Re: Authenticating users using asp.net/vb.net against iPlanet LDAP
From: Vinay (vinay_hs@nospam.yahoo.com)
Date: 11/13/02
- Next message: Joe Kaplan: "Re: Authenticating users using asp.net/vb.net against iPlanet LDAP"
- Previous message: Windows Forms Team: "Re: running winform exe from the web"
- In reply to: Joe Kaplan: "Re: Authenticating users using asp.net/vb.net against iPlanet LDAP"
- Next in thread: Joe Kaplan: "Re: Authenticating users using asp.net/vb.net against iPlanet LDAP"
- Reply: Joe Kaplan: "Re: Authenticating users using asp.net/vb.net against iPlanet LDAP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Vinay" <vinay_hs@nospam.yahoo.com> Date: Wed, 13 Nov 2002 13:49:10 -0800
Hi Joe:
When you mentioned 'bind with the dir with any username and pws using SSL'
did you mean using something other than ADSI? If yes, how can I test/do
this?
By the looks of it I can bind anonymously...since I get the adsPath for the
user.
Vinay
"Joe Kaplan" <ilearnedthisthehardway@noway.com> wrote in message
news:eqz0z#0iCHA.2636@tkmsftngp08...
> Your code looks fine to me. This sounds like an SSL problem of some sort.
> Can you bind to the directory with any username and password using SSL
> (AuthenticationTypes.SecureSocketsLayer)? Can you bind anonymously?
>
> Good luck. Hopefully someone else will have some other trouble shooting
> ideas.
>
> Joe K.
>
> "Vinay" <vinay_hs@nospam.yahoo.com> wrote in message
> news:euSeYA0iCHA.2616@tkmsftngp11...
> > Hi All:
> >
> > I've been trying to figure this out on and off for a while now...but now
I
> > really do need to get this sorted out and working. Would appreciate some
> > help on this!
> >
> > Background:
> > We are developing an using asp.net. Users of this app first need to
login
> to
> > the system (the login is using their email address and domain password).
> > This system is hosted on a Win2K server. Users need to be authenticated
> > against an iPlanet LDAP server. The win2K server is within the
> > organization's firewall.
> >
> > The win2k server has a certificate that has been installed on it. (Used
> the
> > generate certificate request etc..process in IIS for this). The
company's
> IT
> > dept sent us back the certificate, which we then installed. This is
> > apparently necessary in order to communicate with the ldap server using
> SSL.
> >
> > The code I am using to try and do the authentication is:
> >
> >
>
****************************************************************************
> > Dim ds As DirectoryServices.DirectorySearcher
> > Dim oSRAll As DirectoryServices.SearchResultCollection
> > Dim cPath As String
> > Dim oVerify As DirectoryServices.DirectoryEntry
> >
> > Dim de As New
> >
>
DirectoryServices.DirectoryEntry("LDAP://ldap.company.com:389/uid=user@compa
> > ny.com, ou=employees,o=company.com", "user@company.com", "password",
> > System.DirectoryServices.AuthenticationTypes.Anonymous)
> >
> > ds = New DirectoryServices.DirectorySearcher(de)
> > ds.Filter = "(mail=user@company.com)"
> > ds.PropertiesToLoad.Add("mail")
> > ds.PropertiesToLoad.Add("givenName")
> > ds.PropertiesToLoad.Add("adsPath")
> >
> > Dim sr As DirectoryServices.SearchResult
> > Dim fullname As String
> > Dim email As String
> >
> > oSRAll = ds.FindAll
> > 'MsgBox(oSRAll.Count)
> > For Each sr In oSRAll
> > cPath = sr.Properties("adsPath")(0)
> > Next
> >
> > MsgBox(cPath)
> >
> > Try
> >
> > oVerify = New DirectoryServices.DirectoryEntry(cPath,
"user@company.com",
> > "password",
> System.DirectoryServices.AuthenticationTypes.SecureSocketsLayer)
> >
> > MsgBox(oVerify.Properties("distingushedName").Value)
> >
> > Catch
> >
> > MsgBox("Not authenticated")
> >
> > End Try
> >
> >
>
****************************************************************************
> > ***************************************
> >
> > Here is what happens with the above code-
> >
> > When I create the directoryentry the first time, anonymously, and filter
> > based on the (mail=user@company.com) and retrieve the adsPath this works
> > fine. I do this using port 389, which is meant for anonymous access.
> >
> > Using the adsPath (and changing the port to 636) I then try to create
the
> > user object, by passing the emailID (which is what the ldap document of
> the
> > company says I should use) and the NT domain password. This is where it
> > fails. Even the errors I get don't seem to be consistent. Sometimes the
> > error is 'Server not operational' at other times it is 'Object does not
> > exist'.
> >
> > As is probably obvious, my knowledge of server certificates, using
> adsi/ldap
> > is pretty limited...and I am yet learning, which leads me to assume I am
> > missing something very obvious here. Would appreciate it very much if
> > someone could help me out here! I need to get the authentication process
> > working pretty soon!
> >
> > TIA!
> >
> > Vinay
> > vinay_hs@nospam.yahoo.com
> >
> >
>
>
- Next message: Joe Kaplan: "Re: Authenticating users using asp.net/vb.net against iPlanet LDAP"
- Previous message: Windows Forms Team: "Re: running winform exe from the web"
- In reply to: Joe Kaplan: "Re: Authenticating users using asp.net/vb.net against iPlanet LDAP"
- Next in thread: Joe Kaplan: "Re: Authenticating users using asp.net/vb.net against iPlanet LDAP"
- Reply: Joe Kaplan: "Re: Authenticating users using asp.net/vb.net against iPlanet LDAP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
