Need help with changing AD login for web app

[MrNorth]

Hi!

I got a new assignment today that has the following problem:

The company I work for has a product that has been used mostly for internal use within our company (big company). Now we have sold it to one of our customers, but the got a problem wiht the login functionality since our Active Directory and the customers Active Directory doesn't look the same. The LDAP call that has worked before, doens't work anymore. For example, the SAMAccountsName attribute that we use, doesn't seem to exist in their environment. Note that this is an older module of the code, and it doesn't make use of the automatic Windows authentication that can be used by .NET apps for intranet applications. It use the DirectoryServices namespce for manually doing all this stuff.

So, how should I proceed? I know a lot about asp.net but have Zero knowledge about AD and LDAP. But as I understand it, basically the application create an LDAP query against an AD server, and get a response back wheter or not the user and password was OK. SHould I then ask for the specifications for this companys AD, so I can modify the LDAP query accordingly? I got one reply from their server techs stating:

"The query you are using is generating a size limit which is causing the query to fail. The filter you are using against the ECD will not generate any hits because the samaccountsname doesn't exist as an attribute."

I appreciate all help and info from you people that have experience working with AD.

kind regards
Henrik

[stanav]

The ldap path should not be hard coded but rather being stored in the web.config file.
The SAMAccountsName attribute is standard since windows 2000 server. If it isn't available in your customer's AD then they are not using a windows server... Can't help.

[MrNorth]

The ldap path should not be hard coded but rather being stored in the web.config file.
The SAMAccountsName attribute is standard since windows 2000 server. If it isn't available in your customer's AD then they are not using a windows server... Can't help.

Thanks for the heads up! I will investigate this further and will get back to ya! I was also very confused by this...

/Henrik

[MrNorth]

Hi!

This customer is really funny, now all of a sudden they are saying that they don't run their domain controller on a windows machine, but rather on a linux LDAP server. Yuck! But they have promised to supply me with the correct attributes. So hopefully the problem can be solved rather quickly...

kind regards
Henrik

[MrNorth]

Hi!

I think I have found the problem, just need to ckeck one thing first.

IN the original code that works with Active Directory, they use the following code on th resultset fopr the ldap query:

Code:

SearchResult result = (SearchResult)ne.next();
				Attributes attributes = result.getAttributes();				
				Attribute distinguishedNameAttribute = attributes.get("distinguishedName");
				String distinguishedName = (String)distinguishedNameAttribute.get();

My idea is that this new unix-directory doesn't return an attribute called "distinguishedName". Can you guys that worked a lot with active directory confirm that there is indeed a standard attribute called "distinguishedname"?

We have replaced the samaccountsname to just uid and that part seems to work fine.

kind regards
Henrik

[stanav]

Have you tried "dn" instead of "distinguishedName"?