[ADVANCED-DOTNET] Active Directory and Permissions

Mon, 22 Nov 2004 06:34:06 -0800 

All--

I think I'm misunderstanding how permissions work in Active Directory.

In AD, my User schema has a property that is multi-value and read-write
by the person it represents. But, when I try to write to it, I'm getting
a permission error. I think I'm either saving too broadly or retrieving
the DirectoryEntry incorrectly in the first place.

Here's how I retrieve the DE:

private static DirectoryEntry GetMyActiveDirectoryNode()
{
        // Bind to the root of Active Directory to start searching from
there.
        StringBuilder adPath = new StringBuilder("LDAP://";);
        adPath.Append(new 
        
DirectoryEntry("LDAP://rootDSE";).Properties["defaultNamingContext"].Valu
e.ToString());
        DirectoryEntry directoryRoot = new
DirectoryEntry(adPath.ToString(), null, null, 
                AuthenticationTypes.Secure | AuthenticationTypes.Sealing
| AuthenticationTypes.Signing);
        directoryRoot.RefreshCache();

        // Create a directory searcher to find the Person object that
represents the currently logged-in
        // user.
        string criteria =
"(&(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=group1,DC=loc
al)";
        criteria += "(sAMAccountName=" + CurrentUserLogin() + "))";
        DirectorySearcher adSearcher = new
DirectorySearcher(directoryRoot, criteria);
        adSearcher.PropertiesToLoad.Add("ExtendedTraderInformation");
        SearchResult result = adSearcher.FindOne();

        // If the system couldn't find this person, something is
seriously FUBAR. Run for the hills.
        if(result == null)
        {
                throw new Exception("Unable to find the current user in
Active Directory.");
        }

        // Return the directory entry that was found.
        return new DirectoryEntry(result.Path, null, null,
AuthenticationTypes.Signing | 
                AuthenticationTypes.Sealing |
AuthenticationTypes.Secure);
}

And here's how I try to update and save the property:

if(!_DebugMode)
{
        myADObject = GetMyActiveDirectoryNode();
        StreamReader sr = new StreamReader(theStream);
        theStream.Seek(0, SeekOrigin.Begin);
        string theSettings = sr.ReadToEnd();
        System.Diagnostics.Trace.WriteLine(theSettings);
        myADObject.Properties["ExtendedTraderInformation"].Value =
(object)theSettings;
        myADObject.CommitChanges();
}

Any help that could be provided would be deeply appreciated.

TIA

--Jekke

===================================
This list is hosted by DevelopMentor�  http://www.develop.com
Some .NET courses you may be interested in:

Essential .NET: building applications and components with C#
November 29 - December 3, in Los Angeles
http://www.develop.com/courses/edotnet

View archives and manage your subscription(s) at http://discuss.develop.com

Reply via email to