tags:

views:

1443

answers:

2
+2  Q: 

DirectoryEntry memberOf property returns full path

I need just the commonName of the groups a user is a member of.

DirectoryEntry user = new DirectoryEntry("LDAP://cn=myuser....");
foreach(string path in user.Properties["memberOf"])
    Console.WriteLine(path);

then the memberOf property contains a set of strings, the full paths of the groups. That's makes sense, but it's not what I want.

I'm pretty sure I shoudn't new up a DirectoryEntry for each of those paths to get the common name, but is it the best idea to simply parse out the cn from the path? (that seems rather brutish)

There must be a better way to get a SearchResults of groups a users is a member of.

BTW, this is .NET 2, so I can't do any of the fancy LINQ to AD stuff nor do I have access to the new bits in DirectoryServices for ActiveDirectory.

A: 

Unfortunately there is no better way in .NET 2.0 than what you describe. The memberOf attribute simply contains the full distinguished names of all groups the user is a member of so your best solution is to parse each distinguished name.

Ronald Wildenberg  2009-05-06 11:26:44
+2  A: 

The CN is not necessarily equal to the name of the group. Parsing it out of the DN is not recommendable, since the DN is escaped. You would need to query the directory for the objects.

To retrieve a single object, set the search base to it's distinguished name, the search scope to "base" and issue the query.

Caching the query results in your app to avoid issuing the same LDAP query more than once is advisable (in case you retrieve the memberOf of more than one object in a row).

Sample code (right off the MSDN, only slightly modified):

string dn = "LDAP://CN=Group Name,ON=Groups,DC=fabrikam,DC=com";

// Bind to a specific group.
DirectoryEntry entry = new DirectoryEntry(dn);

// Create a DirectorySearcher object.
DirectorySearcher mySearcher = new DirectorySearcher(entry);
mySearcher.SearchScope = SearchScope.Base;
mySearcher.PropertiesToLoad.Add("displayName"); 

// Use the FindOne method to find the group object.
SearchResult resEnt = mySearcher.FindOne();
Tomalak  2009-05-06 11:40:26

related questions

Querying Active Directory with "SQL"?
Can I get more than 1000 records from a DirectorySearcher in Asp.Net?
How to get AD User Groups for user in Asp.Net?
Attempting to update a user's "connect to:" home directory path in AD using C#
Monitoring group membership in Active Directory more efficiently (C# .NET)
How do I speed up data retrieval from .NET AD within ColdFusion
How do you authenticate against an Active Directory server using Spring Security?
Managing large user databases for single-signon.
Move Active Directory Group to Another OU using Powershell
How to move SharePoint sites from one active directory domain to another?
When did I last talk to my Domain Server?
Using ActiveDirectoryMembershipProvider with two domain controllers
I am having trouble getting phpBB to authenticate with our Active Directory
How do I use ADAM to run unit tests?
COMException "Library not registered." while using System.DirectoryServices
Caching Active Directory Data
Windows / Active Directory - User / Groups
Get a list of available domains (NT4 and Active Directory)
How do I use NTLM authentication with Active Directory
I/O permission settings using .net installer
quoting System.DirectoryServices.ResultPropertyCollection
How do you impersonate an Active Directory user in Powershell?
Setting Group Type for new Active Directory Entry in VB.NET
Is there a way for MS Access to grab the current Active Directory user?
Checklist for IIS 6/ASP.NET Windows Authentication?