Random logon failure with ADAM Bind Proxy
From: Seetha (seethaj_at_yahoo.com)
Date: 06/09/04
- Next message: Dmitri Gavrilov [MSFT]: "Re: Random logon failure with ADAM Bind Proxy"
- Previous message: Bryan: "does Authentication have a time limit?"
- Next in thread: Dmitri Gavrilov [MSFT]: "Re: Random logon failure with ADAM Bind Proxy"
- Reply: Dmitri Gavrilov [MSFT]: "Re: Random logon failure with ADAM Bind Proxy"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 9 Jun 2004 17:35:40 -0400
I have an isolated test environment with two servers -AD domain controller and Windows 2003 server with ADAM on it. ADAM is used as a store for user profiles and AD stores just the username/password and is solely used for authentication.
I have been using ADAM bind proxy to authenticate users against AD. I have two questions relate to this setup.
a.ADAM bindproxy authentication was working fine. But suddenly this has been creating random authentication errors with 'There is no object in the server' during bind. The main problem is that authentication does not fail consistently , it fails for few minutes, if I come back and test after an hour it works, and fails after some time. The one thing that changed is that we have been running a job that migrates ~350K users to AD and ADAM.
If I authenticate directly against AD , authentication works consistently. Not sure if adding too many users (all added to Readers role individually) is having an effect on Bind proxy. Any ideas?
Here is a code that I use to authenticate using ADAM bind proxy
---------------------------------------------------------------------------------------------
public bool adamAuthenticate(string username, string password)
{
userDN = "LDAP://" + m_adamServer+ "/" + "CN=" + username + "," + this.m_adamUsersContainerPath;
userLoginName = "CN=" + username + ", " + this.m_adamUsersContainerPath;
entry = new DirectoryEntry( userDN, userLoginName, password, AuthenticationTypes.None);
try
{
// Bind to the native AdsObject to force authentication.
Object obj = entry.NativeObject;
}
catch(System.Exception ex)
{}
---------------------------------------------------------------------------------------------
The following that authenticates against AD works
---------------------------------------------------------------------------------------------
public bool ADAuthenticate(string username, string password)
{
userDN = "LDAP://" + this.m_adServer+ "/" + "CN=" + username + "," + this.m_adUsersContainerPath;
DirectoryEntry user = new DirectoryEntry(userDN, this.m_adAdminUsername, this.m_adAdminPassword);
try
{
// get the logon name from Active Directory
userLoginName = (String) user.Properties["samAccountName"].Value;
// use the logon name and the password entered by user against active directory to bind
DirectoryEntry entryAD = new DirectoryEntry( userDN, userLoginName, password, AuthenticationTypes.Secure|AuthenticationTypes.ServerBind);
Object obj = entryAD.NativeObject;
}
catch(Exception ex)
{ }
b. Through adamAuthenticate() , username seems to be case sensitive and the auth fails if I dont pass in the username that does not match the CN exactly with the case. Is there some setting that can be changed to avoid this?
Thanks
Seetha
- Next message: Dmitri Gavrilov [MSFT]: "Re: Random logon failure with ADAM Bind Proxy"
- Previous message: Bryan: "does Authentication have a time limit?"
- Next in thread: Dmitri Gavrilov [MSFT]: "Re: Random logon failure with ADAM Bind Proxy"
- Reply: Dmitri Gavrilov [MSFT]: "Re: Random logon failure with ADAM Bind Proxy"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
