Hi All, I know how to authenticate username and password using LDAP after reviewing this site and others. But my question is our client does not give permission to any username or password to bind itself to active directory. I mean there is admin kind of uname and password which is used to bind first and then you have to provide your actual username and password. Could anyone please let me know how could I accomplish this?
+1
A:
Typically you find some manner of binding, that allows you to search for the full DN of your target user, based on whatever information you got out of them. For example, you might ask for a username and password to log in with, and that username might be their sAMAccountName is AD. Or perhaps their email address in AD.
Then you would query either mail or sAMAccountname via a bind as an Admin user or as an anonymous bind, or something else they allow to find the full DN of that user.
Finally you would perhaps do a password compare to test the DN's password against the value they entered on the login page.
geoffc
2010-07-19 15:25:32
Thanks for quick answer. I am using following to bind with the server and authenticating actual username and password.DirectoryEntry entry = new DirectoryEntry("LDAP://domain", "adminUname", "adminPwd") entry.Username = "actual Username"; entry.Password = "actual Password"; entry.RefreshCache(); I have to produce this scenario and give them a build. But here in my development environment, eventhough I provide wrong adminuname/adminpwd, it still binds the directory and authenticates the actual uname and password. How could I make sure that this code would work client side also?
hitesh
2010-07-19 15:56:52
I wonder if you are running into a LDAP interesting working as designed behavior... An LDAP bind with no password counts as a successful anonymous bind. on eDirectory, in DStrace, you can see this happen quite obviously (It actually tells you it happened). Not sure where logging in AD for this is, if at all.
geoffc
2010-07-19 16:29:52