Hello Dmitri, thanks for your reply. The server I connect to is pre-LH (Windows 2003 I think), which doesn't support WhoAmI. You suggested that I read tokenGroups, but I have no "user object" to read it from. All I have generic connection to a LDAP server (I need to use the OpenLDAP library for compatibility). Can I get the user object by some other means?
Thanks a lot, Alexandr Dne pondělí 22 leden 2007 16:07 Dmitri Gavrilov napsal(a): > ADAM (starting from ADAM 1.0) and AD (starting from Longhorn) support > WhoAmI extended operation per RFC. In addition, they support > rootDSE/tokenGroups attribute, which is exactly what you need to check > "self group membership". > > If you have pre-LH AD, then what you can do is read tokenGroups off the > user object (which you can find using %USERDOMAIN% and %USERNAME% vars > if you have an interactive session, or by looking up user SID from the > token). Note tokenGroups value can vary slightly depending on which DC > you connect to. If you want deterministic results, read > tokenGroupsGlobalAndUniversal (which excludes domain local groups). > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Alexandr Kara > Sent: Monday, January 22, 2007 6:46 AM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] "Who Am I" request > > Hello everybody, > I am trying to get the CN of a user currently connected to Active > Directory > (using a 3rd party library). > > I tried the "Who am I?" extended operation from RFC 4532, but I got an > error > 120 or 0x78 (I don't know if it is useful). > Do you know of another method to get the CN? I need it to find out if > the user > is part of a group. > > Thanks a lot, > Alexandr > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ma/default.aspx > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
