Novell.directory.ldap C# GroupMembership

Similar Messages

• Retrieve Attribute Description with Novell.Directory.Ldap C#

  I'm trying to retrieve all available attributes in the schema using
  Novell.Directory.Ldap.dll
  I use:
  LdapSchema schema = _ldapConnection.FetchSchema(schemaDN);
  Then I get Enumerator:
  IEnumerator attributeSchemas = schema.LDAPSchema.AttributeSchemas
  All attributes in the enumerator contain Name only. No Description.
  I can retrieve Description using some other technology, but I would like
  to use just this one.
  Is there a way to retrieve an attribute description fro LDAP/Active
  Directory using Novell.Directory.Ldap.dll?
  Thank you.
  bbobskt
  bbobskt's Profile: https://forums.netiq.com/member.php?userid=2833
  View this thread: https://forums.netiq.com/showthread.php?t=45015

  -----BEGIN PGP SIGNED MESSAGE-----
  Hash: SHA1
  That seems a little odd to me. Schema entries are not, as far as I have
  ever seen, retrievable by ONLY their names. If you ask for cn=schema
  and you ask for attributeTypes or objectClasses you get everything about
  them because each schema definition is one "value" on the cn=schema
  "object" not to be grabbed in pieces. I would bet that your application
  has all of the information from the LDAP source and it's now just a
  matter of figuring out how to see the details. You could (dis)prove
  this via a LAN trace when requesting schema, most-easily over TCP port 389.
  Good luck.
  -----BEGIN PGP SIGNATURE-----
  Version: GnuPG v2.0.19 (GNU/Linux)
  Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
  iQIcBAEBAgAGBQJQhw8nAAoJEF+XTK08PnB5YMsQALAqzboRh/JTdF17Fr9Z7+9L
  Gu/SRHbskj5Oh6cNc2fcwj3P3yzphTOxLWAyS51075u4VpTJEsFr9 Kak8PLD9JID
  hOqQ1lfQ7Z4P4U5ceE9cNx1xks2419KpStP6CPfZqRuUJGesV1 8KLveuWDiT9pw1
  TRZwHivdR2c7tIS5lLuaBc7mB7qJNUGw7/OmWoTIh27zWOhMEWxBj8LRX4n6DhU8
  udVcbSnJkNzpzifVMMl7mVCZp0NCDd8B6i0gadGxUVh/U2hodxXhQuq/9w0fdR5L
  47ozjYrYu6gztjh0L+kO+IGmbpbJh1gFCqGpX4VwzQ2qS7N1Wx JgK2swDgHkmy5U
  BktuJZL5UI8wyc4iysdOA9nHfwnR2s6Jo5Dt7V/241MSTViKZbLuCnHRGCZ/08/Y
  dLIV1nrISpLdWsVZRwyCZIeHbESk0hLbxifbMoRU4+/zKXjdEd6aa96lF9zHsKZT
  kyRx+80zpiZOu8sAEWNAarxoka5VGWApPvU+7fya960O1BWgwa azsSmLXZZh0C00
  Yr21M0hpaRmB89mniSw+6evqEpzmNEakXs6D2Pg9B46vZhn5UU +gdmAMd6hWd5eE
  jvc+Vd7dc+oOffvL0CHrM4xw2jDTDZGd+RZxbYigqwa9lKqY07 Ufpy3DcDxQP0mO
  VgHjyXGguV2dzZYiBODc
  =dQqx
  -----END PGP SIGNATURE-----

• Novell.Directory.LDAP ListGroups sample not returning member

  Hi, I've downloaded and made the list groups sample from the CSharpLDAP
  into a console app as is. When I run this against my test eDirectory on
  a group that I know definitely has members I get no members returned. It
  seems to bring back just the objectClass as the only attribute and not
  members, but you can get the members from objectClass. Is it something I
  have done on eDirectory, I have an OES server running eDirectory and I'm
  connecting to it from a windows XP machine. I know the connection is
  fine because it's bringing back the objectClass but not the members.
  I've attached the code in a txt file. Anyone have any idea why the
  members are not being returned.
  Thanks
  Eamonn
  +----------------------------------------------------------------------+
  |Filename: ListGroups.txt |
  |Download: http://forums.novell.com/attachment....achmentid=4343 |
  +----------------------------------------------------------------------+
  eamonnjennings75
  eamonnjennings75's Profile: http://forums.novell.com/member.php?userid=80400
  View this thread: http://forums.novell.com/showthread.php?t=409211

  Maybe I am not following.
  In Softerra, when you authenticate as an Admin and look at the group, do
  you see the group member DNs?
  -jim
  On 5/6/2010 7:36 AM, eamonnjennings75 wrote:
  >
  > Thanks for the info Jim, I use Softerra LDAP browser and I can't see the
  > users from there either so it could be permissions based I think.
  >
  > Thanks
  > Eamonn
  >
  > Jim Willeke;1970076 Wrote:
  >> Sounds like a permissions issue.
  >>
  >> Try using a "known" LDAP browser and see what you can with the user.
  >>
  >> I use: 'Apache Directory Studio - The Eclipse based LDAP browser and
  >> directory client' (http://directory.apache.org/studio/)
  >>
  >> -jim
  >>
  >> On 4/30/2010 6:06 AM, eamonnjennings75 wrote:
  >>>
  >>> Hi, I've downloaded and made the list groups sample from the
  >> CSharpLDAP
  >>> into a console app as is. When I run this against my test eDirectory
  >> on
  >>> a group that I know definitely has members I get no members returned.
  >> It
  >>> seems to bring back just the objectClass as the only attribute and
  >> not
  >>> members, but you can get the members from objectClass. Is it
  >> something I
  >>> have done on eDirectory, I have an OES server running eDirectory and
  >> I'm
  >>> connecting to it from a windows XP machine. I know the connection is
  >>> fine because it's bringing back the objectClass but not the members.
  >>> I've attached the code in a txt file. Anyone have any idea why the
  >>> members are not being returned.
  >>> Thanks
  >>>
  >>> Eamonn
  >>>
  >>>
  >>>
  >> +----------------------------------------------------------------------+
  >>> |Filename: ListGroups.txt
  >> |
  >>> |Download: http://forums.novell.com/attachment....achmentid=4343
  >> |
  >>>
  >> +----------------------------------------------------------------------+
  >>>
  >
  >

• Novell.Directory.Ldap C#

  Hi, is it possible to get LDIF formatted Entry using this library?
  Best regards
  Piotr

  I am not aware of ANY LDIF library for c#.
  If you find one, let us know.
  -jim
  On 2/12/2010 8:40 AM, Piotr Czabanski wrote:
  > Hi, is it possible to get LDIF formatted Entry using this library?
  >
  > Best regards
  > Piotr

• How to validate users with Novell Directory Server

  Hi all, with iAS 6.0 SP3, how i can validate users stored in Novell
  Directory Sever?
  Thanks

  Hi
  I believe iAS is designed to work with iDS which is bundled along
  with the SP3 download. Also the directory server which is working with
  iAS must be Nortel LDAP Schema compatible and I'm not sure if NDS(Novell
  Directory Server) is compatible. What I'm trying to understand is if you
  have already registered iAS with NDS and you are having trouble in
  accessing the users or if you are having trouble in the installation.
  Raj
  Josep Maria Camps Riba wrote:
  Hi all, with iAS 6.0 SP3, how i can validate users stored in Novell
  Directory Sever?
  Thanks

• Getting User Attributes from an Active Directory LDAP

  Hello all.
  I want to extract attributes assigned to a user in the Active Directory LDAP and make them available through the getPropertyValue property in Javascript. I know that a user's System Attributes can be accessed with getPropertyValue but I have not found a way to get specific attributes from the LDAP and make them available as specific attributes in xMII. System attributes like "EmailAddress1" seem to transfer from the LDAP but others don't. Anyone have any ideas?
  Thanks.
  ...Sparks

  Sparks,
  If you're using 11.5 or 12 actually they should all map into the system as session properties.  You can use the following URL to verify your session properties:
  http://<xMIIServer>/Lighthammer/PropertyAccessServlet?Mode=List
  If you are not seeing the attributes you expect then your Attribute Query for User or Role is incorrect for your LDAP system and you need to change the LDAP configuration queries.
  -Sam

• Integrating Active Directory LDAP in OBIEE 11g

  Hi All,
  I Have Configured Active Directory LDAP in OBIEE.
  Steps i have Followed are,
  1) configured Active Directory in providers under Scurity Releam.
  2) Restarted BI Services to Load the Ldap Users.
  3) login to the EM under bifoundation domain selected securitues->security configuration provider.created user.login.attr and username.attr.
  4) under Credentials->oracle.bi.system map->system.user->deleted BISystemUser and Created key with the Existing name in Active Directory.
  5) assigned System user to BISystem role in em.
  6) in Console Roles and Polocies->Global Roles->Roles->Admin->view Role Condition (User = Active Directory User or Group=Administrators).
  7) Restarted BI Server and Presentation Services.
  Now I am Unable to Login to Presentation Services.
  Please Reply ASAP.
  Thanks and Regards
  Kiran Kumar

  Kiran, Is there a specific reason for using RPD for LDAP authentication? From 11g onwards, the best practice is to use Weblogic (or external Authentication providers). Is it correct to say that for "Authentication' without proper RPD LDAP config for "USER" variable, users cannot login via presentation layer?
  Cheers!
  BK

• Active Directory LDAP integration; can not see the XMLP_ groups/roles

  We have configured XMLP 10.1.3.3 to use "LDAP" as the Security model. The LDAP server is Active Directory running under Windows Server 2003.
  It is working to a certain extent:
  Users can log on to the XML Publisher using login/password as defined in AD.
  -When logged in as administrator, groups (roles) are visible in Admin/Roles and Permissions and can have assigned folders and data sources.
  Problems/questions:
  The required roles ("XMLP_ADMIN, etc) can not be seen in Admin/Roles and Permissions. Is this as expected or is it an error?
  -When logging in as a user who is member of the group/role XMLP_ADMIN, I do not get any administrator privileges (I have not tested the other XMLP_* roles defined in AD yet). So all administration has to be done as the local superuser.
  Is there any way to monitor the login process to try and see what goes wrong?
  -Roald
  -Roald

  The problem has been solved, it was self inflicted, typo in the config file:
  <property name="LDAP_PROVIDER_USER_DN" value="Cn=Users;dc=company,dc=com"/>
  (semicolon instead of comma after Users).
  It is a little surprising that this typo lead to problems with group matching, though. It took some time before this part of the config got enough attention.
  -Roald

• SJSAS7 - Access to Active Directory LDAP

  Hi All
  Is it possible to connect SJSAS7 to Active Directory via LDAP. I know that this can be done with other app servers like WebSphere 4 & 5.
  I would like to use our existing Active Directory infrastructure for authentication of Admin and Application users.
  Does anyone have information how to configure this or can point me to some documents with this info.
  Any help would be much appreciated.
  TIA
  Tony Hawes

  Although I haven't tried it, I would guess that this is possible. We are using the LDAP realm with Sun's directory server and a few years ago I used the standard LDAP provider in the JDK to connect to Active Directory. The only problem I had was that I had to connect with a user that had the form "domain/user" instead of a common name. The online help in the admin console describes the properties you can use.
  HTH,
  Gunnar

• MS Active Directory LDAP Authentication/Locking Issue.

  Dear All,
  We are a software company; we have implemented feature of LDAP Authentication in our product using Java API and its working fine from our network environment.
  We have used following things with LDAP feature.
  1. User Authentication.
  2. Locking account after exceed the maximum attempts that has configured in window server.
  Main our issue is: The LDAP feature is not working properly from our client side. They are able to authenticate their LDAP user but do not able to lock user account however they have exceeded the maximum attempts from login dialog of our products but it still working in our side.
  If anybody has any experienced about it then please reply with positvie solution or any other information like require do the specific configuration for different version of Windows and Active Directory Server etc.
  Can any body know what are the possibilities for identifying and resolving this issue?
  Please help us if anybody has any experienced about it.
  Please do the needful.
  Thanks,
  Mehul.

  Hi,
  Thanks for your reply.
  We have used java package of javax.naming.* and javax.naming.directory.* for LDAP Authentication.
  Following code for checking whether ADS User is valid or not.
  * Function checks whether ADSUser is valid user or not
  * @returns int value indicating result.
  public int isValidADSUser() {
  Hashtable env = new Hashtable(5);
  Vector adsInfoVec = getADSInfo();
  env.put("java.naming.referral", "ignore");
  // env.put("java.naming.security.authentication", "simple");
  env.put(Context.SECURITY_AUTHENTICATION,"simple");
  String provider = "com.sun.jndi.ldap.LdapCtxFactory";
  env.put("java.naming.factory.initial", provider);
  //For handling Uncontinued reference found message of partial result exception
  env.put(Context.REFERRAL, "follow");
  env.put("java.naming.ldap.derefAliases", "always");
  env.put("java.naming.ldap.deleteRDN", "false");
  env.put("java.naming.ldap.attributes.binary", "");
  env.put(Context.PROVIDER_URL,
  "ldap://" + (String) adsInfoVec.elementAt(0) + ":" +
  (String) adsInfoVec.elementAt(1));
  // env.put("java.naming.security.principal",
  // userNameStr + "@" + (String) adsInfoVec.elementAt(0));
  env.put(Context.SECURITY_PRINCIPAL,
  userNameStr + "@" + (String) adsInfoVec.elementAt(0));
  if (userPassStr == null) {
  userPassStr = "";
  // env.put("java.naming.security.credentials", userPassStr);
  env.put(Context.SECURITY_CREDENTIALS, userPasswordStr);
  try {
  DirContext ctx = new InitialDirContext(env);
  ctx.lookup("");
  //System.out.println(ctx.lookup(""));
  ctx.close();
  catch (javax.naming.AuthenticationException ex) {
  //System.out.println();
  ex.printStackTrace();
  return AUTHENTICATION_ERROR;
  catch (javax.naming.PartialResultException pex) {
  pex.printStackTrace();
  return COMMUNICATION_ERROR;
  catch (javax.naming.CommunicationException pex) {
  pex.printStackTrace();
  return COMMUNICATION_ERROR;
  catch (NamingException e) {
  System.out.println("Failed to connect to ");
  e.printStackTrace();
  return COMMUNICATION_ERROR;
  return SUCCESS;
  Result of this code from our company: We are able to Authenticate LDAP user and also Lock User Account after exceed the Max Failure Attempt that configured from Windows Server.
  Result of this code from our client side: They are able to Authenticate LDAP user but they can't User Accout Lock however exceed the Max Failure Attemp that configured from their Windows Server.
  Can u please help us if any experience about it and suggest if any other configuration require from Windows Server / Active Directory Server OR also if some other implementation require for resolving this issue.
  Your optimistic reply is much appreciated.
  Thanks,
  Mehul Garnara.
  Edited by: [email protected] on Mar 6, 2008 10:24 PM
  Edited by: [email protected] on Mar 6, 2008 10:25 PM
  Edited by: [email protected] on Mar 6, 2008 10:25 PM

• MS Active Directory (LDAP) and SAP Integration

  Hi all!
  don't know if I'm right here in this forum, but:
  I'm using MS Windows Server 2003 and installed Active Directory as LDAP-System on the one hand side, on the other I'm using a 6.20 ABAP Web AS.
  I'd like to synchronize the User Storage on these two systems.
  Does anyone have experience in doing this? I'm facing a tricky exception in depth of my customizing too complex to explain right now. The problem concerns the mapping of LDAP-Fields and SAP-Fields.
  Thankx,
  Christoph

  Hi Christoph,
  This is the mySAP ERP forum. Perhaps you can post your question in the Web AS forum (SAP NetWeaver Application Server).
  For now: here is a link to a video regarding SAP Active Directory integration:
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/sap active directory integration,%20SSO%20and%20User%20Management%20Webinar.wrf
  I found it by searching on Active Directory here on sdn:
  https://www.sdn.sap.com/sdn/search.sdn?contenttype=url&content=/irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fSDN!2fiViews!2fFramework!2fcom.sap.sdn.advsearch%3Fprttheme%3DCSIN%26QueryString=active%20directory%26searchDatasource=SDNContent
  Cheers,
  Noel

• OID and MS Active Directory  LDAP information Synchronization

  Do you know have to do the integration between OID and MS active Directory? How to synchronize the LDAP information between two?

  Hi, I have the same question.
  Thanks,
  Malin

• What is the Point of Active Directory/LDAP Specification?

  My college threw an interesting curve ball today and I couldn't give him a good enough answer. The question was simple 'What is the point of active directory'. Now I don't have a lot of exposure to active directory, but I thought I could easily answer. My argument was; If you have a group of objects its easy to look up attributes for those objects using active directory. For example, if you have a group in AD and you want to verify the users of that group you simply look up the member attribute of that group. However he argued, rightly so, that you can do that with a table in a database, why do that in AD. I couldn't give him a good enough answer and now I'm curious. Given the above example, why use AD over a database?
  To me AD is a way to manage a set of resources, whatever they are, by mapping them to objects that have however many attributes. But we could do that in a database, whats the point of AD? Why do you use AD?

  I come from a primarily database centric background. Just like life experience, it casts a certain perspective on problems. Database people solve things with databases. Directory people solve things with directories. Everyone has their perspective. It's not really about who's right and who's wrong. It's about perspective because people are most likely to go with what's familiar when given a problem. It's easy to have this conversation in a educational environment but when you're on the job it's about turf, schedules and careers. My latest job (in which this debate comes up a lot) has been about directories which has been a very enlightening experience because I've been given a gift of perspective. I can put on the directory hat and look at it from another angle.
  To get back to your professor's question. The answer is easy. LDAP (AD or other) is an application above a database. It has a data store behind it, in most cases we can just assume this is a database. So, in short, it's apples to oranges. But if we insist on comparing which makes the better juice, let's look at how we'd make a database like a directory. We could create a data model with an attributes table, an entries table and so on. We can deconstruct what LDAP data structures really are and implement each type as a table with FK/PK relationships and so on. It's sure to work because there are already so many products on the market doing this very thing. But think about the effort now. How are you going to add new users? A front-end? Stored procedures? Scripts? How are you going to keep someone from seeing things they shouldn't? You have to insert an object into all the right tables to ensure that your data is consistent and valid. In a pure database, you're trying to create ACLs on database rows. Now you're writing a full featured application with a lot of complexity. Given enough directory features, the database isn't going to be able to do everything without an external application.
  What is the point of LDAP? It's got hierarchy, ACLs, group of unique names functionality and things that are a layer of abstraction above the data store. I love databases but if you start designing out a directory server from scratch you'll realize it's far beyond comparing a user.ldif to a row in a user table. They are similar in appearance but different types of software.
  Edited by: milkfilk on Dec 16, 2008 11:48 AM
  Edited by: milkfilk on Dec 16, 2008 11:54 AM

• Really need help: authenticating via iPlanet Directory LDAP

  ok. I've created my security realm provider with the iplanetAuthenticator. Now,
  how do I protect a directory in my ear file and how do I password protect a /servlet/
  that I have with a login and password? Do I need to modify my web.xml? If so,
  does anyone have any samples I can take a look at?
  The docs aren't also clear on the user I must setup in the ldap directory and
  how that works...Can someone help?

  the samples has a sample on how to setup security
  or you can use console to setup security on specific resources in your case
  urls.
  -kiran
  "Franko" <[email protected]> wrote in message
  news:3f79f5e1$[email protected]..
  >
  ok. I've created my security realm provider with the iplanetAuthenticator.Now,
  how do I protect a directory in my ear file and how do I password protecta /servlet/
  that I have with a login and password? Do I need to modify my web.xml? Ifso,
  does anyone have any samples I can take a look at?
  The docs aren't also clear on the user I must setup in the ldap directoryand
  how that works...Can someone help?

• ISE - Active Directory - LDAPS

  I think I understood the customer concern. This is quoted from Microsofthttp://support.microsoft.com/kb/321051
  "The Lightweight Directory Access Protocol (LDAP) is used to read from and write to Active Directory. By default, LDAP traffic is transmitted unsecured. You can make LDAP traffic confidential and secure by using Secure Sockets Layer (SSL) / Transport Layer Security (TLS) technology."
  So the question now is how can we be sure the ISE communication is secure? ... I understand port 636 is used to transport LDAP-Secure ...
  The ISE User Gude indicates that one of the ports required to be open in the case a firewall exists between ISE and ADE is 636 (LDAPS). -(ISE User Guide Page 5-6)
  In my case there is no FW between ISE and AD, so how can I be sure LDAPS is being used?
  ISE User Guide explais a little about security if the external identity source is an LDAP, but nothing about security is indicated in Active Directory configuration.
  Regards.

  Hi,
  The AD join operations allows you to run PEAP protocol and is much more resilient than using ldap because of the way it joins itself to the domain. It uses kerberos and rpc when performing user authentication.
  When using ldaps that is configuration based on when you add the ldap instance.
  Sent from Cisco Technical Support iPad App