Re: Querying AD via LDAP w/ simple authentication - need domain name?

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 05/18/04 

Date: Mon, 17 May 2004 22:04:18 -0500

Doh! Not sure why I always get that confused. What I think I meant was
that you can't use the DN with a secure bind.

Thanks!

Joe K.

"Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
news:u8SGnBGPEHA.2468@TK2MSFTNGP11.phx.gbl...
> Pst... check out my response... Not sure with dot NET but the underlying
LDAP
> API will let you use all three for a simple bind...
>
> joe
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> www.joeware.net
>
>
>
> Joe Kaplan (MVP - ADSI) wrote:
> > With Simple bind, you must use the DN. However, if you use Secure
binding
> > (available with the MS LDAP API, ADSI, S.DS, etc.), then you can specify
DN,
> > NT Logon Name, UPN or just samAccountName.
> >
> > Make sure if you are using Simple Bind that you use SSL with LDAP or you
> > will be passing those credentials over the network in plain text (unless
you
> > use IPSEC or something).
> >
> > Joe K.
> >
> > "corky" <twistdpair@hotmail.com> wrote in message
> > news:e2d5abce.0405171212.3bcb6a37@posting.google.com...
> >
> >>Hello all:
> >>
> >>I have a question tht does not seem to be easily answered by
> >>searching.
> >>
> >>When using the "simple authentication" mechanism in LDAP, do you need
> >>to qualify it with a domain name? If not, what conditions would force
> >>you to?
> >>
> >>We are trying to query AD via LDAP using just a username and password.
> >>It will not work, unless it is in the format of [domain
> >>name]\[username].
> >>
> >>Is this expected behavior? Are there circumstances when this would not
> >>be required? We have an office machine that is supposed to gather
> >>email addresses from AD without having to use the [domain
> >>name]\[username] format, but rather the [username only] format.
> >>
> >>Thanks.
> >>
> >>-corky
> >
> >
> >

Relevant Pages

  • Re: Oh.... Im just wondering whos seen this stumper...
    ... It is SASL bind GSS-API Encrypted payload packets. ... Joe Kaplan wrote: ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... at the time of the failure audit. ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD and Expired Password Checking and how to test?
    ... Like Joe said, the exact ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... I reset the password for a user, and the password expires on ... I change the system date to 10/10/06, and try a bind, which fails. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Oh.... Im just wondering whos seen this stumper...
    ... That would explain why you only see the bind traffic. ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... at the time of the failure audit. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Querying AD via LDAP w/ simple authentication - need domain name?
    ... postoffice-type address list running under 2003's LDAP? ... > that you can't use the DN with a secure bind. ... > Joe K. ... >> API will let you use all three for a simple bind... ...
    (microsoft.public.windows.server.active_directory)
  • Re: Non-Administrator users Cant do LDAP bind to AD
    ... Joe, ... I also tested my application, and that was able to do the bind, so I ... You can also install third-party certificates if you want to buy your own or ... Certificate Authourity if you have Apps that use a non-Windows LDAP ...
    (microsoft.public.windows.server.active_directory)