Re: HELP! Really strange problem w/AD and LDAP/LDIFDE

Joe K.,

As mentioned in my earlier posts, I'm having someone try the full DN username tomorrow (my app uses a config file, so they just have to change the username there, not in code) to see if that works at this one site where using the UPN-formatted username gave us the INVALID_CREDENTIALS exception (BTW, we tried using the NT-formatted name today, and that threw an exception also), and will post back the results.

If the full DN doesn't work, then I'm kind of out of ideas on this one :(, because as I also mentioned, we've had this same exact web app running in several other environments (also with Win2K3/AD).



The other problem, with the two different passwords working, with ldifde, is less of a priority for me, although it actually seems the stranger (and scarier) of the two problems, to me :)...

Thanks,
Jim



Joe Kaplan wrote:
I'm not at all sure what's going on with the passwords. I can tell you what the rules are for usernames doing different types of binds in AD is though. :)

Simple bind: full DN (as per LDAP spec), userPrincipalName (user@xxxxxxxxxx) and NT name (domain\user)
Windows secure bind (GSS-SPNEGO): userPrincipalName, NT name, plain user name (user)

I generally use UPN all the time, as it works with both binding syntaxes and DNs are a pain to type. :) Since this is supported directly by the server itself, any LDAP client doing a bind can use those username formats with AD for simple bind.

Joe K.

.

Relevant Pages

  • Re: HELP! Really strange problem w/AD and LDAP/LDIFDE
    ... UPN username and perhaps that is behaving weirdly in this environment due to ... receives the simple bind. ... What we're thinking is that if THAT is the case, and if the DNS ... like when the simple LDAP bind is ...
    (microsoft.public.windows.server.active_directory)
  • Re: HELP! Really strange problem w/AD and LDAP/LDIFDE
    ... Windows secure bind: ... any LDAP client doing a bind can use those username formats with AD ... admin username in the authenticate() should be a "full DN" style username. ... I was doing some testing today, testing with ldifde and doing simple ...
    (microsoft.public.windows.server.active_directory)
  • Re: trying to connect to ADAM instance via JNDI
    ... I did tried with ldp and I was able ... to bind with this username and password in ldp. ... I did tried to use the display name as username but it ... Thanks again for your response. ...
    (microsoft.public.windows.server.active_directory)
  • DirectoryServices error: Authentication mechanism is unknown: Solution
    ... passing username and password credentials, ... if you are running under a system account ... rather than an account that belongs to the domain you're connecting to. ... packet sniffing I was doing trying to find what happens when you bind. ...
    (microsoft.public.dotnet.general)
  • Re: change password in active directory by webapplication (vb.net)
    ... Bind to the directory root with with the user's current name and password ... Find the user by their username in the directory using the ... > Private Sub btn1_Click(ByVal sender As System.Object, ...
    (microsoft.public.dotnet.framework.aspnet.security)
Loading