ADAM authentication

B

Bill Belliveau

I've been kicking around ADAM on a 2003 server for a couple of days and after getting the major classes in the schema and making a few objects, now I'm ready to programitically test it. I am able to use the LDP tool locally or remotely to logon as a Windows Identity (admin) or as an ADAM user. I have written code to get AD objects but cant get any ADAM code working nor the examples from the documentation. I'm not sure if this is an ADAM issue or if it has more to do with my unfamiliarity with the Directory

Below is a mess of code I've blindly been stabing around with. The exceptions I get are usually either the famous "operations error" or "unwilling to process the request" unless I'm reading the rootdse, so it seems to be a security issue. I'm accessing from a Windows 2000 box which seems to have security issues with ADAM, however LDP works.

Ideas
Bil

-- messy code begin-
DirectoryEntry myEntry = new DirectoryEntry()
//myEntry.AuthenticationType = AuthenticationTypes.Encryption | AuthenticationTypes.Signing
//myEntry.Path = @"LDAP://computer:50000/cn=mary baker,ou=adam users,o=microsoft,c=us"
//myEntry.Path = @"LDAP://computer:50000/o=microsoft"
//myEntry.Path = @"LDAP://computer:50000/cn=mary baker,ou=adam users,o=microsoft,c=us"
myEntry.Path = @"LDAP://computer:50000/rootdse"
myEntry.Password = ""
myEntry.Username = @"localcompany\Administrator"

tr

Debug.Write(myEntry.Guid)
Object obj = myEntry.NativeObject

catch(Exception Ex

Debug.Write(Ex.ToString())
Debug.Write(Ex.InnerException)
Debug.Write(Ex.Source)
Debug.Write(Ex.HelpLink);
Debug.Write((System.Runtime.InteropServices.Marshal.GetLastWin32Error()).ToString())

//tr
//
//DirectoryEntry myEntry = new DirectoryEntry("LDAP://computer:50000/o=microsoft")
/
//myEntry.AuthenticationType = AuthenticationTypes.Encryption | AuthenticationTypes.Signing
//Debug.Write(myEntry.Name + myEntry.Guid)
//Debug.Write("Logon = true")
//
//catch(Exception Ex
//
//Debug.Write(Ex.ToString())
//Debug.Write(Ex.InnerException)
//Debug.Write(Ex.Source)
//Debug.Write(Ex.HelpLink);
//Debug.Write((System.Runtime.InteropServices.Marshal.GetLastWin32Error()).ToString())
//
-------
 
J

Joe Kaplan \(MVP - ADSI\)

Since no one else chimed in, I did a little bit more poking around on this.
I haven't done a lot with ADAM yet and have not successfully set a password
on an ADAM user yet (need a hotfix I think), but here are a couple of
things:

With an AD user, you should be able to bind with AuthenticationTypes.Secure
always. Generally you can pass the username in domain\username format, upn
format ([email protected]), distinguished name, or plain user name (although
that only works with Secure binding).

With ADAM users, I believe you need to use the distinguished name of the
user for the username. I don't think you can use Secure binding, so if you
want to avoid plaintext binds, you need to use SSL.

To get more details, I'd suggest you follow up in the
microsoft.public.windows.server.active_directory newsgroup. Dmitri or Eric
are much deeper in ADAM than I am and should be able to fill in the details.

Joe K.

Bill Belliveau said:
I've been kicking around ADAM on a 2003 server for a couple of days and
after getting the major classes in the schema and making a few objects, now
I'm ready to programitically test it. I am able to use the LDP tool locally
or remotely to logon as a Windows Identity (admin) or as an ADAM user. I
have written code to get AD objects but cant get any ADAM code working nor
the examples from the documentation. I'm not sure if this is an ADAM issue
or if it has more to do with my unfamiliarity with the Directory.
Below is a mess of code I've blindly been stabing around with. The
exceptions I get are usually either the famous "operations error" or
"unwilling to process the request" unless I'm reading the rootdse, so it
seems to be a security issue. I'm accessing from a Windows 2000 box which
seems to have security issues with ADAM, however LDP works.
 
B

Bill Belliveau

Thanks Joe, that is the same understanding I have
I got WindowsIdentity working in ADAM when the AuthenticationTypes are set to secure. I'm guessing that to write with a WindowsIdentity you also need to set the Sign and Encrypt flags based the LDP usage from the ADAM documentation

For the moment I've been pulled into another area, but when this comes up again (and it will) I'll be sure to post a message to the AD group

You've been a very helpful sounding board, thanks for all the input
Bil

----- Joe Kaplan (MVP - ADSI) wrote: ----

Since no one else chimed in, I did a little bit more poking around on this
I haven't done a lot with ADAM yet and have not successfully set a passwor
on an ADAM user yet (need a hotfix I think), but here are a couple o
things

With an AD user, you should be able to bind with AuthenticationTypes.Secur
always. Generally you can pass the username in domain\username format, up
format ([email protected]), distinguished name, or plain user name (althoug
that only works with Secure binding)

With ADAM users, I believe you need to use the distinguished name of th
user for the username. I don't think you can use Secure binding, so if yo
want to avoid plaintext binds, you need to use SSL

To get more details, I'd suggest you follow up in th
microsoft.public.windows.server.active_directory newsgroup. Dmitri or Eri
are much deeper in ADAM than I am and should be able to fill in the details

Joe K.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads


Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top