RE: [Synalist] LDAP

[Peter Welch]

Brad,   I worked on this problem for quite a while. Below is my solution that I posted here a while back.   A few other things:   1) Beware the anonymous login. Submitting any username without a password will authenticate if anonymous login is not blocked on the AD server. You must test for blank password in your code and throw it back as invalid.   2) It may not be necessary to have the OpenSSL files in System32, but in the directory of your application exe.   3) If you get a runtime error at some point, then install OpenSSL 9.8a via the following link:   http://www.slproweb.com/products/Win32OpenSSL.html   I had trouble with anti-spyware software overwriting something in the registry.   ========================= STEP 1)   Get the latest version of Synapse   Need Lukas' units in uses clause (see below). Of course, need to add the units to the project first. ...   Implementation   uses ..... blcksock, ldapsend, ssl_openssl; ... procedure TfrmMain.btnLDAPClick(Sender: TObject); var  ldap: TLDAPSend;  FDomain, FUserName, FPassword, FPort : string;  FVersion : integer;   begin     FDomain := '192.168.1.1';   FUserName := '[EMAIL PROTECTED]'; //just concantenate the windows userid with your domain   FPassword := '123abc'; //user's password   FPort  :=  '636';   FVersion := 3;     ldap :=  TLDAPSend.Create;   ldap.TargetHost := FDomain;   ldap.TargetPort := FPort;   ldap.UserName := FUserName;   ldap.Password := FPassword;   ldap.Version := FVersion;   ldap.FullSSL := True;     try     //The following code borrowed from Lou Feliz     Memo1.Lines.Clear;     if ldap.Login then     begin         Memo1.lines.add('**** Logged In *******');     end     else        Memo1.lines.add('$$$$ Not Logged In');       if ldap.Bind then        Memo1.lines.add('**** Bind successfull *******')     else        Memo1.lines.add('$$$$ Bind Not Successful');       memo1.lines.Add('ldap result: '+ldap.ResultString);     ldap.Logout;   finally     ldap.Free;   end; end;   STEP 2)   Download the OpenSSL binary from Sourceforge.net    filename:  openssl-0.9.7c-bin.exe   http://sourceforge.net/project/showfiles.php?group_id=23617&package_id=25952&release_id=188569   STEP 3)   Install OpenSSL. Then, go to the directory where it's installed and move the two DLLs   libssl32.dll libeay32.dll   over to Windows\System32.   STEP 4)   Logon to the Active Directory with any valid Domain credentials.   Bob's your uncle.   ----------------------------   Pete Welch >>> Brad Back <[EMAIL PROTECTED]> 5/3/2006 10:38 AM >>> I can't successfully login or bind without using the DN. I'm sure it's my lack of LDAP knowledge, so I'm not sure what I'm doing wrong.  Just seems like when someone logs on to my application using their username, I want to use that username and password (along with some ldap configuration information I'm storing in a config file on my app server) to bind and login (basically get authenticated).  The only way I can get it to work is if the cn attribute is the login since it's part of the DN.  Am I approaching this all wrong?  Do I need to actually bind and login using a Valid DN (stored in the config file) and then search the directory for that sAMAccountName and password to authenticate the user?   -----Original Message----- From: Alexander Bauer [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 03, 2006 8:55 AM To: synalist [EMAIL PROTECTED] Subject: Re: [Synalist] LDAP You can use the *User Principal Name (UPN) *as username: [EMAIL PROTECTED] If you have special characters in username, then you have to encode the UPN as UTF-8 I hope this helps Alex > I can't figure out how to login/bind to Active directory using the > sAMAccountName attribute (the user's login attribute). > > What do I use to set TLDAPSend.UserName (I can't use the DN since I > don't know the CN attribute)?  Or am I missing something.  Do I need > to bind/login using something else (that's preconfigured) and then > search for the sAMAccountName attribute and password for the > individual user?  I was always thinking the cn attribute was the login > attribute, but this obviously isn't the case. > > -----Original Message----- > From: Lukas Gebauer [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 14, 2005 10:17 AM > To: synalist-public@lists.sourceforge.net > Subject: RE: [Synalist] LDAP > >   >> Are there any examples of simply authenticating to an ldap directory.  >> In IP*works, it's a matter of setting the principal, password, and DN >> and then calling the Bind() method.  If the user is authenticated the >> proper status code is returned.  With synapse, I'm not quite sure how >> to set the DN using the TLDAPSend class. >>     > > Just use DN as TLdapsend.Username  and your password as > TLdapsend.password before you call Bind or Bindsasl. > > >   CONFIDENTIALITY NOTICE: The information in this E-Mail may be confidential and may be legally privileged. It is intended solely for the addressee(s). If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on this e-mail, is prohibited and may be unlawful. If you have received this E-Mail message in error, notify the sender by reply E-Mail and delete the message.