How do you figure out the LDAP://? ("Error authenticating. Error authenticating user. The specified

Discussion in 'ASP .Net' started by mrwoopey, Jun 24, 2003.

  1. mrwoopey

    mrwoopey Guest

    Hi,

    I am using the example "Authenticate against the Active Directory by
    Using Forms Authentication and Visual Basic .NET":

    http://support.microsoft.com/default.aspx?scid=KB;EN-US;326340

    But I am having a problem figuring out the LDAP://

    The LDAP:// that I pass looks like this (i substitued generic the
    following with generic name):

    Dim adPath as String =
    LDAP://DC=SomeDomainControllerComputerThatHasActiveDirectory"

    But I am receiveing the following message when I try to log in with
    the example:
    "Error authenticating. Error authenticating user. The specified domain
    either does not exist or could not be contacted"

    How do I figure out how my "LDAP://" should look like?

    Thanks,

    Phin
    mrwoopey, Jun 24, 2003
    #1
    1. Advertising

  2. mrwoopey

    mrwoopey Guest

    Hi Marc,

    Thanks for the tip, it worked! The thing that doesn't work now is
    trying to find the group that the user is in ("Error obtaining group
    names"). So, I commented out the code "adAuth.GetGroups()". Does
    anybody know how to get "adAuth.GetGroups()" working from the example:

    http://support.microsoft.com/default.aspx?scid=KB;EN-US;326340

    Besides that I can log in. Do I really need to check for group name?

    Thanks,

    Phin

    "Marc Nivens [MSFT]" <> wrote in message news:<>...
    > DC= should be followed by a domain DN, not a servername. If you want to
    > bind to DC1 in domain domain.com, you would use this:
    >
    > LDAP://DC1/DC=domain,DC=com
    >
    > If you use serverless binding, you would just use:
    >
    > LDAP://DC=domain,DC=com
    >
    > --
    > Marc Nivens
    > Enterprise Messaging Support
    >
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    > Use of included script samples are subject to the terms specified at
    > http://www.microsoft.com/info/cpyright.htm
    >
    >
    > "mrwoopey" <> wrote in message
    > news:...
    > > Hi,
    > >
    > > I am using the example "Authenticate against the Active Directory by
    > > Using Forms Authentication and Visual Basic .NET":
    > >
    > > http://support.microsoft.com/default.aspx?scid=KB;EN-US;326340
    > >
    > > But I am having a problem figuring out the LDAP://
    > >
    > > The LDAP:// that I pass looks like this (i substitued generic the
    > > following with generic name):
    > >
    > > Dim adPath as String =
    > > LDAP://DC=SomeDomainControllerComputerThatHasActiveDirectory"
    > >
    > > But I am receiveing the following message when I try to log in with
    > > the example:
    > > "Error authenticating. Error authenticating user. The specified domain
    > > either does not exist or could not be contacted"
    > >
    > > How do I figure out how my "LDAP://" should look like?
    > >
    > > Thanks,
    > >
    > > Phin
    mrwoopey, Jun 25, 2003
    #2
    1. Advertising

  3. That function is probably failing because the SearchRoot used by the
    DirectorySearcher needs to be built with a specific server name and login
    credentials, much like the bind operation you did to authenticate the user
    in the first place.

    If you replace the line:

    Dim search As DirectorySearcher = New DirectorySearcher(_path)

    with:
    Dim search As DirectorySearcher = New DirectorySearcher(rootEntry)

    Where rootEntry is a DirectoryEntry object built the same way you built the
    entry to get the authentication to work, then you should be fine.

    That said, in my opinion this example from Microsoft is very flawed and
    probably should not be used. Using memberOf does not give you nested group
    membership, does not ensure that the groups are security groups and does not
    include the user's primary group. A much better solution is to use the
    tokenGroups attribute on the current user to get their full transitive
    security group membership. The trick is that this attribute returns an
    array of SID structures as byte(), so they are a bit harder to resolve back
    into names (but certainly not impossible).

    Normally, you are interested in the group names if you want to build an
    IPrincipal object in order to make role-based authorization decisions. If a
    simple authentication (in or out of the site) is adequate for your needs,
    then you could easily just skip this whole mess and be done with it.
    Normally, you need role-based authorization if certain users are allowed to
    perform certain actions that others are not and you need an easy way to
    distinguish them at runtime.

    I hope that helps,

    Joe K.

    "mrwoopey" <> wrote in message
    news:...
    > Hi Marc,
    >
    > Thanks for the tip, it worked! The thing that doesn't work now is
    > trying to find the group that the user is in ("Error obtaining group
    > names"). So, I commented out the code "adAuth.GetGroups()". Does
    > anybody know how to get "adAuth.GetGroups()" working from the example:
    >
    > http://support.microsoft.com/default.aspx?scid=KB;EN-US;326340
    >
    > Besides that I can log in. Do I really need to check for group name?
    >
    > Thanks,
    >
    > Phin
    >
    > "Marc Nivens [MSFT]" <> wrote in message

    news:<>...
    > > DC= should be followed by a domain DN, not a servername. If you want to
    > > bind to DC1 in domain domain.com, you would use this:
    > >
    > > LDAP://DC1/DC=domain,DC=com
    > >
    > > If you use serverless binding, you would just use:
    > >
    > > LDAP://DC=domain,DC=com
    > >
    > > --
    > > Marc Nivens
    > > Enterprise Messaging Support
    > >
    > > This posting is provided "AS IS" with no warranties, and confers no

    rights.
    > > Use of included script samples are subject to the terms specified at
    > > http://www.microsoft.com/info/cpyright.htm
    > >
    > >
    > > "mrwoopey" <> wrote in message
    > > news:...
    > > > Hi,
    > > >
    > > > I am using the example "Authenticate against the Active Directory by
    > > > Using Forms Authentication and Visual Basic .NET":
    > > >
    > > > http://support.microsoft.com/default.aspx?scid=KB;EN-US;326340
    > > >
    > > > But I am having a problem figuring out the LDAP://
    > > >
    > > > The LDAP:// that I pass looks like this (i substitued generic the
    > > > following with generic name):
    > > >
    > > > Dim adPath as String =
    > > > LDAP://DC=SomeDomainControllerComputerThatHasActiveDirectory"
    > > >
    > > > But I am receiveing the following message when I try to log in with
    > > > the example:
    > > > "Error authenticating. Error authenticating user. The specified domain
    > > > either does not exist or could not be contacted"
    > > >
    > > > How do I figure out how my "LDAP://" should look like?
    > > >
    > > > Thanks,
    > > >
    > > > Phin
    Joe Kaplan \(MVP - ADSI\), Jun 25, 2003
    #3
  4. mrwoopey

    mrwoopey Guest

    Joe,

    Thanks for your input. I'll try it!

    thanks,

    Phin
    mrwoopey, Jun 30, 2003
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. bugnthecode
    Replies:
    5
    Views:
    4,006
    Brandon McCombs
    Feb 8, 2007
  2. Ron
    Replies:
    2
    Views:
    121
    Randy Rahbar
    Sep 29, 2003
  3. John
    Replies:
    2
    Views:
    125
    Bob Barrows
    Sep 30, 2003
  4. J H
    Replies:
    1
    Views:
    121
    Roland Hall
    May 22, 2004
  5. DejaUser
    Replies:
    0
    Views:
    172
    DejaUser
    Dec 23, 2004
Loading...

Share This Page