|
I am surprised that anyone would turn off SSL on the AD wasn't aware it could be done. The following is my recipe for binding in SSL and which I've posted here before (maybe this should go in Lukas' wiki):
STEP 1)
Get the latest version of Synapse : http://synapse.ararat.cz and put in your code as follows: .... Implementation uses ..... blcksock, ldapsend, ssl_openssl; .... procedure TfrmMain.btnLDAPClick(Sender: TObject); var ldap: TLDAPSend; FDomain, FUserName, FPassword, FPort : string; FVersion : integer; begin FDomain := '192.168.1.1' or 'mydomain.org'; FUserName := '[EMAIL PROTECTED]'; //just concantenate the windows userid with your domain -- be very sure you know the actual domain name. It isn't as obvious as you may think. Contact your SysAdmin to find out. FPassword := '123abc'; //user's password FPort := '636'; FVersion := 3; ldap := TLDAPSend.Create; ldap.TargetHost := FDomain; ldap.TargetPort := FPort; ldap.UserName := FUserName; ldap.Password := FPassword; ldap.Version := FVersion; ldap.FullSSL := True; try //The following code borrowed from Lou Feliz Memo1.Lines.Clear; if ldap.Login then begin Memo1.lines.add('**** Logged In *******'); end else Memo1.lines.add('$$$$ Not Logged In'); if ldap.Bind then Memo1.lines.add('**** Bind successfull *******') else Memo1.lines.add('$$$$ Bind Not Successful'); memo1.lines.Add('ldap result: '+ldap.ResultString); ldap.Logout; finally ldap.Free; end; end; STEP 2) Download the OpenSSL binary from: http://www.slproweb.com/products/Win32OpenSSL.html STEP 3) Install OpenSSL. Then, go to the directory where it's installed and move the two DLLs libssl32.dll libeay32.dll over to Windows\System32 or your application directory. STEP 4) Logon to the Active Directory with any valid Domain credentials. ( Beware the anonymous login. Submitting any username without a password will authenticate if anonymous login is not blocked on the AD server. You must test for blank password in your code and throw it back as invalid. ) Pete Welch
>>> Mark <[EMAIL PROTECTED]> 7/18/2006 1:53 PM >>> Thanks for this Tony,
I'll give it a whirl and see what works etc. on my setup Cheers Mark On Tue, 2006-07-18 at 12:24 -0500, Tony Caduto wrote: > Mark wrote: > > Hi, > > > > does anyone have any sample code I can look over regarding LDAPSend in > > order to give me a little headstart on it's usage specifically related > > to Active Directory on a 2k3 setup ? > > > > Any help would be appreciated :-) > > > > Cheers > > > > Mark > > > > > > ------------------------------------------------------------------------- > > Take Surveys. Earn Cash. Influence the Future of IT > > Join SourceForge.net's Techsay panel and you'll get the chance to share your > > opinions on IT & business topics through brief surveys -- and earn cash > > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > > _______________________________________________ > > synalist-public mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/synalist-public > > > > > Hi Mark, > I am working on a IM server that uses LDapsend for the authentication > and pulls in groups. > > here is the code for the authentication: > > if (userid <> '') and (userpassword <> '') then > begin > //authenticate with the LDAP server > ldap.TargetHost := fldap_hostname; > ldap.UserName := userid+'@your.ADdomain.com'; > ldap.Password := userpassword; > if ldap.Login then > if ldap.Bind then > begin //authentication successfull > end; > end; > > If you don't use [EMAIL PROTECTED] it uses the users common name for > authentication. > > To get groups I do this: > > attributelist.add('displayName'); > attributelist.add('sAMAccountName'); > group_searchstr := '&(objectCategory=user)(memberOf=' + > db_query.FieldByName('sharedgroup_dn').asstring + ')'; > groupname:=db_query.FieldByName('sharedgroup_name').AsString; > ldap.Search(fldap_basedn, False, group_searchstr, attributelist); > > I do a member of query because if you jut grab the groups, the member > attribute does not include the sAMAccountName (the nt username) > The sAMAccountName is the only guaranteed unique name for the entire AD > domain. > > the memberOf= should look like this: > > memberOf=CN=Your Group > name,OU=ou1,OU=IMC,OU=ou2,OU=ou3,DC=yourDC=domain,DC=com > > i.e. it must be the fully distinguished name group name. > > There is also a decent example here: > http://synapse.ararat.cz/wiki/index..php?page=LdapSample > > I also recomend using the free ldap browser from here: > > http://www.ldapbrowser.com/download/index.php > > Hope this helps. > > Also you need to check if you AD server supports digest-md5 SASL, mine > does not so I can't use bindsasl. > If you don't use bindsasl then your username and password for > authentication go across the wire in plain text. > You could also use SSL, but the AD server must be setup to use SSL > ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default..php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ synalist-public mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/synalist-public
|
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ synalist-public mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/synalist-public
