Re: Can LDAP API be used either from VB or VBScript ?
From: Fie Fie Niles (fniles_at_wincitesystems.com)
Date: 08/09/04
- Next message: Veign: "Re: Printing format through VB"
- Previous message: Douglas Marquardt: "Re: Tool-tip property in VB 4?"
- In reply to: Paul Bobrowski: "Re: Can LDAP API be used either from VB or VBScript ?"
- Next in thread: Paul Bobrowski: "Re: Can LDAP API be used either from VB or VBScript ?"
- Reply: Paul Bobrowski: "Re: Can LDAP API be used either from VB or VBScript ?"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 9 Aug 2004 10:38:17 -0500
Thank you, Paul.
Last time you asked the following question:
The user is logging into a Windows box whose's domain is setup to do LDAP
authentication. If this is the cause there should be a link between the NT
Account UserId and the LDAP UserId, which in pretty much all normal cases
that I've seen have a direct relationship where NT UserId=LDAP UserId.
I just received the following answer from my client:
They first authenticate against a Windows 2000 Domain, then to gain access
to applications in IBM Portal, they must use another user to log into the
system.
There is no link between both authentication systems. The first one is from
Microsoft, and the second is based on a IBM Domino Server 6.5 which is
compatible with protocol LDAP V3.
Their application is running on Websphere and Java (J2EE), and our
application is on IIS and ASP.
So, first of all, our ASP application needs to find out if the user already
logged in to LDAP or not (when they were in Websphere and Java). I might not
know the user name or id here since when the user login to LDAP, it was on
Websphere and Java.
If the user already logged in to LDAP, then our ASP application should not
prompt the user to login anymore. If the user has not logged in to LDAP, our
ASP application needs to make the user login to LDAP.
I was thinking to use something like the following ASP code to see if the
user has logged in to LDAP prior to this (when they were in Websphere and
Java). Pls let me know what you think. Thank you so much.
<%
On Error Resume Next
Set openDS = GetObject("LDAP://myserver:389/OU=MEDELLIN,O=UNIBAN")
if err.number = 0 then
Response.Write "has logged in to LDAP prior to this."
Response.Write "LDAP User Name: " & x.Name
Response.Write "Object Parent: " & x.Parent
Response.Write "Object Path: " & x.ADsPath
else
Response.Write "has not login to LDAP yet. Let's go to login"
end if
set openDS = nothing
%>
"Paul Bobrowski" <pbobrowski-nospam@basictechnologies.com> wrote in message
news:eLG5BX9eEHA.3944@tk2msftngp13.phx.gbl...
> The first won't won't work, your not specifying a server to connect to,
nor
> are you giving it a password to attempt a login.
>
> CN is common name so the person you're trying to connect as. You'll
> probably want something like
>
> LDAP://<myserver>:<port usually 389>/CN=jeffsmith,OU=MEDELLIN,O=UNIBAN,
> Password, Connection mode
>
>
> "Fie Fie Niles" <fniles@wincitesystems.com> wrote in message
> news:%23vVoOw8eEHA.3200@TK2MSFTNGP09.phx.gbl...
> > Hi Paul,
> > would you kindly tell me if the following codes correct to login to
LDAP?
> >
> > on error resume next
> > Set openDS = GetObject("LDAP:")
> > openDS.OpenDSObject "LDAP://CN=jeffsmith,DC=fabrikam,DC=com", Null,
> Null,
> > ADS_SECURE_AUTHENTICATION + ADS_SERVER_BIND
> > 'or this code: openDS.OpenDSObject
> > "LDAP://Server:389/ou=Members,o=Microsoft",
> > "cn=Administrator,ou=Members,o=Microsoft", "password", 0
> > 'or this code: openDS.OpenDSObject
> > "LDAP://Server:389/ou=Members,o=Microsoft",
> > "cn=Administrator,ou=Members,o=Microsoft", "password", ADS_USE_SSL
> > 'or this code: openDS.OpenDSObject
> > "LDAP://TargetLDAPMachine:389/o=microsoft/ou=members",
> > "cn=Administrator,ou=Members,o=Microsoft", "password", 0
> > if err.number = 0 then
> > msgbox "authentication success"
> > else
> > msgbox err.number & ":" & err.description
> > set openDS = nothing
> > end if
> >
> > Thank you.
> >
> >
> > "Paul Bobrowski" <pbobrowski-nospam@basictechnologies.com> wrote in
> message
> > news:OPCU40veEHA.3412@TK2MSFTNGP11.phx.gbl...
> > > The O (Organization) and OU (Organizational Unit) describes how the
> > records
> > > are organized; however, you haven't post information about what
> properties
> > > each user may have. LDAP allows you to store whatever information you
> > want
> > > which makes it very useful; however, it's difficult to program for
> without
> > a
> > > schema listing, and pretty much impossible without access to the
servers
> > to
> > > look at the layout and derive the schema yourself (and no I don't want
> > > access to them).
> > >
> > > After your last message it became apparent that I'm unclear on how the
> > users
> > > are being authenticated. I was going off the thought that they logged
> > into
> > > Windows who's authentication was tied to an LDAP server. Your now
> > > mentioning a portal that says someone was logged in, and say they can
> run
> > > your application without visiting the portal. Is this a webapp? Your
> > > initial message talking about using LDAP with VB made me think it's a
> > normal
> > > VB application.
> > >
> > > The best way to work around this is to describe how users access your
> > > application, and how they are authenticating against LDAP.
> > >
> > > Also, I'd prefer keeping the discussion on the newsgroup, it allows
the
> > > thread to backed up by Google Groups and it may help someone in the
> future
> > > looking for information.
> > >
> > >
> > > "Fie Fie Niles" <fniles@wincitesystems.com> wrote in message
> > > news:u6hDRoveEHA.384@TK2MSFTNGP10.phx.gbl...
> > > > Thank you, Paul.
> > > > The following is their configuration:
> > > > · Windows 2000 Server (SP4).
> > > >
> > > > · Lotus Domino v6.5.1 (using the LDAP Service of this
product,
> > > this
> > > > is compatible with version 3.0).
> > > >
> > > > · Port 389.
> > > >
> > > > · Our LDAP manages unique Users and Groups.
> > > >
> > > > · In this moments the LDAP is used by three servers of IBM
> > > > Websphere. Each one have configured one conection to the LDAP
through
> > the
> > > > settings of this products (is native in the Websphere program).
> > > >
> > > > · In the Lotus Domino server has two Domino Directory
> databases,
> > > one
> > > > is the directory of the company and the other is the directory of
> > > producers.
> > > > Each one has a different OU and O.
> > > >
> > > > For example:
> > > > For the company directory the OU and O is:
> OU=MEDELLIN,O=UNIBAN
> > > /
> > > > OU=URABA,O=UNIBAN / OU=SANTAMARTA,O=UNIBAN
> > > >
> > > > For the producers directory, has not OU. The O is: O=PORTAL
> > > >
> > > > The LDAP service only provides authentication, the application must
> > > provide
> > > > different kinds of authorization for each kind of users
authenticated
> by
> > > the
> > > > LDAP.
> > > > In our application, we can not assume the users have logged in
> because
> > > our
> > > > application can be used with or without our portal.
> > > > If users are using portal our application should not ask for their
> > login
> > > ,
> > > > if they are not using our portal our application should ask for
their
> > > > login.
> > > >
> > > >
> > > > How can I find out if the user has logged in to LDAP without knowing
> the
> > > > LDAP user id ?
> > > >
> > > > Would it be more convenient if I email you ? Please let me know.
> > > >
> > > > Thank you.
> > > >
> > > > FieFie
> > > >
> > > > "Paul Bobrowski" <pbobrowski-nospam@basictechnologies.com> wrote in
> > > message
> > > > news:O7IOlaveEHA.3916@TK2MSFTNGP11.phx.gbl...
> > > > > If the Ids aren't the same it really depends on the LDAP schema.
I
> > > > couldn't
> > > > > give you a solution without knowing the layout. The NT UserId
MUST
> > have
> > > a
> > > > > relationship to the LDAP UserId for authentication to work.
> > > > >
> > > > > Your best bet would be to talk to the sysadmins and find out how
the
> > > > > authentication is working.
> > > > >
> > > > > "Fie Fie Niles" <fniles@wincitesystems.com> wrote in message
> > > > > news:OHMD6JveEHA.4092@TK2MSFTNGP10.phx.gbl...
> > > > > > Thank you, Paul.
> > > > > > I will go to google and check it out.
> > > > > > In the meantime, you said that "even if the two ids are not the
> > same,
> > > > you
> > > > > > should be able to an LDAP lookup using the NT UserID and be able
> to
> > > > > receive
> > > > > > the LDAP UserId.". Do you happen to have the code to do this
> lookup
> > > > using
> > > > > > the NT Userid?
> > > > > > Thanks.
> > > > > >
> > > > > > "Paul Bobrowski" <pbobrowski-nospam@basictechnologies.com> wrote
> in
> > > > > message
> > > > > > news:OJgxuomeEHA.3632@TK2MSFTNGP09.phx.gbl...
> > > > > > > It's been a while since I did LDAP coding but here's what I
> think
> > is
> > > > > > > happening.
> > > > > > >
> > > > > > > The user is logging into a Windows box whose's domain is setup
> to
> > do
> > > > > LDAP
> > > > > > > authentication. If this is the cause there should be a link
> > between
> > > > the
> > > > > > NT
> > > > > > > Account UserId and the LDAP UserId, which in pretty much all
> > normal
> > > > > cases
> > > > > > > that I've seen have a direct relationship where NT UserId=LDAP
> > > UserId.
> > > > > > >
> > > > > > > Even if the two ids are not the same, you should be able to an
> > LDAP
> > > > > lookup
> > > > > > > using the NT UserID and be able to receive the LDAP UserId.
> > > > > > >
> > > > > > > There are LDAP newsgroups; however, AFAIK not on the MS news
> > servers
> > > > > since
> > > > > > > MS pushes their Active Directory instead of LDAP. Just hit
> > > > > > > http://groups.google.com and do a search for LDAP and I'm sure
> > > you'll
> > > > > find
> > > > > > > the groups. You'll need a news server that will let you post
to
> > > them
> > > > > > > though, your ISP may provide one of these already.
> > > > > > >
> > > > > > >
> > > > > > > "Fie Fie Niles" <fniles@wincitesystems.com> wrote in message
> > > > > > > news:u$GI7LmeEHA.720@TK2MSFTNGP11.phx.gbl...
> > > > > > > > HI Bob,
> > > > > > > > Sorry, my posting was unclear.
> > > > > > > > It is not prior authentication that we need, it is post
> > > > > authentication.
> > > > > > > > So, after the user login to the intranet using LDAP and
> > > > authenticated,
> > > > > > > when
> > > > > > > > they go to our application, our application needs to get the
> > LDAP
> > > > user
> > > > > > id
> > > > > > > > that the user used earlier to login with.
> > > > > > > > If a user login to an NT server, programmatically I can get
> the
> > NT
> > > > > user
> > > > > > > name
> > > > > > > > by using the following code:
> > > > > > > > Declare Function WNetGetUser& Lib "Mpr" Alias "WNetGetUserA"
> > > (lpName
> > > > > As
> > > > > > > Any,
> > > > > > > > ByVal lpUserName$, lpnLength&)
> > > > > > > > ret = WNetGetUser(ByVal 0&, sUser, lLen)
> > > > > > > >
> > > > > > > > How can I programmatically get the user name that the user
use
> > to
> > > > > login
> > > > > > to
> > > > > > > > LDAP ?
> > > > > > > > Is there a newsgroup dedicated to LDAP ?
> > > > > > > >
> > > > > > > > Thanks a lot.
> > > > > > > >
> > > > > > > > FieFie
> > > > > > > >
> > > > > > > >
> > > > > > > > "Bob Butler" <tiredofit@nospam.com> wrote in message
> > > > > > > > news:OMOJjgleEHA.636@TK2MSFTNGP12.phx.gbl...
> > > > > > > > > "Fie Fie Niles" <fniles@wincitesystems.com> wrote in
message
> > > > > > > > > news:%23bXGqJleEHA.372@TK2MSFTNGP12.phx.gbl
> > > > > > > > > > Hi Bob,
> > > > > > > > > > You replied to my posting at the VB newsgroup last time
> > > > regarding
> > > > > > > > > > calling LDAP API from VB.
> > > > > > > > > > I now know what our client wants to do with it.
> > > > > > > > > > On our system, once a client has login to LDAP, they
would
> > not
> > > > > want
> > > > > > > > > > to login anymore to our system. In other words, our
system
> > > will
> > > > > need
> > > > > > > > > > to know the LDAP user id that the user uses, and login
to
> > our
> > > > > system
> > > > > > > > > > using that LDAP user id.
> > > > > > > > > >
> > > > > > > > > > Can I do this, and how to do it ?
> > > > > > > > >
> > > > > > > > > Sorry, I can't answer that. I've used LDAP within
> individual
> > > > > > > applications
> > > > > > > > > but never had to use prior authentication.
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: Veign: "Re: Printing format through VB"
- Previous message: Douglas Marquardt: "Re: Tool-tip property in VB 4?"
- In reply to: Paul Bobrowski: "Re: Can LDAP API be used either from VB or VBScript ?"
- Next in thread: Paul Bobrowski: "Re: Can LDAP API be used either from VB or VBScript ?"
- Reply: Paul Bobrowski: "Re: Can LDAP API be used either from VB or VBScript ?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
