Re: using userPrincipleName for ADAM login
- From: Adam <adamtuliper@xxxxxxxxxxxxx>
- Date: Wed, 7 Jun 2006 06:16:01 -0700
Thanks for the reply.
If binding to RootDSE allows anonymous, is there any problem of reverting
back to anonymous for instance like sql server attempts to do(specified
user->guest->null) ... if the current login fails? IE will it ever try an
anonymous without telling you if the specified credentials fail? Or maybe I
should ask.. in what cases will anonymous be used?
--
Adam Tuliper
http://www.secure-coding.com
"Joe Kaplan (MVP - ADSI)" wrote:
If you just want to authenticate the user with a bind, then using the.
RootDSE object is probably the way to go. RootDSE is accessible
anonymously, so there is no implied authorization when ADSI does a search
that might cause an unexpected side effect.
I'd definitely recommend specifying a DN in your path with ADAM, as ADSI
likes to bind to the default naming context when you don't specify one, but
since ADAM doesn't have a default naming context by default (you can set
one, but this has to be done explicitly), you might get unexpected behavior.
I don't think that's what's going on here, but it is still a better coding
practice than using a null DN.
I tried a quick test and wasn't able to repro your error. There may be an
issue with the user you are using not having rights to read the object in
question. ADAM users are not in any groups by default, so they can't see
much by default. I think my ADAM has the authenticated users Windows
built-in SID in the readers role as an FSP, so everyone who authenticates is
automatically a reader.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Adam" <adamtuliper@xxxxxxxxxxxxx> wrote in message
news:B2E6B0AB-05DA-4F81-AE2F-F9FFB670CDBD@xxxxxxxxxxxxxxxx
I should also specify the code, sorry.
I realize also this may fall under adsi.general, but since it was about
connecting to ADAM, I sent it here:
using (DirectoryEntry entry = new
DirectoryEntry("LDAP://localhost:50002";))
{
entry.Username = "testupn";
entry.Password = "^t3stp@$_s";
entry.AuthenticationType =
System.DirectoryServices.AuthenticationTypes.None;
Object obj = entry.NativeObject;
}
--
Adam Tuliper
http://www.secure-coding.com
"Adam" wrote:
I thought so..my initial test failed, but now specifically going against
RootDse works or just the server path itself works. Going to any other
path
fails with
The specified directory service attribute or value does not exist.
Whats the reason the RootDse is required here?
--
Adam Tuliper
http://www.secure-coding.com
"Joe Kaplan (MVP - ADSI)" wrote:
You can use the usePrincipalName attribute as a username for binding in
ADAM, as well as the displayName. Try to make sure they are unique.
:)
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Adam" <adamtuliper@xxxxxxxxxxxxx> wrote in message
news:50810AC9-0857-45ED-A42A-0D8272593B14@xxxxxxxxxxxxxxxx
Is it possible to use the userPrincipleName to login to ADAM?
--
Adam Tuliper
http://www.secure-coding.com
- Follow-Ups:
- Re: using userPrincipleName for ADAM login
- From: Joe Kaplan \(MVP - ADSI\)
- Re: using userPrincipleName for ADAM login
- References:
- Re: using userPrincipleName for ADAM login
- From: Joe Kaplan \(MVP - ADSI\)
- Re: using userPrincipleName for ADAM login
- From: Joe Kaplan \(MVP - ADSI\)
- Re: using userPrincipleName for ADAM login
- Prev by Date: Re: Resetting the ms-DS-MachineAccountQuota attribute for a single use
- Next by Date: Re: assigning Home folders in windows 2003 AD
- Previous by thread: Re: using userPrincipleName for ADAM login
- Next by thread: Re: using userPrincipleName for ADAM login
- Index(es):
Relevant Pages
|
