Re: LDAP - Error Obtaining Group Names
- From: Kevin Humphreys <KevinHumphreys@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 9 Jan 2007 08:52:00 -0800
Hi Joe,
Many thanks for your feedback on this.
I would really appreciate it if you can provide me some suggestions on
better ways to do this. I cannot see the newsgroup posts.
Do you have any information on the AD membership provider in .NET 2.0?
Best Regards,
Kevin Humphreys.
"Joe Kaplan" wrote:
My guess is that the current security context (however you have that defined.
in your app) cannot connect to AD itself, so when you try to build a
DirectoryEntry to use as your SearchRoot for the DirectorySearcher, the bind
fails. You could get around this by supplying the same credentials you used
for the DirectoryEntry for the authenticate function in the GetGroups
function. An even simpler idea would be to combine both of them together
and just add memberOf to PropertiesToLoad for the initial DirectorySearcher.
That said, I hate this KB article and have commented many times on its lack
of quality. The technique they show for authentication does not scale and
does not work with multiple domains and does more than just verify the
credentials, which is all an authentication function should do. Their group
extraction code is naive and misses nested groups while including
non-security (distribution) groups. I've suggested numerous better ways to
do this stuff in previous newsgroup posts and have written about a bunch of
these topics in my book as well.
I also recommend using the AD membership provider in .NET 2.0, if necessary
adding in an LDAP-based role provider.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Kevin Humphreys" <KevinHumphreys@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:3B7A7EF4-B488-4558-A9D8-3AC934995BE7@xxxxxxxxxxxxxxxx
Hi There,
I am having trouble obtaining the group information for authenticated AD
user.
I followed the procedure from the article below.
http://support.microsoft.com/default.aspx?scid=kb%3bEN-US%3b326340
The AD Authentication works beause all works when I comment out
Dim groups as string = adAuth.GetGroups() in the Login_Click section.
However if I try to execut the line above I get the following error
"Error authenticating. Error obtaining group names. An operations error
occurred"
Any help is appreciated here to try and resolve this.
Thanks In Advance,
Kevin Humphreys.
- Follow-Ups:
- Re: LDAP - Error Obtaining Group Names
- From: Joe Kaplan
- Re: LDAP - Error Obtaining Group Names
- References:
- Re: LDAP - Error Obtaining Group Names
- From: Joe Kaplan
- Re: LDAP - Error Obtaining Group Names
- Prev by Date: Re: LDAP - Error Obtaining Group Names
- Next by Date: Re: LDAP - Error Obtaining Group Names
- Previous by thread: Re: LDAP - Error Obtaining Group Names
- Next by thread: Re: LDAP - Error Obtaining Group Names
- Index(es):
Relevant Pages
|
