Re: LDAP and SASL

---

• From: "Joe Kaplan \(MVP - ADSI\)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Wed, 28 Dec 2005 22:19:25 -0600

---

Did you try specifying the AuthenticationTypes.SecureSocketsLayer flag?
ADSI and the LDAP API will happily try to supply a client cert during the
LDAP SSL handshake if one is available and configured correctly.

Joe K.
"Amar" <Amar@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:28B6C75F-DC4B-45EC-89AD-027895D2E7F5@xxxxxxxxxxxxxxxx
>I am a newbie with enterprise directories. I am trying to write an ASP.NET
> application to fetch some data from my university LDAP enterprise
> directory.
> There are 2 types of access allowed to the LDAP server. One is a anonymous
> access and another is the access that exists mainly to give privileged
> accounts access to person information that can otherwise not be publicly
> viewed. These privileged accounts, called Y Services, are primarily used
> to
> look up person data and authorize people on this data.
>
> Now, i was able to use the anonymous access priviliges and view the data
> from LDAP server. What i want to do is to use the Y services and view the
> person information that cannot be accessed via the anonymous access. For
> example i want to view the date of birth for the person which is available
> in
> the Y Services access.
>
> The university instructions say the following:
>
> What you see in Y Services is dependent on how you bind (anonymous,
> simple,
> SASL EXTERNAL) and the amount of privileges the bound user has. Connecting
> to
> Y Services requires the use of TLS client certificate authentication,
> meaning
> you must have a signed certificate from the uiniversity in order to
> connect.
> Users bound anonymously can only search on ID and can only see the DN
> (distinguished name) of any user. Users that have performed a SASL
> EXTERNAL
> bind can only see those attributes they have been approved to see (for all
> users), and only if the corresponding service is ACTIVE.
>
> Now, i know that the TLS client certificate has been installed on my
> server
> by my Sys admin. Please tell me the steps to do the bind and fetch the
> date
> of birth for all people in department X.
>
> Here is the anonymous bind code.
>
> Dim deLdapConn As DirectoryEntry = New
> DirectoryEntry("LDAP://directory.a.edu/dc=a,dc=edu";)
>
> Dim searcherLdap As New DirectorySearcher(deLdapConn)
>
> Dim Results As SearchResultCollection
>
> Dim propcoll As ResultPropertyCollection
>
> Dim Result As SearchResult
>
> Dim strKey As String
>
> Dim obProp As Object
>
> iNumProperties = 0
>
>
>
> Try
>
> searcherLdap.Filter = "(department=X)"
>
> searcherLdap.PropertiesToLoad.Add("sn")
>
> searcherLdap.PropertiesToLoad.Add("givenname")
>
> searcherLdap.PropertiesToLoad.Add("telephonenumber")
>
> searcherLdap.PropertiesToLoad.Add("uupid")
>
> Results = searcherLdap.FindAll
>
> iNumProperties = Results.Count()
>
> ReDim arrFName(iNumProperties - 1)
>
> ReDim arrLName(iNumProperties - 1)
>
> ReDim arrPhone(iNumProperties - 1)
>
> ReDim arrEmail(iNumProperties - 1)
>
> ReDim arrDob(iNumProperties - 1)
>
> iNumProperties = 0 ' Sets the start index for arrays
>
> For Each Result In Results ' Starts the loop where result stores 1 record
> and resultS stores all records
>
> propcoll = Result.Properties ' Gets the all the properties (fieldnames)
> for
> that record
>
> For Each strKey In propcoll.PropertyNames ' Loop through each field name
> for
> the selected record
>
> iOnce = 0
>
> For Each obProp In propcoll(strKey)
>
> If strKey = "givenname" Then
>
> arrFName(iNumProperties) = obProp
>
> End If
>
> If strKey = "sn" Then
>
> arrLName(iNumProperties) = obProp
>
>
> End If
>
> If strKey = "telephonenumber" Then
>
>
> arrPhone(iNumProperties) = obProp
>
> End If
>
> If strKey = "uupid" Then
>
> arrEmail(iNumProperties) = obProp
>
> End If
>
> Next
>
> Next
>
> iNumProperties = iNumProperties + 1
>
> Next
>
> searcherLdap.Dispose()
>
> searcherLdap = Nothing
>
> deLdapConn.Close()
>
> deLdapConn = Nothing
>
> Catch Ex As Exception
>
> Response.Write(Ex.ToString)
>
> End Try
>
>
>
> Please help me!! THANKS IN ADVANCE!!
>
>


.

---

• Follow-Ups:
  • Re: LDAP and SASL
    • From: Amar

• References:
  • LDAP and SASL
    • From: Amar

• Prev by Date: RE: .Net 2.0 Membership
• Next by Date: Re: .Net 2.0 Membership
• Previous by thread: LDAP and SASL
• Next by thread: Re: LDAP and SASL
• Index(es):
  • Date
  • Thread

---

Relevant Pages LDAP and SASL ... Dim searcherLdap As New DirectorySearcher ... Dim strKey As String ... Dim obProp As Object ... ReDim arrFName ... (microsoft.public.dotnet.framework.aspnet.security) RE: ADODB to ADO.NET conversion ... LDAP, ActiveDirectory service. ... if you want to query ... Dim entry As New ... Microsoft MSDN Online Support Lead ... (microsoft.public.dotnet.framework.aspnet) Re: NEWBIE: Pulling basic AD data ... LDAP CODE: ... Dim strSearchBase ... Set objConnection = Server.CreateObject ... objConnection.Open "Active Directory Provider" ... (microsoft.public.win2000.active_directory) Re: ISAM-Treiber für OL > ACC funktioniert das noch? ... mitgelieferten ISAM Treiber gab. ... Der Code für die OL ... LDAP gibt's nur, wenn Du ein Active Directory und Exchange Server ... Dim appOL As New Outlook.Application ... (microsoft.public.de.access) ASp.net and ldap problem..please help!! ... I am trying to connect to my college LDAP directory using ASP.NET. ... does not have security as it returns only user demographic information. ... Dim oSearcher As DirectorySearcher = New DirectorySearcher ... Dim oResult As SearchResult ... (microsoft.public.dotnet.general)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.framework.aspnet.security  > 2005-12