Re: VB.NET LDAP Class

• Previous message: Ramdas: "CredentialCache.DefaultCredentials not working"
• In reply to: Raterus: "Re: VB.NET LDAP Class"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 30 Jul 2004 12:09:53 -0500

Sorry for going off on your post too. Every time I see that article
mentioned, it makes me cringe though, so I tend to over react.

The code below is a much more solid approach. I'd recommend calling Dispose
on your DirectoryEntry objects in a finally block to ensure that you don't
leak memory, but this technique works.

I have a newer technique that uses the DirectorySearcher to do a search for
all of the SIDs at once which is a fair amount faster than binding to each
individual group, but that is just an optimization. It probably only
matters if the user is in many groups.

The downside of all of these approaches is that you should really use the
fully qualified group name (domain\name), but it isn't easy to figure out
the NETBIOS name of the domain given the SID (possible, just not easy). I'm
thinking of trying to use the DsCrackNames API via p/invoke to accomplish
this in my next attempt.

Joe K.

"Raterus" <raterus@spam.org> wrote in message
news:OoIdfKldEHA.3308@TK2MSFTNGP11.phx.gbl...
This isn't the first time Joe has mentioned the faults in this code either,
when I was trying to do what you are doing, I kept finding posts by him
suggesting better ways, so I listened. Here is how I've been getting my
groups after looking through all of his suggestions. It basically revolves
around the use of tokenGroups.

I modified this too, for my purposes I needed a delimited string of
groupnames. You also have to create the DirectoryEntry based on the user
you are interested in, in the class I created I had already done that, so
that is why you don't see "dn" declared, just used.

    Private Function GetGroups() As String
        Dim octetSid As String
        Dim binarySid() As Byte
        Dim binarySids As PropertyValueCollection
        Dim iterator As Integer
        Dim groups As StringBuilder = New StringBuilder

        Dim gEntry As DirectoryEntry = New DirectoryEntry("LDAP://" & dn)
        gEntry.RefreshCache(New String() {"tokenGroups"})

        binarySids = gEntry.Properties("tokenGroups")
        For iterator = 0 To binarySids.Count - 1
            binarySid = CType(binarySids(iterator), Byte())
            octetSid = ConvertToOctetString(binarySid)

            Dim groupPath As String = String.Format("<SID={0}>", octetSid)
            Dim groupEntry As New DirectoryEntry("LDAP://" & groupPath)

            If iterator > 0 Then
                groups.Append("|")
            End If

groups.Append(groupEntry.Properties("sAMAccountName").Value.ToString())

        Next

        Return groups.ToString

    End Function

    Private Function ConvertToOctetString(ByVal value As Byte()) As String
        Dim iterator As Integer
        Dim builder As System.Text.StringBuilder

        builder = New System.Text.StringBuilder((value.GetUpperBound(0) + 1)
* 2)
        For iterator = 0 To value.GetUpperBound(0)
            builder.Append(value(iterator).ToString("x2"))
        Next

        Return builder.ToString()
    End Function

--Michael

"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:OhFA1nkdEHA.712@TK2MSFTNGP09.phx.gbl...
> I wasn't criticizing your code Jon, I was criticizing the code in the
> article that Raterus pointed to when he suggested that you should have
just
> used it as an example instead. That is a KBase article and needs to be
held
> to a higher standard. It is a big pet peeve of mine.
>
> Your code is basically fine by me! Sorry for the confusion :)
>
> Joe K.

• Previous message: Ramdas: "CredentialCache.DefaultCredentials not working"
• In reply to: Raterus: "Re: VB.NET LDAP Class"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]