Thanks for this Tony, I'll give it a whirl and see what works etc. on my setup
Cheers Mark On Tue, 2006-07-18 at 12:24 -0500, Tony Caduto wrote: > Mark wrote: > > Hi, > > > > does anyone have any sample code I can look over regarding LDAPSend in > > order to give me a little headstart on it's usage specifically related > > to Active Directory on a 2k3 setup ? > > > > Any help would be appreciated :-) > > > > Cheers > > > > Mark > > > > > > ------------------------------------------------------------------------- > > Take Surveys. Earn Cash. Influence the Future of IT > > Join SourceForge.net's Techsay panel and you'll get the chance to share your > > opinions on IT & business topics through brief surveys -- and earn cash > > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > > _______________________________________________ > > synalist-public mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/synalist-public > > > > > Hi Mark, > I am working on a IM server that uses LDapsend for the authentication > and pulls in groups. > > here is the code for the authentication: > > if (userid <> '') and (userpassword <> '') then > begin > //authenticate with the LDAP server > ldap.TargetHost := fldap_hostname; > ldap.UserName := userid+'@your.ADdomain.com'; > ldap.Password := userpassword; > if ldap.Login then > if ldap.Bind then > begin //authentication successfull > end; > end; > > If you don't use [EMAIL PROTECTED] it uses the users common name for > authentication. > > To get groups I do this: > > attributelist.add('displayName'); > attributelist.add('sAMAccountName'); > group_searchstr := '&(objectCategory=user)(memberOf=' + > db_query.FieldByName('sharedgroup_dn').asstring + ')'; > groupname:=db_query.FieldByName('sharedgroup_name').AsString; > ldap.Search(fldap_basedn, False, group_searchstr, attributelist); > > I do a member of query because if you jut grab the groups, the member > attribute does not include the sAMAccountName (the nt username) > The sAMAccountName is the only guaranteed unique name for the entire AD > domain. > > the memberOf= should look like this: > > memberOf=CN=Your Group > name,OU=ou1,OU=IMC,OU=ou2,OU=ou3,DC=yourDC=domain,DC=com > > i.e. it must be the fully distinguished name group name. > > There is also a decent example here: > http://synapse.ararat.cz/wiki/index.php?page=LdapSample > > I also recomend using the free ldap browser from here: > > http://www.ldapbrowser.com/download/index.php > > Hope this helps. > > Also you need to check if you AD server supports digest-md5 SASL, mine > does not so I can't use bindsasl. > If you don't use bindsasl then your username and password for > authentication go across the wire in plain text. > You could also use SSL, but the AD server must be setup to use SSL > ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ synalist-public mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/synalist-public
