Directory Binding and Search

[Guest]

Hi Joe and All

Here are the lines of code I have tried, but seems like authentication was
not successful, as it returned just the sn whether or not (nName, pwd,
AuthenticationType.Secure) was specified. When I tried the same credentials
with ldp.exe and I was able to get the attributes I wanted.

By the way, for my application setting, I have not turned on impersonation
yet, but I assume this should not make any difference as credential was
specified when doing the bind, right? Did I do anything wrong in binding?
Any idea?

TIA


String uName = "cn=Administrator, cn=Users, dc=domain, dc=com";
String pwd = "admpwd";
String searchPath = "ldap://ou=myou, dc=domain, dc=com";
//Bind to the server and authenticate
DirectoryEntry entry = new DirectoryEntry(searchPath, uName,
pwd, AuthenticationTypes.Secure);
//DirectoryEntry entry = new DirectoryEntry(searchPath);
Object native = entry.NativeObject;

//do a DirectorySearch
DirectorySearcher mySearcher = new DirectorySearcher(entry);
mySearcher.PropertiesToLoad.Add("sn");
mySearcher.PropertiesToLoad.Add("givenName");
mySearcher.PropertiesToLoad.Add("telephoneNumber");

mySearcher.Filter = "(objectClass=user)";

SearchResultCollection resEntAll = mySearcher.FindAll();

I'm not sure of any good articles or books (yet). MS has an article for
forms auth with AD that I rarely recommend to people because I think it is
pretty flawed, but you can look at it.

http://support.microsoft.com/default.aspx?scid=kb;en-us;326340

The next thing I'd try is using a utility to ldp.exe to try your searches
there and see if you get similar results. Sometimes it is helpful to get
the extra layers out of the way and test things in a UI.

You might also try the contains method to verify whether the
SearchResult.Properties has the attributes you want.

Joe K.

Hi Joe
I just tried passing in the credentials with DirectoryEntry(strpath,
uName,
pwd, AuthenticationTypes.Secure) but it is still giving me the last name
only!

I guess I might have to revisit my whole dev setup for forms
authentication.
Is there a place / book I can look into about forms authentication with AD
in ASP.NET? I thing I need to workout a checklist in each area.

TIA


in message news:[email protected]...

The directoryentry used for the searchroot object determines the security
context that the search is performed with. It is possible that you are
authenticating anonymously, and thus can't see many properties. You can
verify this by passing in credentials to the DirectoryEntry before executing
the search and seeing if you get different results. If so, that was the
problem.

If that is the problem, there are other ways to solve it than using a
hard-coded service account, but it is the easiest way to verify the
issue.

Joe K.

<dl> wrote in message I did tried to throw in the PropertiesToLoad lines; one for each
property
that I was going to get. But that didn't make any difference.
Interesting
enough the account I am using (to login via login.aspx) to list this
directory is the same as the one I used to create the entries and the OU.
Do I need to pass on the credential (somewhere) to this page ? or do I
need
to bind with the credential?
TIA

Here is my code before the foreach statements ..
String strPath = "LDAP://ou=" + txtOUName.Text +
",dc=domain,dc=com";
//Bind to the OU
DirectoryEntry myEnt = new DirectoryEntry(strPath);

//do a DirectorySearch
DirectorySearcher mySearcher = new DirectorySearcher(myEnt);
mySearcher.PropertiesToLoad.Add("sn");
mySearcher.PropertiesToLoad.Add("givenName");
mySearcher.PropertiesToLoad.Add("telephoneNumber");

mySearcher.Filter = "(objectClass=user)";

SearchResultCollection resEntAll = mySearcher.FindAll();


in message What did you put in to PropertiesToLoad? Also, it is possible that
the
security context you bound with only has rights to see a subset of the
properties you requested.

Those are my two best guesses given what you've told us.

Joe K.

<dl> wrote in message Hi
I have the following lines of code that are suppose to list some
selected
properties of all the object entries in a SearchResult but the

code
is

only
listing one property ie. the 'sn' and the corresponding value for
all
the
entries, do you have a clue why?
TIA
----------------------
foreach (SearchResult resEnt in resEntAll)
{
i++;
dr = dt.NewRow();
foreach (string propKy in
resEnt.Properties.PropertyNames)
{
switch (propKy)
{
case "sn":
y = 0;
break;
case "givenName":
y = 1;
break;
case "telephoneNumber":
y = 2;
break;
default:
y = 3;
break;
}
if (y < 3)
{
ResultPropertyValueCollection valco =
resEnt.Properties[propKy];
foreach (Object prop in valco)
{
dr[y] = prop.ToString();
}
}
}
dt.Rows.Add(dr);
}

--

 

[Joe Kaplan \(MVP - ADSI\)]

A few points here:

- lowercase "ldap" doesn't work in ADSI binding strings. Always use LDAP.
- With AuthenticationTypes.Secure, don't use the DN syntax for username.
Use either NT name (domain\user), UPN ([email protected]) or plain username.
Note that domain\user and UPN work with all authenticationtypes, so they are
the most flexible.

That said, if the search works in ldp.exe with those credentials, you should
be able to get the same search working in S.DS. They use the same mechanics
under the hood.

Joe K.

Hi Joe and All

Here are the lines of code I have tried, but seems like authentication was
not successful, as it returned just the sn whether or not (nName, pwd,
AuthenticationType.Secure) was specified. When I tried the same
credentials
with ldp.exe and I was able to get the attributes I wanted.

By the way, for my application setting, I have not turned on impersonation
yet, but I assume this should not make any difference as credential was
specified when doing the bind, right? Did I do anything wrong in binding?
Any idea?

TIA


String uName = "cn=Administrator, cn=Users, dc=domain, dc=com";
String pwd = "admpwd";
String searchPath = "ldap://ou=myou, dc=domain, dc=com";
//Bind to the server and authenticate
DirectoryEntry entry = new DirectoryEntry(searchPath, uName,
pwd, AuthenticationTypes.Secure);
//DirectoryEntry entry = new DirectoryEntry(searchPath);
Object native = entry.NativeObject;

//do a DirectorySearch
DirectorySearcher mySearcher = new DirectorySearcher(entry);
mySearcher.PropertiesToLoad.Add("sn");
mySearcher.PropertiesToLoad.Add("givenName");
mySearcher.PropertiesToLoad.Add("telephoneNumber");

mySearcher.Filter = "(objectClass=user)";

SearchResultCollection resEntAll = mySearcher.FindAll();

I'm not sure of any good articles or books (yet). MS has an article for
forms auth with AD that I rarely recommend to people because I think it
is
pretty flawed, but you can look at it.

http://support.microsoft.com/default.aspx?scid=kb;en-us;326340

The next thing I'd try is using a utility to ldp.exe to try your searches
there and see if you get similar results. Sometimes it is helpful to get
the extra layers out of the way and test things in a UI.

You might also try the contains method to verify whether the
SearchResult.Properties has the attributes you want.

Joe K.

Hi Joe
I just tried passing in the credentials with DirectoryEntry(strpath,
uName,
pwd, AuthenticationTypes.Secure) but it is still giving me the last
name
only!

I guess I might have to revisit my whole dev setup for forms
authentication.
Is there a place / book I can look into about forms authentication with AD
in ASP.NET? I thing I need to workout a checklist in each area.

TIA


in message The directoryentry used for the searchroot object determines the security
context that the search is performed with. It is possible that you
are
authenticating anonymously, and thus can't see many properties. You can
verify this by passing in credentials to the DirectoryEntry before
executing
the search and seeing if you get different results. If so, that was the
problem.

If that is the problem, there are other ways to solve it than using a
hard-coded service account, but it is the easiest way to verify the
issue.

Joe K.

<dl> wrote in message I did tried to throw in the PropertiesToLoad lines; one for each
property
that I was going to get. But that didn't make any difference.
Interesting
enough the account I am using (to login via login.aspx) to list this
directory is the same as the one I used to create the entries and
the
OU.
Do I need to pass on the credential (somewhere) to this page ? or
do I
need
to bind with the credential?
TIA

Here is my code before the foreach statements ..
String strPath = "LDAP://ou=" + txtOUName.Text +
",dc=domain,dc=com";
//Bind to the OU
DirectoryEntry myEnt = new DirectoryEntry(strPath);

//do a DirectorySearch
DirectorySearcher mySearcher = new DirectorySearcher(myEnt);
mySearcher.PropertiesToLoad.Add("sn");
mySearcher.PropertiesToLoad.Add("givenName");
mySearcher.PropertiesToLoad.Add("telephoneNumber");

mySearcher.Filter = "(objectClass=user)";

SearchResultCollection resEntAll = mySearcher.FindAll();


"Joe Kaplan (MVP - ADSI)" <[email protected]>
wrote
in message What did you put in to PropertiesToLoad? Also, it is possible that
the
security context you bound with only has rights to see a subset of the
properties you requested.

Those are my two best guesses given what you've told us.

Joe K.

<dl> wrote in message Hi
I have the following lines of code that are suppose to list some
selected
properties of all the object entries in a SearchResult but the code
is
only
listing one property ie. the 'sn' and the corresponding value for
all
the
entries, do you have a clue why?
TIA
----------------------
foreach (SearchResult resEnt in resEntAll)
{
i++;
dr = dt.NewRow();
foreach (string propKy in
resEnt.Properties.PropertyNames)
{
switch (propKy)
{
case "sn":
y = 0;
break;
case "givenName":
y = 1;
break;
case "telephoneNumber":
y = 2;
break;
default:
y = 3;
break;
}
if (y < 3)
{
ResultPropertyValueCollection valco =
resEnt.Properties[propKy];
foreach (Object prop in valco)
{
dr[y] = prop.ToString();
}
}
}
dt.Rows.Add(dr);
}

 

[Guest]

Thanks Joe. But if the search did work, would it be the foreach loop, which
I posted earlier (in the other thread "listing Object properties from
SearchResult"), giving me the problem? did I do anything wrong there? I
suspect the index y never get set in the second foreach loop, that could be
why I was getting "sn" only, i.e. y=0 as it was initialized.

TIA

A few points here:

- lowercase "ldap" doesn't work in ADSI binding strings. Always use LDAP.
- With AuthenticationTypes.Secure, don't use the DN syntax for username.
Use either NT name (domain\user), UPN ([email protected]) or plain username.
Note that domain\user and UPN work with all authenticationtypes, so they are
the most flexible.

That said, if the search works in ldp.exe with those credentials, you should
be able to get the same search working in S.DS. They use the same mechanics
under the hood.

Joe K.

Hi Joe and All

Here are the lines of code I have tried, but seems like authentication was
not successful, as it returned just the sn whether or not (nName, pwd,
AuthenticationType.Secure) was specified. When I tried the same
credentials
with ldp.exe and I was able to get the attributes I wanted.

By the way, for my application setting, I have not turned on impersonation
yet, but I assume this should not make any difference as credential was
specified when doing the bind, right? Did I do anything wrong in binding?
Any idea?

TIA


String uName = "cn=Administrator, cn=Users, dc=domain, dc=com";
String pwd = "admpwd";
String searchPath = "ldap://ou=myou, dc=domain, dc=com";
//Bind to the server and authenticate
DirectoryEntry entry = new DirectoryEntry(searchPath, uName,
pwd, AuthenticationTypes.Secure);
//DirectoryEntry entry = new DirectoryEntry(searchPath);
Object native = entry.NativeObject;

//do a DirectorySearch
DirectorySearcher mySearcher = new DirectorySearcher(entry);
mySearcher.PropertiesToLoad.Add("sn");
mySearcher.PropertiesToLoad.Add("givenName");
mySearcher.PropertiesToLoad.Add("telephoneNumber");

mySearcher.Filter = "(objectClass=user)";

SearchResultCollection resEntAll = mySearcher.FindAll();


in message news:[email protected]...

I'm not sure of any good articles or books (yet). MS has an article for
forms auth with AD that I rarely recommend to people because I think it
is
pretty flawed, but you can look at it.

http://support.microsoft.com/default.aspx?scid=kb;en-us;326340

The next thing I'd try is using a utility to ldp.exe to try your searches
there and see if you get similar results. Sometimes it is helpful to get
the extra layers out of the way and test things in a UI.

You might also try the contains method to verify whether the
SearchResult.Properties has the attributes you want.

Joe K.

<dl> wrote in message Hi Joe
I just tried passing in the credentials with DirectoryEntry(strpath,
uName,
pwd, AuthenticationTypes.Secure) but it is still giving me the last
name
only!

I guess I might have to revisit my whole dev setup for forms
authentication.
Is there a place / book I can look into about forms authentication

with
AD

in ASP.NET? I thing I need to workout a checklist in each area.

TIA


in message The directoryentry used for the searchroot object determines the security
context that the search is performed with. It is possible that you
are
authenticating anonymously, and thus can't see many properties. You can
verify this by passing in credentials to the DirectoryEntry before
executing
the search and seeing if you get different results. If so, that was the
problem.

If that is the problem, there are other ways to solve it than using a
hard-coded service account, but it is the easiest way to verify the
issue.

Joe K.

<dl> wrote in message I did tried to throw in the PropertiesToLoad lines; one for each
property
that I was going to get. But that didn't make any difference.
Interesting
enough the account I am using (to login via login.aspx) to list this
directory is the same as the one I used to create the entries and
the
OU.
Do I need to pass on the credential (somewhere) to this page ? or
do I
need
to bind with the credential?
TIA

Here is my code before the foreach statements ..
String strPath = "LDAP://ou=" + txtOUName.Text +
",dc=domain,dc=com";
//Bind to the OU
DirectoryEntry myEnt = new DirectoryEntry(strPath);

//do a DirectorySearch
DirectorySearcher mySearcher = new DirectorySearcher(myEnt);
mySearcher.PropertiesToLoad.Add("sn");
mySearcher.PropertiesToLoad.Add("givenName");
mySearcher.PropertiesToLoad.Add("telephoneNumber");

mySearcher.Filter = "(objectClass=user)";

SearchResultCollection resEntAll = mySearcher.FindAll();


"Joe Kaplan (MVP - ADSI)"

wrote
in message What did you put in to PropertiesToLoad? Also, it is possible that
the
security context you bound with only has rights to see a subset

of
the

properties you requested.

Those are my two best guesses given what you've told us.

Joe K.

<dl> wrote in message Hi
I have the following lines of code that are suppose to list some
selected
properties of all the object entries in a SearchResult but the code
is
only
listing one property ie. the 'sn' and the corresponding value for
all
the
entries, do you have a clue why?
TIA
----------------------
foreach (SearchResult resEnt in resEntAll)
{
i++;
dr = dt.NewRow();
foreach (string propKy in
resEnt.Properties.PropertyNames)
{
switch (propKy)
{
case "sn":
y = 0;
break;
case "givenName":
y = 1;
break;
case "telephoneNumber":
y = 2;
break;
default:
y = 3;
break;
}
if (y < 3)
{
ResultPropertyValueCollection valco =
resEnt.Properties[propKy];
foreach (Object prop in valco)
{
dr[y] = prop.ToString();
}
}
}
dt.Rows.Add(dr);
}

 

[Guest]

I did changed to LDAP, and use NT name format, and yet getting same results!

on the other hand, if authentication did work,
1. why would I get the same result even if no credential was specified in
the DirectoryEntry statement?
2. would there be something wrong with the SearchResult / PropertyCollection
class, has anyone tried listing the properties using these class before?
3. is there any other way to get the key:value pair from a
SearchResultCollection?

TIA

A few points here:

- lowercase "ldap" doesn't work in ADSI binding strings. Always use LDAP.
- With AuthenticationTypes.Secure, don't use the DN syntax for username.
Use either NT name (domain\user), UPN ([email protected]) or plain username.
Note that domain\user and UPN work with all authenticationtypes, so they are
the most flexible.

That said, if the search works in ldp.exe with those credentials, you should
be able to get the same search working in S.DS. They use the same mechanics
under the hood.

Joe K.

Hi Joe and All

Here are the lines of code I have tried, but seems like authentication was
not successful, as it returned just the sn whether or not (nName, pwd,
AuthenticationType.Secure) was specified. When I tried the same
credentials
with ldp.exe and I was able to get the attributes I wanted.

By the way, for my application setting, I have not turned on impersonation
yet, but I assume this should not make any difference as credential was
specified when doing the bind, right? Did I do anything wrong in binding?
Any idea?

TIA


String uName = "cn=Administrator, cn=Users, dc=domain, dc=com";
String pwd = "admpwd";
String searchPath = "ldap://ou=myou, dc=domain, dc=com";
//Bind to the server and authenticate
DirectoryEntry entry = new DirectoryEntry(searchPath, uName,
pwd, AuthenticationTypes.Secure);
//DirectoryEntry entry = new DirectoryEntry(searchPath);
Object native = entry.NativeObject;

//do a DirectorySearch
DirectorySearcher mySearcher = new DirectorySearcher(entry);
mySearcher.PropertiesToLoad.Add("sn");
mySearcher.PropertiesToLoad.Add("givenName");
mySearcher.PropertiesToLoad.Add("telephoneNumber");

mySearcher.Filter = "(objectClass=user)";

SearchResultCollection resEntAll = mySearcher.FindAll();


in message news:[email protected]...

I'm not sure of any good articles or books (yet). MS has an article for
forms auth with AD that I rarely recommend to people because I think it
is
pretty flawed, but you can look at it.

http://support.microsoft.com/default.aspx?scid=kb;en-us;326340

The next thing I'd try is using a utility to ldp.exe to try your searches
there and see if you get similar results. Sometimes it is helpful to get
the extra layers out of the way and test things in a UI.

You might also try the contains method to verify whether the
SearchResult.Properties has the attributes you want.

Joe K.

<dl> wrote in message Hi Joe
I just tried passing in the credentials with DirectoryEntry(strpath,
uName,
pwd, AuthenticationTypes.Secure) but it is still giving me the last
name
only!

I guess I might have to revisit my whole dev setup for forms
authentication.
Is there a place / book I can look into about forms authentication

with
AD

in ASP.NET? I thing I need to workout a checklist in each area.

TIA


in message The directoryentry used for the searchroot object determines the security
context that the search is performed with. It is possible that you
are
authenticating anonymously, and thus can't see many properties. You can
verify this by passing in credentials to the DirectoryEntry before
executing
the search and seeing if you get different results. If so, that was the
problem.

If that is the problem, there are other ways to solve it than using a
hard-coded service account, but it is the easiest way to verify the
issue.

Joe K.

<dl> wrote in message I did tried to throw in the PropertiesToLoad lines; one for each
property
that I was going to get. But that didn't make any difference.
Interesting
enough the account I am using (to login via login.aspx) to list this
directory is the same as the one I used to create the entries and
the
OU.
Do I need to pass on the credential (somewhere) to this page ? or
do I
need
to bind with the credential?
TIA

Here is my code before the foreach statements ..
String strPath = "LDAP://ou=" + txtOUName.Text +
",dc=domain,dc=com";
//Bind to the OU
DirectoryEntry myEnt = new DirectoryEntry(strPath);

//do a DirectorySearch
DirectorySearcher mySearcher = new DirectorySearcher(myEnt);
mySearcher.PropertiesToLoad.Add("sn");
mySearcher.PropertiesToLoad.Add("givenName");
mySearcher.PropertiesToLoad.Add("telephoneNumber");

mySearcher.Filter = "(objectClass=user)";

SearchResultCollection resEntAll = mySearcher.FindAll();


"Joe Kaplan (MVP - ADSI)"

wrote
in message What did you put in to PropertiesToLoad? Also, it is possible that
the
security context you bound with only has rights to see a subset

of
the

properties you requested.

Those are my two best guesses given what you've told us.

Joe K.

<dl> wrote in message Hi
I have the following lines of code that are suppose to list some
selected
properties of all the object entries in a SearchResult but the code
is
only
listing one property ie. the 'sn' and the corresponding value for
all
the
entries, do you have a clue why?
TIA
----------------------
foreach (SearchResult resEnt in resEntAll)
{
i++;
dr = dt.NewRow();
foreach (string propKy in
resEnt.Properties.PropertyNames)
{
switch (propKy)
{
case "sn":
y = 0;
break;
case "givenName":
y = 1;
break;
case "telephoneNumber":
y = 2;
break;
default:
y = 3;
break;
}
if (y < 3)
{
ResultPropertyValueCollection valco =
resEnt.Properties[propKy];
foreach (Object prop in valco)
{
dr[y] = prop.ToString();
}
}
}
dt.Rows.Add(dr);
}

 

[Joe Kaplan \(MVP - ADSI\)]

Sorry, can you show the sample code that isn't working again? I lost the
other thread.

Joe K.

I did changed to LDAP, and use NT name format, and yet getting same
results!

on the other hand, if authentication did work,
1. why would I get the same result even if no credential was specified in
the DirectoryEntry statement?
2. would there be something wrong with the SearchResult /
PropertyCollection
class, has anyone tried listing the properties using these class before?
3. is there any other way to get the key:value pair from a
SearchResultCollection?

TIA

A few points here:

- lowercase "ldap" doesn't work in ADSI binding strings. Always use LDAP.
- With AuthenticationTypes.Secure, don't use the DN syntax for
username.
Use either NT name (domain\user), UPN ([email protected]) or plain
username.
Note that domain\user and UPN work with all authenticationtypes, so they are
the most flexible.

That said, if the search works in ldp.exe with those credentials, you should
be able to get the same search working in S.DS. They use the same mechanics
under the hood.

Joe K.

Hi Joe and All

Here are the lines of code I have tried, but seems like authentication was
not successful, as it returned just the sn whether or not (nName, pwd,
AuthenticationType.Secure) was specified. When I tried the same
credentials
with ldp.exe and I was able to get the attributes I wanted.

By the way, for my application setting, I have not turned on impersonation
yet, but I assume this should not make any difference as credential was
specified when doing the bind, right? Did I do anything wrong in binding?
Any idea?

TIA


String uName = "cn=Administrator, cn=Users, dc=domain, dc=com";
String pwd = "admpwd";
String searchPath = "ldap://ou=myou, dc=domain, dc=com";
//Bind to the server and authenticate
DirectoryEntry entry = new DirectoryEntry(searchPath, uName,
pwd, AuthenticationTypes.Secure);
//DirectoryEntry entry = new DirectoryEntry(searchPath);
Object native = entry.NativeObject;

//do a DirectorySearch
DirectorySearcher mySearcher = new DirectorySearcher(entry);
mySearcher.PropertiesToLoad.Add("sn");
mySearcher.PropertiesToLoad.Add("givenName");
mySearcher.PropertiesToLoad.Add("telephoneNumber");

mySearcher.Filter = "(objectClass=user)";

SearchResultCollection resEntAll = mySearcher.FindAll();


in message I'm not sure of any good articles or books (yet). MS has an article for
forms auth with AD that I rarely recommend to people because I think
it
is
pretty flawed, but you can look at it.

http://support.microsoft.com/default.aspx?scid=kb;en-us;326340

The next thing I'd try is using a utility to ldp.exe to try your searches
there and see if you get similar results. Sometimes it is helpful to get
the extra layers out of the way and test things in a UI.

You might also try the contains method to verify whether the
SearchResult.Properties has the attributes you want.

Joe K.

<dl> wrote in message Hi Joe
I just tried passing in the credentials with DirectoryEntry(strpath,
uName,
pwd, AuthenticationTypes.Secure) but it is still giving me the last
name
only!

I guess I might have to revisit my whole dev setup for forms
authentication.
Is there a place / book I can look into about forms authentication with
AD
in ASP.NET? I thing I need to workout a checklist in each area.

TIA


"Joe Kaplan (MVP - ADSI)" <[email protected]>
wrote
in message The directoryentry used for the searchroot object determines the
security
context that the search is performed with. It is possible that you
are
authenticating anonymously, and thus can't see many properties.
You
can
verify this by passing in credentials to the DirectoryEntry before
executing
the search and seeing if you get different results. If so, that
was
the
problem.

If that is the problem, there are other ways to solve it than using a
hard-coded service account, but it is the easiest way to verify the
issue.

Joe K.

<dl> wrote in message I did tried to throw in the PropertiesToLoad lines; one for each
property
that I was going to get. But that didn't make any difference.
Interesting
enough the account I am using (to login via login.aspx) to list this
directory is the same as the one I used to create the entries and
the
OU.
Do I need to pass on the credential (somewhere) to this page ?
or
do
I
need
to bind with the credential?
TIA

Here is my code before the foreach statements ..
String strPath = "LDAP://ou=" + txtOUName.Text +
",dc=domain,dc=com";
//Bind to the OU
DirectoryEntry myEnt = new DirectoryEntry(strPath);

//do a DirectorySearch
DirectorySearcher mySearcher = new
DirectorySearcher(myEnt);
mySearcher.PropertiesToLoad.Add("sn");
mySearcher.PropertiesToLoad.Add("givenName");
mySearcher.PropertiesToLoad.Add("telephoneNumber");

mySearcher.Filter = "(objectClass=user)";

SearchResultCollection resEntAll = mySearcher.FindAll();


"Joe Kaplan (MVP - ADSI)"

wrote
in message What did you put in to PropertiesToLoad? Also, it is possible that
the
security context you bound with only has rights to see a subset of
the
properties you requested.

Those are my two best guesses given what you've told us.

Joe K.

<dl> wrote in message Hi
I have the following lines of code that are suppose to list some
selected
properties of all the object entries in a SearchResult but the
code
is
only
listing one property ie. the 'sn' and the corresponding value for
all
the
entries, do you have a clue why?
TIA
----------------------
foreach (SearchResult resEnt in resEntAll)
{
i++;
dr = dt.NewRow();
foreach (string propKy in
resEnt.Properties.PropertyNames)
{
switch (propKy)
{
case "sn":
y = 0;
break;
case "givenName":
y = 1;
break;
case "telephoneNumber":
y = 2;
break;
default:
y = 3;
break;
}
if (y < 3)
{
ResultPropertyValueCollection valco =
resEnt.Properties[propKy];
foreach (Object prop in valco)
{
dr[y] = prop.ToString();
}
}
}
dt.Rows.Add(dr);
}

 

[Guest]

Hi Joe / All

Here are the complete lines of code, again. Would you have the spare time to
take the code and try it somewhere, just to see if you would get the same
results?

I am thinking of replacing the second foreach loop with
resEnt.GetDirectoryEntry().Properties("sn").Value
resEnt.GetDirectoryEntry().Properties("givenName").Value
resEnt.GetDirectoryEntry().Properties("telephoneNumber").Value

not sure if the above changes would make any difference, but I don't have
access to my development server yet, I will have to test run it later today.

By the way, I have put this in a *.cs files and compile that to a library
and put under /bin.

TIA
--------------
public DataTable List(String CustOU, String CustDC)
{
//formating Dir path
//String uName = "cn=administrator, cn=Users, dc=domain,
dc=com";
String uName = "domain.com" + "\\" + "administrator";
String pwd = "admpwd";
String searchPath = "LDAP://ou=" + CustOU + "," + CustDC;
//Bind to the server and authenticate
DirectoryEntry entry = new DirectoryEntry(searchPath, uName,
pwd, AuthenticationTypes.Secure);
Object native = entry.NativeObject;

//do a DirectorySearch
DirectorySearcher mySearcher = new DirectorySearcher(entry);
mySearcher.PropertiesToLoad.Add("sn");
mySearcher.PropertiesToLoad.Add("givenName");
mySearcher.PropertiesToLoad.Add("telephoneNumber");

mySearcher.Filter = "(objectClass=user)";

SearchResultCollection resEntAll = mySearcher.FindAll();

//define a DataTable
DataTable dt = new DataTable();
DataRow dr;
dt.Columns.Add(new DataColumn("Last_Name", typeof(string)));
dt.Columns.Add(new DataColumn("Given_Name", typeof(string)));
dt.Columns.Add(new DataColumn("Telephone", typeof(string)));

//propagate result to a dataTable and return
//bool doWrite; not used
//string s, g, t;
int i = 0, y = 0;
foreach (SearchResult resEnt in resEntAll)
{
i++;
dr = dt.NewRow();
foreach (string propKy in resEnt.Properties.PropertyNames)
{
switch (propKy)
{
case "sn":
y = 0;
break;
case "givenName":
y = 1;
break;
case "telephoneNumber":
y = 2;
break;
default:
y = 3;
break;
}

if (y < 3)
{
ResultPropertyValueCollection valcol =
resEnt.Properties[propKy];
foreach (Object prop in valcol)
{
dr[y] = prop.ToString();
}
}
}
dt.Rows.Add(dr);
}
entry.Dispose();
return dt;
}

Sorry, can you show the sample code that isn't working again? I lost the
other thread.

Joe K.

I did changed to LDAP, and use NT name format, and yet getting same
results!

on the other hand, if authentication did work,
1. why would I get the same result even if no credential was specified in
the DirectoryEntry statement?
2. would there be something wrong with the SearchResult /
PropertyCollection
class, has anyone tried listing the properties using these class before?
3. is there any other way to get the key:value pair from a
SearchResultCollection?

TIA

in message news:[email protected]...

A few points here:

- lowercase "ldap" doesn't work in ADSI binding strings. Always use LDAP.
- With AuthenticationTypes.Secure, don't use the DN syntax for
username.
Use either NT name (domain\user), UPN ([email protected]) or plain
username.
Note that domain\user and UPN work with all authenticationtypes, so

they
are

the most flexible.

That said, if the search works in ldp.exe with those credentials, you should
be able to get the same search working in S.DS. They use the same mechanics
under the hood.

Joe K.

<dl> wrote in message Hi Joe and All

Here are the lines of code I have tried, but seems like

authentication
was

not successful, as it returned just the sn whether or not (nName, pwd,
AuthenticationType.Secure) was specified. When I tried the same
credentials
with ldp.exe and I was able to get the attributes I wanted.

By the way, for my application setting, I have not turned on impersonation
yet, but I assume this should not make any difference as credential was
specified when doing the bind, right? Did I do anything wrong in binding?
Any idea?

TIA


String uName = "cn=Administrator, cn=Users, dc=domain, dc=com";
String pwd = "admpwd";
String searchPath = "ldap://ou=myou, dc=domain, dc=com";
//Bind to the server and authenticate
DirectoryEntry entry = new DirectoryEntry(searchPath, uName,
pwd, AuthenticationTypes.Secure);
//DirectoryEntry entry = new DirectoryEntry(searchPath);
Object native = entry.NativeObject;

//do a DirectorySearch
DirectorySearcher mySearcher = new DirectorySearcher(entry);
mySearcher.PropertiesToLoad.Add("sn");
mySearcher.PropertiesToLoad.Add("givenName");
mySearcher.PropertiesToLoad.Add("telephoneNumber");

mySearcher.Filter = "(objectClass=user)";

SearchResultCollection resEntAll = mySearcher.FindAll();


in message I'm not sure of any good articles or books (yet). MS has an article for
forms auth with AD that I rarely recommend to people because I think
it
is
pretty flawed, but you can look at it.

http://support.microsoft.com/default.aspx?scid=kb;en-us;326340

The next thing I'd try is using a utility to ldp.exe to try your searches
there and see if you get similar results. Sometimes it is helpful

to
get

the extra layers out of the way and test things in a UI.

You might also try the contains method to verify whether the
SearchResult.Properties has the attributes you want.

Joe K.

<dl> wrote in message Hi Joe
I just tried passing in the credentials with DirectoryEntry(strpath,
uName,
pwd, AuthenticationTypes.Secure) but it is still giving me the last
name
only!

I guess I might have to revisit my whole dev setup for forms
authentication.
Is there a place / book I can look into about forms authentication with
AD
in ASP.NET? I thing I need to workout a checklist in each area.

TIA


"Joe Kaplan (MVP - ADSI)"

wrote
in message The directoryentry used for the searchroot object determines the
security
context that the search is performed with. It is possible that you
are
authenticating anonymously, and thus can't see many properties.
You
can
verify this by passing in credentials to the DirectoryEntry before
executing
the search and seeing if you get different results. If so, that
was
the
problem.

If that is the problem, there are other ways to solve it than

using
a

hard-coded service account, but it is the easiest way to verify the
issue.

Joe K.

<dl> wrote in message I did tried to throw in the PropertiesToLoad lines; one for each
property
that I was going to get. But that didn't make any difference.
Interesting
enough the account I am using (to login via login.aspx) to list this
directory is the same as the one I used to create the entries and
the
OU.
Do I need to pass on the credential (somewhere) to this page ?
or
do
I
need
to bind with the credential?
TIA

Here is my code before the foreach statements ..
String strPath = "LDAP://ou=" + txtOUName.Text +
",dc=domain,dc=com";
//Bind to the OU
DirectoryEntry myEnt = new DirectoryEntry(strPath);

//do a DirectorySearch
DirectorySearcher mySearcher = new
DirectorySearcher(myEnt);
mySearcher.PropertiesToLoad.Add("sn");
mySearcher.PropertiesToLoad.Add("givenName");
mySearcher.PropertiesToLoad.Add("telephoneNumber");

mySearcher.Filter = "(objectClass=user)";

SearchResultCollection resEntAll = mySearcher.FindAll();


"Joe Kaplan (MVP - ADSI)"

wrote
in message What did you put in to PropertiesToLoad? Also, it is possible that
the
security context you bound with only has rights to see a

subset
of

the
properties you requested.

Those are my two best guesses given what you've told us.

Joe K.

<dl> wrote in message Hi
I have the following lines of code that are suppose to list some
selected
properties of all the object entries in a SearchResult but the
code
is
only
listing one property ie. the 'sn' and the corresponding

value
for

all
the
entries, do you have a clue why?
TIA
----------------------
foreach (SearchResult resEnt in resEntAll)
{
i++;
dr = dt.NewRow();
foreach (string propKy in
resEnt.Properties.PropertyNames)
{
switch (propKy)
{
case "sn":
y = 0;
break;
case "givenName":
y = 1;
break;
case "telephoneNumber":
y = 2;
break;
default:
y = 3;
break;
}
if (y < 3)
{
ResultPropertyValueCollection valco =
resEnt.Properties[propKy];
foreach (Object prop in valco)
{
dr[y] = prop.ToString();
}
}
}
dt.Rows.Add(dr);
}

 

[Joe Kaplan \(MVP - ADSI\)]

I guess I would probably write the code slightly differently:
if (res.Contains("sn"))
sn = (string) res.Properties["sn"][0];
else
sn = null;

Then, just put those string values in the data table.

You should not have to get the DirectoryEntry object to read the values.
They should be available from the search as the same security context is
being applied. Additionally, you never want to do this:
resEnt.GetDirectoryEntry().Properties("sn").Value
resEnt.GetDirectoryEntry().Properties("givenName").Value
resEnt.GetDirectoryEntry().Properties("telephoneNumber").Value

GetDirectoryEntry creates a new DirectoryEntry object with each call, so
that would allocate three of them and hit the network each time. Not good!
Also, DirectoryEntry objects should always be wrapped in a using statement
(or try/finally...dispose in VB.NET) to avoid memory leaks. The code above
will leak all three of those DirectoryEntry objects.

HTH,

Joe K.

Hi Joe / All

Here are the complete lines of code, again. Would you have the spare time
to
take the code and try it somewhere, just to see if you would get the same
results?

I am thinking of replacing the second foreach loop with
resEnt.GetDirectoryEntry().Properties("sn").Value
resEnt.GetDirectoryEntry().Properties("givenName").Value
resEnt.GetDirectoryEntry().Properties("telephoneNumber").Value

not sure if the above changes would make any difference, but I don't have
access to my development server yet, I will have to test run it later
today.

By the way, I have put this in a *.cs files and compile that to a library
and put under /bin.

TIA
--------------
public DataTable List(String CustOU, String CustDC)
{
//formating Dir path
//String uName = "cn=administrator, cn=Users, dc=domain,
dc=com";
String uName = "domain.com" + "\\" + "administrator";
String pwd = "admpwd";
String searchPath = "LDAP://ou=" + CustOU + "," + CustDC;
//Bind to the server and authenticate
DirectoryEntry entry = new DirectoryEntry(searchPath, uName,
pwd, AuthenticationTypes.Secure);
Object native = entry.NativeObject;

//do a DirectorySearch
DirectorySearcher mySearcher = new DirectorySearcher(entry);
mySearcher.PropertiesToLoad.Add("sn");
mySearcher.PropertiesToLoad.Add("givenName");
mySearcher.PropertiesToLoad.Add("telephoneNumber");

mySearcher.Filter = "(objectClass=user)";

SearchResultCollection resEntAll = mySearcher.FindAll();

//define a DataTable
DataTable dt = new DataTable();
DataRow dr;
dt.Columns.Add(new DataColumn("Last_Name", typeof(string)));
dt.Columns.Add(new DataColumn("Given_Name", typeof(string)));
dt.Columns.Add(new DataColumn("Telephone", typeof(string)));

//propagate result to a dataTable and return
//bool doWrite; not used
//string s, g, t;
int i = 0, y = 0;
foreach (SearchResult resEnt in resEntAll)
{
i++;
dr = dt.NewRow();
foreach (string propKy in resEnt.Properties.PropertyNames)
{
switch (propKy)
{
case "sn":
y = 0;
break;
case "givenName":
y = 1;
break;
case "telephoneNumber":
y = 2;
break;
default:
y = 3;
break;
}

if (y < 3)
{
ResultPropertyValueCollection valcol =
resEnt.Properties[propKy];
foreach (Object prop in valcol)
{
dr[y] = prop.ToString();
}
}
}
dt.Rows.Add(dr);
}
entry.Dispose();
return dt;
}

Sorry, can you show the sample code that isn't working again? I lost the
other thread.

Joe K.

I did changed to LDAP, and use NT name format, and yet getting same
results!

on the other hand, if authentication did work,
1. why would I get the same result even if no credential was specified in
the DirectoryEntry statement?
2. would there be something wrong with the SearchResult /
PropertyCollection
class, has anyone tried listing the properties using these class
before?
3. is there any other way to get the key:value pair from a
SearchResultCollection?

TIA

in message A few points here:

- lowercase "ldap" doesn't work in ADSI binding strings. Always use
LDAP.
- With AuthenticationTypes.Secure, don't use the DN syntax for
username.
Use either NT name (domain\user), UPN ([email protected]) or plain
username.
Note that domain\user and UPN work with all authenticationtypes, so they
are
the most flexible.

That said, if the search works in ldp.exe with those credentials, you
should
be able to get the same search working in S.DS. They use the same
mechanics
under the hood.

Joe K.

<dl> wrote in message Hi Joe and All

Here are the lines of code I have tried, but seems like authentication
was
not successful, as it returned just the sn whether or not (nName, pwd,
AuthenticationType.Secure) was specified. When I tried the same
credentials
with ldp.exe and I was able to get the attributes I wanted.

By the way, for my application setting, I have not turned on
impersonation
yet, but I assume this should not make any difference as credential was
specified when doing the bind, right? Did I do anything wrong in
binding?
Any idea?

TIA


String uName = "cn=Administrator, cn=Users, dc=domain,
dc=com";
String pwd = "admpwd";
String searchPath = "ldap://ou=myou, dc=domain, dc=com";
//Bind to the server and authenticate
DirectoryEntry entry = new DirectoryEntry(searchPath, uName,
pwd, AuthenticationTypes.Secure);
//DirectoryEntry entry = new DirectoryEntry(searchPath);
Object native = entry.NativeObject;

//do a DirectorySearch
DirectorySearcher mySearcher = new DirectorySearcher(entry);
mySearcher.PropertiesToLoad.Add("sn");
mySearcher.PropertiesToLoad.Add("givenName");
mySearcher.PropertiesToLoad.Add("telephoneNumber");

mySearcher.Filter = "(objectClass=user)";

SearchResultCollection resEntAll = mySearcher.FindAll();


"Joe Kaplan (MVP - ADSI)" <[email protected]>
wrote
in message I'm not sure of any good articles or books (yet). MS has an
article
for
forms auth with AD that I rarely recommend to people because I
think
it
is
pretty flawed, but you can look at it.

http://support.microsoft.com/default.aspx?scid=kb;en-us;326340

The next thing I'd try is using a utility to ldp.exe to try your
searches
there and see if you get similar results. Sometimes it is helpful to
get
the extra layers out of the way and test things in a UI.

You might also try the contains method to verify whether the
SearchResult.Properties has the attributes you want.

Joe K.

<dl> wrote in message Hi Joe
I just tried passing in the credentials with DirectoryEntry(strpath,
uName,
pwd, AuthenticationTypes.Secure) but it is still giving me the last
name
only!

I guess I might have to revisit my whole dev setup for forms
authentication.
Is there a place / book I can look into about forms
authentication
with
AD
in ASP.NET? I thing I need to workout a checklist in each area.

TIA


"Joe Kaplan (MVP - ADSI)"

wrote
in message The directoryentry used for the searchroot object determines the
security
context that the search is performed with. It is possible that you
are
authenticating anonymously, and thus can't see many properties.
You
can
verify this by passing in credentials to the DirectoryEntry before
executing
the search and seeing if you get different results. If so, that
was
the
problem.

If that is the problem, there are other ways to solve it than using
a
hard-coded service account, but it is the easiest way to verify the
issue.

Joe K.

<dl> wrote in message
I did tried to throw in the PropertiesToLoad lines; one for
each
property
that I was going to get. But that didn't make any difference.
Interesting
enough the account I am using (to login via login.aspx) to
list
this
directory is the same as the one I used to create the entries and
the
OU.
Do I need to pass on the credential (somewhere) to this page ?
or
do
I
need
to bind with the credential?
TIA

Here is my code before the foreach statements ..
String strPath = "LDAP://ou=" + txtOUName.Text +
",dc=domain,dc=com";
//Bind to the OU
DirectoryEntry myEnt = new DirectoryEntry(strPath);

//do a DirectorySearch
DirectorySearcher mySearcher = new
DirectorySearcher(myEnt);
mySearcher.PropertiesToLoad.Add("sn");
mySearcher.PropertiesToLoad.Add("givenName");
mySearcher.PropertiesToLoad.Add("telephoneNumber");

mySearcher.Filter = "(objectClass=user)";

SearchResultCollection resEntAll =
mySearcher.FindAll();


"Joe Kaplan (MVP - ADSI)"
<[email protected]>
wrote
in message What did you put in to PropertiesToLoad? Also, it is
possible
that
the
security context you bound with only has rights to see a subset
of
the
properties you requested.

Those are my two best guesses given what you've told us.

Joe K.

<dl> wrote in message
Hi
I have the following lines of code that are suppose to list
some
selected
properties of all the object entries in a SearchResult but the
code
is
only
listing one property ie. the 'sn' and the corresponding value
for
all
the
entries, do you have a clue why?
TIA
----------------------
foreach (SearchResult resEnt in resEntAll)
{
i++;
dr = dt.NewRow();
foreach (string propKy in
resEnt.Properties.PropertyNames)
{
switch (propKy)
{
case "sn":
y = 0;
break;
case "givenName":
y = 1;
break;
case "telephoneNumber":
y = 2;
break;
default:
y = 3;
break;
}
if (y < 3)
{
ResultPropertyValueCollection valco
=
resEnt.Properties[propKy];
foreach (Object prop in valco)
{
dr[y] = prop.ToString();
}
}
}
dt.Rows.Add(dr);
}

 

[Guest]

Hi Joe
Thanks for your guidance and your "code slightly differently". Finally I
got it moving and found that no authentication is required in this case,
because I have a login.aspx which has already created a cookie. The other
thing is I just duplicate your four lines of code couple times to include
all the properties I required. Just don't know why the second foreach loop
didn't work.

I really appreciate your help.

one last thing, I saw your reply to other thread on LDAP authentication,
just wonder why wouldn't you recommend using LDAP for authentication?

I guess I would probably write the code slightly differently:
if (res.Contains("sn"))
sn = (string) res.Properties["sn"][0];
else
sn = null;

Then, just put those string values in the data table.

You should not have to get the DirectoryEntry object to read the values.
They should be available from the search as the same security context is
being applied. Additionally, you never want to do this:
resEnt.GetDirectoryEntry().Properties("sn").Value
resEnt.GetDirectoryEntry().Properties("givenName").Value
resEnt.GetDirectoryEntry().Properties("telephoneNumber").Value

GetDirectoryEntry creates a new DirectoryEntry object with each call, so
that would allocate three of them and hit the network each time. Not good!
Also, DirectoryEntry objects should always be wrapped in a using statement
(or try/finally...dispose in VB.NET) to avoid memory leaks. The code above
will leak all three of those DirectoryEntry objects.

HTH,

Joe K.

Hi Joe / All

Here are the complete lines of code, again. Would you have the spare time
to
take the code and try it somewhere, just to see if you would get the same
results?

I am thinking of replacing the second foreach loop with
resEnt.GetDirectoryEntry().Properties("sn").Value
resEnt.GetDirectoryEntry().Properties("givenName").Value
resEnt.GetDirectoryEntry().Properties("telephoneNumber").Value

not sure if the above changes would make any difference, but I don't have
access to my development server yet, I will have to test run it later
today.

By the way, I have put this in a *.cs files and compile that to a library
and put under /bin.

TIA
--------------
public DataTable List(String CustOU, String CustDC)
{
//formating Dir path
//String uName = "cn=administrator, cn=Users, dc=domain,
dc=com";
String uName = "domain.com" + "\\" + "administrator";
String pwd = "admpwd";
String searchPath = "LDAP://ou=" + CustOU + "," + CustDC;
//Bind to the server and authenticate
DirectoryEntry entry = new DirectoryEntry(searchPath, uName,
pwd, AuthenticationTypes.Secure);
Object native = entry.NativeObject;

//do a DirectorySearch
DirectorySearcher mySearcher = new DirectorySearcher(entry);
mySearcher.PropertiesToLoad.Add("sn");
mySearcher.PropertiesToLoad.Add("givenName");
mySearcher.PropertiesToLoad.Add("telephoneNumber");

mySearcher.Filter = "(objectClass=user)";

SearchResultCollection resEntAll = mySearcher.FindAll();

//define a DataTable
DataTable dt = new DataTable();
DataRow dr;
dt.Columns.Add(new DataColumn("Last_Name", typeof(string)));
dt.Columns.Add(new DataColumn("Given_Name", typeof(string)));
dt.Columns.Add(new DataColumn("Telephone", typeof(string)));

//propagate result to a dataTable and return
//bool doWrite; not used
//string s, g, t;
int i = 0, y = 0;
foreach (SearchResult resEnt in resEntAll)
{
i++;
dr = dt.NewRow();
foreach (string propKy in resEnt.Properties.PropertyNames)
{
switch (propKy)
{
case "sn":
y = 0;
break;
case "givenName":
y = 1;
break;
case "telephoneNumber":
y = 2;
break;
default:
y = 3;
break;
}

if (y < 3)
{
ResultPropertyValueCollection valcol =
resEnt.Properties[propKy];
foreach (Object prop in valcol)
{
dr[y] = prop.ToString();
}
}
}
dt.Rows.Add(dr);
}
entry.Dispose();
return dt;
}


in message news:[email protected]...

Sorry, can you show the sample code that isn't working again? I lost the
other thread.

Joe K.

<dl> wrote in message I did changed to LDAP, and use NT name format, and yet getting same
results!

on the other hand, if authentication did work,
1. why would I get the same result even if no credential was

specified
in

the DirectoryEntry statement?
2. would there be something wrong with the SearchResult /
PropertyCollection
class, has anyone tried listing the properties using these class
before?
3. is there any other way to get the key:value pair from a
SearchResultCollection?

TIA

in message A few points here:

- lowercase "ldap" doesn't work in ADSI binding strings. Always use
LDAP.
- With AuthenticationTypes.Secure, don't use the DN syntax for
username.
Use either NT name (domain\user), UPN ([email protected]) or plain
username.
Note that domain\user and UPN work with all authenticationtypes, so they
are
the most flexible.

That said, if the search works in ldp.exe with those credentials, you
should
be able to get the same search working in S.DS. They use the same
mechanics
under the hood.

Joe K.

<dl> wrote in message Hi Joe and All

Here are the lines of code I have tried, but seems like authentication
was
not successful, as it returned just the sn whether or not (nName, pwd,
AuthenticationType.Secure) was specified. When I tried the same
credentials
with ldp.exe and I was able to get the attributes I wanted.

By the way, for my application setting, I have not turned on
impersonation
yet, but I assume this should not make any difference as

credential
was

specified when doing the bind, right? Did I do anything wrong in
binding?
Any idea?

TIA


String uName = "cn=Administrator, cn=Users, dc=domain,
dc=com";
String pwd = "admpwd";
String searchPath = "ldap://ou=myou, dc=domain, dc=com";
//Bind to the server and authenticate
DirectoryEntry entry = new DirectoryEntry(searchPath, uName,
pwd, AuthenticationTypes.Secure);
//DirectoryEntry entry = new DirectoryEntry(searchPath);
Object native = entry.NativeObject;

//do a DirectorySearch
DirectorySearcher mySearcher = new DirectorySearcher(entry);
mySearcher.PropertiesToLoad.Add("sn");
mySearcher.PropertiesToLoad.Add("givenName");
mySearcher.PropertiesToLoad.Add("telephoneNumber");

mySearcher.Filter = "(objectClass=user)";

SearchResultCollection resEntAll = mySearcher.FindAll();


"Joe Kaplan (MVP - ADSI)"

wrote
in message I'm not sure of any good articles or books (yet). MS has an
article
for
forms auth with AD that I rarely recommend to people because I
think
it
is
pretty flawed, but you can look at it.

http://support.microsoft.com/default.aspx?scid=kb;en-us;326340

The next thing I'd try is using a utility to ldp.exe to try your
searches
there and see if you get similar results. Sometimes it is

helpful
to

get
the extra layers out of the way and test things in a UI.

You might also try the contains method to verify whether the
SearchResult.Properties has the attributes you want.

Joe K.

<dl> wrote in message Hi Joe
I just tried passing in the credentials with DirectoryEntry(strpath,
uName,
pwd, AuthenticationTypes.Secure) but it is still giving me the last
name
only!

I guess I might have to revisit my whole dev setup for forms
authentication.
Is there a place / book I can look into about forms
authentication
with
AD
in ASP.NET? I thing I need to workout a checklist in each area.

TIA


"Joe Kaplan (MVP - ADSI)"

wrote
in message The directoryentry used for the searchroot object determines the
security
context that the search is performed with. It is possible

that
you

are
authenticating anonymously, and thus can't see many properties.
You
can
verify this by passing in credentials to the DirectoryEntry before
executing
the search and seeing if you get different results. If so, that
was
the
problem.

If that is the problem, there are other ways to solve it than using
a
hard-coded service account, but it is the easiest way to

verify
the

issue.

Joe K.

<dl> wrote in message
I did tried to throw in the PropertiesToLoad lines; one for
each
property
that I was going to get. But that didn't make any difference.
Interesting
enough the account I am using (to login via login.aspx) to
list
this
directory is the same as the one I used to create the

entries
and

the
OU.
Do I need to pass on the credential (somewhere) to this page ?
or
do
I
need
to bind with the credential?
TIA

Here is my code before the foreach statements ..
String strPath = "LDAP://ou=" + txtOUName.Text +
",dc=domain,dc=com";
//Bind to the OU
DirectoryEntry myEnt = new DirectoryEntry(strPath);

//do a DirectorySearch
DirectorySearcher mySearcher = new
DirectorySearcher(myEnt);
mySearcher.PropertiesToLoad.Add("sn");
mySearcher.PropertiesToLoad.Add("givenName");
mySearcher.PropertiesToLoad.Add("telephoneNumber");

mySearcher.Filter = "(objectClass=user)";

SearchResultCollection resEntAll =
mySearcher.FindAll();


"Joe Kaplan (MVP - ADSI)"
<[email protected]>
wrote
in message What did you put in to PropertiesToLoad? Also, it is
possible
that
the
security context you bound with only has rights to see a subset
of
the
properties you requested.

Those are my two best guesses given what you've told us.

Joe K.

<dl> wrote in message
Hi
I have the following lines of code that are suppose to list
some
selected
properties of all the object entries in a SearchResult

but
the

code
is
only
listing one property ie. the 'sn' and the corresponding value
for
all
the
entries, do you have a clue why?
TIA
----------------------
foreach (SearchResult resEnt in resEntAll)
{
i++;
dr = dt.NewRow();
foreach (string propKy in
resEnt.Properties.PropertyNames)
{
switch (propKy)
{
case "sn":
y = 0;
break;
case "givenName":
y = 1;
break;
case "telephoneNumber":
y = 2;
break;
default:
y = 3;
break;
}
if (y < 3)
{
ResultPropertyValueCollection valco
=
resEnt.Properties[propKy];
foreach (Object prop in valco)
{
dr[y] = prop.ToString();
}
}
}
dt.Rows.Add(dr);
}

 

[Joe Kaplan \(MVP - ADSI\)]

LDAP isn't really an authentication protocol. LDAP simple bind is totally
insecure (passes plain text credentials on network), so unless it is
combined with SSL on the LDAP server, you shouldn't use it. You can use
Secure bind with LDAP on AD, but that is essentially just using Kerberos or
NTLM anyway.

Another problem with LDAP auth, especially with System.DirectoryServices, is
that it doesn't scale. Due to the way ADSI works, it will open a new
connection to the LDAP server for each new user authenticated. If you have
many simultaneous users, you will likely run out of TCP/IP wild card ports.

Don't get me wrong, there are some valid uses for LDAP as an auth protocol.
However, it is generally better to use SSPI if you can. Also, in many
instances where people are using Forms auth against AD, they would have been
better off just using Windows auth in the first place. It just depends.

The downside is that the only easy mechanism MS gives you in .NET 1.x to
authenticate against AD programmatically is LDAP/S.DS. Most of these other
APIs require p/invoke and some more complicated programming. The story is
better with .NET 2.0.

Joe K.

Hi Joe
Thanks for your guidance and your "code slightly differently". Finally I
got it moving and found that no authentication is required in this case,
because I have a login.aspx which has already created a cookie. The other
thing is I just duplicate your four lines of code couple times to include
all the properties I required. Just don't know why the second foreach
loop
didn't work.

I really appreciate your help.

one last thing, I saw your reply to other thread on LDAP authentication,
just wonder why wouldn't you recommend using LDAP for authentication?

I guess I would probably write the code slightly differently:
if (res.Contains("sn"))
sn = (string) res.Properties["sn"][0];
else
sn = null;

Then, just put those string values in the data table.

You should not have to get the DirectoryEntry object to read the values.
They should be available from the search as the same security context is
being applied. Additionally, you never want to do this:
resEnt.GetDirectoryEntry().Properties("sn").Value
resEnt.GetDirectoryEntry().Properties("givenName").Value
resEnt.GetDirectoryEntry().Properties("telephoneNumber").Value

GetDirectoryEntry creates a new DirectoryEntry object with each call, so
that would allocate three of them and hit the network each time. Not good!
Also, DirectoryEntry objects should always be wrapped in a using
statement
(or try/finally...dispose in VB.NET) to avoid memory leaks. The code above
will leak all three of those DirectoryEntry objects.

HTH,

Joe K.

Hi Joe / All

Here are the complete lines of code, again. Would you have the spare time
to
take the code and try it somewhere, just to see if you would get the same
results?

I am thinking of replacing the second foreach loop with
resEnt.GetDirectoryEntry().Properties("sn").Value
resEnt.GetDirectoryEntry().Properties("givenName").Value
resEnt.GetDirectoryEntry().Properties("telephoneNumber").Value

not sure if the above changes would make any difference, but I don't have
access to my development server yet, I will have to test run it later
today.

By the way, I have put this in a *.cs files and compile that to a library
and put under /bin.

TIA
--------------
public DataTable List(String CustOU, String CustDC)
{
//formating Dir path
//String uName = "cn=administrator, cn=Users, dc=domain,
dc=com";
String uName = "domain.com" + "\\" + "administrator";
String pwd = "admpwd";
String searchPath = "LDAP://ou=" + CustOU + "," + CustDC;
//Bind to the server and authenticate
DirectoryEntry entry = new DirectoryEntry(searchPath, uName,
pwd, AuthenticationTypes.Secure);
Object native = entry.NativeObject;

//do a DirectorySearch
DirectorySearcher mySearcher = new DirectorySearcher(entry);
mySearcher.PropertiesToLoad.Add("sn");
mySearcher.PropertiesToLoad.Add("givenName");
mySearcher.PropertiesToLoad.Add("telephoneNumber");

mySearcher.Filter = "(objectClass=user)";

SearchResultCollection resEntAll = mySearcher.FindAll();

//define a DataTable
DataTable dt = new DataTable();
DataRow dr;
dt.Columns.Add(new DataColumn("Last_Name", typeof(string)));
dt.Columns.Add(new DataColumn("Given_Name",
typeof(string)));
dt.Columns.Add(new DataColumn("Telephone", typeof(string)));

//propagate result to a dataTable and return
//bool doWrite; not used
//string s, g, t;
int i = 0, y = 0;
foreach (SearchResult resEnt in resEntAll)
{
i++;
dr = dt.NewRow();
foreach (string propKy in resEnt.Properties.PropertyNames)
{
switch (propKy)
{
case "sn":
y = 0;
break;
case "givenName":
y = 1;
break;
case "telephoneNumber":
y = 2;
break;
default:
y = 3;
break;
}

if (y < 3)
{
ResultPropertyValueCollection valcol =
resEnt.Properties[propKy];
foreach (Object prop in valcol)
{
dr[y] = prop.ToString();
}
}
}
dt.Rows.Add(dr);
}
entry.Dispose();
return dt;
}


in message Sorry, can you show the sample code that isn't working again? I lost the
other thread.

Joe K.

<dl> wrote in message I did changed to LDAP, and use NT name format, and yet getting same
results!

on the other hand, if authentication did work,
1. why would I get the same result even if no credential was specified
in
the DirectoryEntry statement?
2. would there be something wrong with the SearchResult /
PropertyCollection
class, has anyone tried listing the properties using these class
before?
3. is there any other way to get the key:value pair from a
SearchResultCollection?

TIA

"Joe Kaplan (MVP - ADSI)" <[email protected]>
wrote
in message A few points here:

- lowercase "ldap" doesn't work in ADSI binding strings. Always use
LDAP.
- With AuthenticationTypes.Secure, don't use the DN syntax for
username.
Use either NT name (domain\user), UPN ([email protected]) or plain
username.
Note that domain\user and UPN work with all authenticationtypes, so
they
are
the most flexible.

That said, if the search works in ldp.exe with those credentials, you
should
be able to get the same search working in S.DS. They use the same
mechanics
under the hood.

Joe K.

<dl> wrote in message Hi Joe and All

Here are the lines of code I have tried, but seems like
authentication
was
not successful, as it returned just the sn whether or not (nName,
pwd,
AuthenticationType.Secure) was specified. When I tried the same
credentials
with ldp.exe and I was able to get the attributes I wanted.

By the way, for my application setting, I have not turned on
impersonation
yet, but I assume this should not make any difference as credential
was
specified when doing the bind, right? Did I do anything wrong in
binding?
Any idea?

TIA


String uName = "cn=Administrator, cn=Users, dc=domain,
dc=com";
String pwd = "admpwd";
String searchPath = "ldap://ou=myou, dc=domain, dc=com";
//Bind to the server and authenticate
DirectoryEntry entry = new DirectoryEntry(searchPath,
uName,
pwd, AuthenticationTypes.Secure);
//DirectoryEntry entry = new DirectoryEntry(searchPath);
Object native = entry.NativeObject;

//do a DirectorySearch
DirectorySearcher mySearcher = new
DirectorySearcher(entry);
mySearcher.PropertiesToLoad.Add("sn");
mySearcher.PropertiesToLoad.Add("givenName");
mySearcher.PropertiesToLoad.Add("telephoneNumber");

mySearcher.Filter = "(objectClass=user)";

SearchResultCollection resEntAll = mySearcher.FindAll();


"Joe Kaplan (MVP - ADSI)"

wrote
in message I'm not sure of any good articles or books (yet). MS has an
article
for
forms auth with AD that I rarely recommend to people because I
think
it
is
pretty flawed, but you can look at it.

http://support.microsoft.com/default.aspx?scid=kb;en-us;326340

The next thing I'd try is using a utility to ldp.exe to try your
searches
there and see if you get similar results. Sometimes it is helpful
to
get
the extra layers out of the way and test things in a UI.

You might also try the contains method to verify whether the
SearchResult.Properties has the attributes you want.

Joe K.

<dl> wrote in message Hi Joe
I just tried passing in the credentials with
DirectoryEntry(strpath,
uName,
pwd, AuthenticationTypes.Secure) but it is still giving me the
last
name
only!

I guess I might have to revisit my whole dev setup for forms
authentication.
Is there a place / book I can look into about forms
authentication
with
AD
in ASP.NET? I thing I need to workout a checklist in each
area.

TIA


"Joe Kaplan (MVP - ADSI)"
<[email protected]>
wrote
in message The directoryentry used for the searchroot object determines the
security
context that the search is performed with. It is possible that
you
are
authenticating anonymously, and thus can't see many properties.
You
can
verify this by passing in credentials to the DirectoryEntry
before
executing
the search and seeing if you get different results. If so, that
was
the
problem.

If that is the problem, there are other ways to solve it than
using
a
hard-coded service account, but it is the easiest way to verify
the
issue.

Joe K.

<dl> wrote in message
I did tried to throw in the PropertiesToLoad lines; one for
each
property
that I was going to get. But that didn't make any difference.
Interesting
enough the account I am using (to login via login.aspx) to
list
this
directory is the same as the one I used to create the entries
and
the
OU.
Do I need to pass on the credential (somewhere) to this
page ?
or
do
I
need
to bind with the credential?
TIA

Here is my code before the foreach statements ..
String strPath = "LDAP://ou=" + txtOUName.Text +
",dc=domain,dc=com";
//Bind to the OU
DirectoryEntry myEnt = new DirectoryEntry(strPath);

//do a DirectorySearch
DirectorySearcher mySearcher = new
DirectorySearcher(myEnt);
mySearcher.PropertiesToLoad.Add("sn");
mySearcher.PropertiesToLoad.Add("givenName");
mySearcher.PropertiesToLoad.Add("telephoneNumber");

mySearcher.Filter = "(objectClass=user)";

SearchResultCollection resEntAll =
mySearcher.FindAll();


"Joe Kaplan (MVP - ADSI)"
<[email protected]>
wrote
in message What did you put in to PropertiesToLoad? Also, it is
possible
that
the
security context you bound with only has rights to see a
subset
of
the
properties you requested.

Those are my two best guesses given what you've told us.

Joe K.

<dl> wrote in message
Hi
I have the following lines of code that are suppose to list
some
selected
properties of all the object entries in a SearchResult but
the
code
is
only
listing one property ie. the 'sn' and the corresponding
value
for
all
the
entries, do you have a clue why?
TIA
----------------------
foreach (SearchResult resEnt in resEntAll)
{
i++;
dr = dt.NewRow();
foreach (string propKy in
resEnt.Properties.PropertyNames)
{
switch (propKy)
{
case "sn":
y = 0;
break;
case "givenName":
y = 1;
break;
case "telephoneNumber":
y = 2;
break;
default:
y = 3;
break;
}
if (y < 3)
{
ResultPropertyValueCollection valco
=
resEnt.Properties[propKy];
foreach (Object prop in valco)
{
dr[y] = prop.ToString();
}
}
}
dt.Rows.Add(dr);
}