Mark wrote:
> Hi,
>
> does anyone have any sample code I can look over regarding LDAPSend in
> order to give me a little headstart on it's usage specifically related
> to Active Directory on a 2k3 setup ?
>
> Any help would be appreciated :-)
>
> Cheers
>
> Mark
>
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys -- and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> synalist-public mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/synalist-public
>
>
Hi Mark,
I am working on a IM server that uses LDapsend for the authentication
and pulls in groups.
here is the code for the authentication:
if (userid <> '') and (userpassword <> '') then
begin
//authenticate with the LDAP server
ldap.TargetHost := fldap_hostname;
ldap.UserName := userid+'@your.ADdomain.com';
ldap.Password := userpassword;
if ldap.Login then
if ldap.Bind then
begin //authentication successfull
end;
end;
If you don't use [EMAIL PROTECTED] it uses the users common name for
authentication.
To get groups I do this:
attributelist.add('displayName');
attributelist.add('sAMAccountName');
group_searchstr := '&(objectCategory=user)(memberOf=' +
db_query.FieldByName('sharedgroup_dn').asstring + ')';
groupname:=db_query.FieldByName('sharedgroup_name').AsString;
ldap.Search(fldap_basedn, False, group_searchstr, attributelist);
I do a member of query because if you jut grab the groups, the member
attribute does not include the sAMAccountName (the nt username)
The sAMAccountName is the only guaranteed unique name for the entire AD
domain.
the memberOf= should look like this:
memberOf=CN=Your Group
name,OU=ou1,OU=IMC,OU=ou2,OU=ou3,DC=yourDC=domain,DC=com
i.e. it must be the fully distinguished name group name.
There is also a decent example here:
http://synapse.ararat.cz/wiki/index.php?page=LdapSample
I also recomend using the free ldap browser from here:
http://www.ldapbrowser.com/download/index.php
Hope this helps.
Also you need to check if you AD server supports digest-md5 SASL, mine
does not so I can't use bindsasl.
If you don't use bindsasl then your username and password for
authentication go across the wire in plain text.
You could also use SSL, but the AD server must be setup to use SSL
--
Tony Caduto
AM Software Design
http://www.amsoftwaredesign.com
Home of PG Lightning Admin for Postgresql
Your best bet for Postgresql Administration
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
synalist-public mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/synalist-public
