authentication.LdapAuthentication.IsAuthenticated() I've tried changing the authentication types, I'm not sure what's going on. See also: http://stackoverflow.com/questions/290548/c-validate-a-username-and-password-against-active-directory

    Read the article

  • Open Source Alternative to ASP.NET membership

    - by Tony Lenzi
    I'm currently supporting a Python web app with increasingly complicated user/role/permission management requirements. Currently, we are rolling our own user, groups, permissions, etc. code and supporting database. I'd like to find something like ASP.NET membership that can help manage user authentication and authorization, rather than risk security issues in continuing to create an increasingly complicated custom solution. Are there any similar projects out there worth taking a look at?

    Read the article

  • Unable to get ncName and netBIOSName Properties

    - by Randz
    I've some code on the net regarding retrieval of NetBIOSName (Pre-windows 2000 domain name) of an Active Directory Domain. Here's my code sample: Me._rootDSE = New System.DirectoryServices.DirectoryEntry("GC://RootDSE", "", "") Dim results As System.DirectoryServices.SearchResultCollection = Nothing Dim ADSPath As String = "GC://CN=Partitions," + Me._rootDSE.Properties("configurationNamingContext").Value.ToString() Dim adse As System.DirectoryServices.DirectoryEntry = New System.DirectoryServices.DirectoryEntry(ADSPath, "", "") Dim searcher As System.DirectoryServices.DirectorySearcher searcher = New System.DirectoryServices.DirectorySearcher(adse) searcher.SearchScope = DirectoryServices.SearchScope.OneLevel searcher.Filter = "(&(objectClass=crossRef)(systemflags=3))" searcher.PropertiesToLoad.Add("netbiosname") searcher.PropertiesToLoad.Add("ncname") results = searcher.FindAll() If results.Count > 0 Then For Each sr As System.DirectoryServices.SearchResult In results Dim de As System.DirectoryServices.DirectoryEntry = sr.GetDirectoryEntry() 'netbiosname and ncname properties returns nothing System.Diagnostics.Trace.WriteLine(sr.GetDirectoryEntry().Properties("netbiosname").Value.ToString()) System.Diagnostics.Trace.WriteLine(sr.GetDirectoryEntry().Properties("ncname").Value.ToString()) Next End If When I am using the "(&(objectClass=crossRef)(systemFlags=3))" filter, I am not getting any result, but when I removed the systemFlags filter, I get some results. However, on the search results that I got, I still cannot access the values of ncName and NetBIOSName properties. I can get other properties like distinguishedName and CN of the search result properly. Any idea on what I might be doing wrong, or where to look further?

    Read the article

  • need help passing multiple variables from foreach loop to test in switch case statement

    - by Brad
    $list_of_groups = array("FACULTY","STAFF"); foreach ($list_of_groups as $i => $group) { $user_in_group = $adldap->user_ingroup($username,$group); print "<h2>Group: ".$group." user in group? ".$user_in_group."</h2>"; // if 1, means yes } Need to print run the appropriate function based on what returns true. There are user's that are members of both FACULTY and STAFF groups, so I want to check for those users and display the appropriate content for them. So if the user is both faculty and staff, then display this, if they are only of staff, display that, same for faculty, might not make sense, but I will write out some code "in theory" that will help you understand what I am trying to do switch(Get group membership of user) { case "FACULTY": print "Faculty group member"; break; case "STAFF": print "Staff group member"; break; case "FACULTY and STAFF": print "Member of both faculty and staff"; break; } I am unsure on how it will check if they are members of both groups and run that thru the case statement to display the appropriate message. The foreach look currently runs thru every group the user belongs to, prints out the ones from the $list_of_groups and the number 1 to the right of it, signifying they belong to it. The problem I have is trying to use that information to run thru the case statement, I am unsure of how to go about that. This is what it prints out for the user currently passed thru the foreach loop: Group: FACULTY user in group? 1 Group: STAFF user in group? 1 Any help is appreciated.

    Read the article

  • Optimize existing code and need to list alphabetically.

    - by Brad
    I need help optimizing the code to run faster, unless it is optimized the best. I also want to alphabetize the list and I am unsure how to do that. It should be alphabetized by $userinfo[0]["sn"][0] I am using the adLDAP class: http://adldap.sourceforge.net/ <?php require_once('adLDAP.php'); //header('Content-type: text/json'); $adldap = new adLDAP(); $groupMembers = $adldap->group_members('STAFF'); //print_r($groupMembers); $userinfo = $adldap->user_info($username, array("givenname","sn","telephonenumber")); $displayname = $userinfo[0]["givenname"][0]." ".$userinfo[0]["sn"][0]; print "<ul>"; foreach ($groupMembers as $i => $username) { $userinfo = $adldap->user_info($username, array("*")); $displayname = "<strong>".$userinfo[0]["givenname"][0]." ".$userinfo[0]["sn"][0]."</strong> - ".$userinfo[0]["telephonenumber"][0]; if($userinfo[0]["sn"][0] != "" && $userinfo[0]["givenname"][0] != "" && $userinfo[0]["telephonenumber"][0] != "") { print "<li>".$displayname."</li>"; } } print "</ul>"; ?>

    Read the article

  • Invalid argument supplied for foreach() using adldap

    - by Brad
    I am using adldap http://adldap.sourceforge.net/ And I am passing the session from page to page, and checking to make sure the username within the session is a member of a certain member group, for this example, it is the STAFF group. <?php ini_set('display_errors',1); error_reporting(E_ALL); require_once('/web/ee_web/include/adLDAP.php'); $adldap = new adLDAP(); session_start(); $group = "STAFF"; //$authUser = $adldap->authenticate($username, $password); $result=$adldap->user_groups($_SESSION['user_session']); foreach($result as $key=>$value) { switch($value) { case $group: print '<h3>'.$group.'</h3>'; break; default: print '<h3>Did not find specific value: '.$value.'</h3>'; } if($value == $group) { print 'for loop broke'; break; } } ?> It gives me the error: Warning: Invalid argument supplied for foreach() on line 15, which is this line of code: foreach($result as $key=$value) { When I uncomment the code $authUser = $adldap-authenticate($username, $password); and enter in the appropriate username and password, it works fine, but I shouldn't have to, since the session is valid, I just want to see if the username stored within the valid_session is apart of the STAFF group. Why would it be giving me that problem?

    Read the article

  • Remove or change an attribute syntax in AD LDS?

    - by Drazar
    I've searched the net and I cant find any information about how to change an attribute syntax or remove an attribute from the schema in AD LDS, former ADAM. From some documents i´ve read they claim it is not possible. However I find that hard to believe. Is there no room for making an error? Regards

    Read the article

  • PHP - ldap_search() filter. How to search for user

    - by cvack
    $_SERVER['REMOTE_USER'] returns the username of the user logged in to an Active Directory. I want to retrive this users info by using ldap_search(). This is what I have now: $ad = // ldap_connection id $filter = "(|(sn=$username*)(givenname=$username*))"; $attr = array("displayname", "mail", "mobile", "homephone", "telephonenumber", "streetaddress", "postalcode", "physicaldeliveryofficename", "l"); $dn = // OU, DC etc.. ldap_search($ad,$dn,$filter,$attr); It works, but i'm not sure it will work if two users have almost the same names. How do I only search for their unique username so that i always only get one user?

    Read the article

  • Impersonation in asp.net, confused about implmentation when used with Active Directory & Sql Server

    - by AWC
    I have an internal website that is using integrated windows authentication and this website uses sql server & active directory queries via the System.Directory.Services namespace. To use the System.Directory.Services namespace in ASP.NET I have to run IIS under an account that has the correct privileges and importantly have impersonation set to true in the web config. If this is done then when I make a query against AD then the credentials of the wroker process (IIS) are used instead of the ASPNET account and therefore the queries will now succeed. Now if I am also using Sql Server with a connection string configured for integrated security ('Integrated Security=SSPI') then this interprets the ASP.NET impersonation to mean that I want to access the database as the windows credentials of the request no the worker process. I hope I'm wrong and that I've got the config wrong, but I don't think I have and this seems not to be inconsistent? It should be noted I'm using IIS 5.1 for development and obivously this doesn't have the concept of app-pools which I believe would resolve the problem.

    Read the article

  • I (think) I want to use a BItWise Operator to check useraccountcontrol property!

    - by Jim
    Hello, Here's some code: DirectorySearcher searcher = new DirectorySearcher(); searcher.Filter = "(&(objectClass=user)(sAMAccountName=" + lstUsers.SelectedItem.Text + "))"; SearchResult result = searcher.FindOne(); Within result.Properties["useraccountcontrol"] will be an item which will give me a value depending on the state of the account. For instance, a value of 66050 means I'm dealing with: A normal account; where the password does not expire;which has been disabled. Explanation here. What's the most concise way of finding out if my value "contains" the AccountDisable flag (which is 2) Thanks in advance!

    Read the article

  • Authentication between domains

    - by gneash
    I have: a service running under user account domainA\userA on hostA from domainA SPNs created for the service running on hostA for user account domainA\userA a client part of my application is trying to access resources (through remoting) from the service running on hostA but this client part is running on hostB from domainB and under the user account domainB\userB appropriate delegation settings are done for user account domainA\userA trusted for delegation SPNs set properly with no duplicates domainA and domainB have two way trust I get this error: A secuity package specific error occured: Unspecified error (0x80004005) Could you please see if there is any authentication setting I missed?

    Read the article

  • need to display info for user within active-directory

    - by Brad
    The following code will search for the user within the domain controller, but I want to display the info of each thing noted within the justthese variable: "displayname","mail","samaccountname","sn","givenname","department","telephonenumber" $dn = "dc=xxx,dc=xxx"; $justthese = array("displayname","mail","samaccountname","sn","givenname","department","telephonenumber"); $sr=ldap_search($ldapconn, $dn,'SAMAccountName=username', $justthese); $info = ldap_get_entries($ldapconn, $sr); echo "<h3>".$info["count"]." entries returned</h3>"; foreach($justthese as $key=>$value){ print '<p><strong>'.$value.'</strong></p>'; } It displays each item within the $justthese array, I want to display the info for that user for each thing noted in $justthese array. Right now it outputs it like this: displayname mail samaccountname sn givenname department telephonenumber I want it to have the actual data to the right of it, which I know I am doing something wrong with the foreach loop, any help is appreciated. So it'd look like this displayname Chuck mail [email protected] samaccountname chucknorris sn chuckisthebest givenname Chuck Norris department Security telephonenumber 555-555-5555

    Read the article

  • Can a user be a member of multiple Organization Units (OU) in Active Directory ?

    - by Stormshadow
    Can a user be a member of multiple Organization Units (OU) in Active Directory ? Also, is there a standard format mentioned by Microsoft on how an OU should be created and what its attributes are ? I found this in Wikipedia "However, Organizational Units are just an abstraction for the administrator, and do not function as true containers; the underlying domain operates as if objects were all created in a simple flat-file structure, without any OUs. It is not possible for example to create two user accounts with an identical username in two separate OUs, such as "fred.staff-ou.domain" and "fred.student-ou.domain"."

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 20 21 22 23 24 25 26 27 28 29 30 31  | Next Page >