ldap connection problem

On Tue, 2 Aug 2005 06:11:05 -0700, "Amar" <Am**@discussions.microsoft.com> wrote:

¤ I am trying to connect to my college LDAP directory using ASP.NET. This LDap
¤ does not have security as it returns only user demographic information.
¤ i do not need to bind with a username or credentials.
¤ What i am trying to do is, i am trying to look up all the information for
¤ the user with user id 'testuser'. The following is the Vb.net code for my
¤ aspx page:
¤
¤ Dim oRoot As DirectoryEntry = New
¤ DirectoryEntry("LDAP://directory.x.y/ou=People,dc=x,dc=y")
¤ Dim oSearcher As DirectorySearcher = New DirectorySearcher(oRoot)
¤ Dim oResult As SearchResult
¤ Dim propName As String
¤ Dim obProp As Object
¤
¤ Try
¤ oSearcher.Filter = "uupid=testuser"
¤ oResult = oSearcher.FindOne
¤ For Each propName In oResult.Properties.PropertyNames
¤ For Each obProp In oResult.Properties(propName)
¤ Response.Write("name= " & propName)
¤ Response.Write("value= " & obProp)
¤ Next
¤ Next
¤ Catch Ex as Exception
¤ End Try
¤
¤ The above code fails at the line "oResult = oSearcher.FindOne" and gives me
¤ an error which is useless: "Unknown error (0x80005000)"
¤ I have already posted this question twice. Is there nobody whos faced this
¤ problem?
¤ Please help me!! Thanks in advance.

Sounds like it might be a credentials issue. What level of security is set for your web application
in IIS? Are you implementing impersonation?
Paul
~~~~
Microsoft MVP (Visual Basic)

Thank you for looking into the matter.
I tried implementing the primary token thing but it is of no avail.
Paul, currently my application is using "Anonymous" user on IIS and IIS
controls the password for the user. I also have the statement "<identity
impersonate="true"/>"
set in my web.config file.
What i dont understand is that the college ldap server required no
authentication and i can bind anonymously.
I really appreciate your help.Looking forward to your reply!
Thanks

"Paul Clement" wrote:

On Tue, 2 Aug 2005 06:11:05 -0700, "Amar" <Am**@discussions.microsoft.com> wrote:

¤ I am trying to connect to my college LDAP directory using ASP.NET. This LDap
¤ does not have security as it returns only user demographic information.
¤ i do not need to bind with a username or credentials.
¤ What i am trying to do is, i am trying to look up all the information for
¤ the user with user id 'testuser'. The following is the Vb.net code for my
¤ aspx page:
¤
¤ Dim oRoot As DirectoryEntry = New
¤ DirectoryEntry("LDAP://directory.x.y/ou=People,dc=x,dc=y")
¤ Dim oSearcher As DirectorySearcher = New DirectorySearcher(oRoot)
¤ Dim oResult As SearchResult
¤ Dim propName As String
¤ Dim obProp As Object
¤
¤ Try
¤ oSearcher.Filter = "uupid=testuser"
¤ oResult = oSearcher.FindOne
¤ For Each propName In oResult.Properties.PropertyNames
¤ For Each obProp In oResult.Properties(propName)
¤ Response.Write("name= " & propName)
¤ Response.Write("value= " & obProp)
¤ Next
¤ Next
¤ Catch Ex as Exception
¤ End Try
¤
¤ The above code fails at the line "oResult = oSearcher.FindOne" and gives me
¤ an error which is useless: "Unknown error (0x80005000)"
¤ I have already posted this question twice. Is there nobody whos faced this
¤ problem?
¤ Please help me!! Thanks in advance.

Sounds like it might be a credentials issue. What level of security is set for your web application
in IIS? Are you implementing impersonation?
Paul
~~~~
Microsoft MVP (Visual Basic)

Have you tried using ADSIEdit or ADSIView yet? (Does it work?)
Does this work in a console app?
Is your LDAP string is correct?
Is " LDAP://directory.x.y/ou=People,dc=x,dc=y" the actual LDAP string?
Is the IIS server trusted at the respective domain you're trying to
search?
Have you tried filtering using another property (like SAMAccountName)?

I am sure after answering these questions someone will be able to help.
You can also try using DirectoryEntry("LDAP...", null, null,
AutheticationTypes.Secure);
Erick Sgarbi
www.blog.csharpbox.com

"Amar" <Am**@discussions.microsoft.com> wrote in message
news:16**********************************@microsof t.com:

Thank you for looking into the matter.
I tried implementing the primary token thing but it is of no avail.
Paul, currently my application is using "Anonymous" user on IIS and IIS
controls the password for the user. I also have the statement "<identity
impersonate="true"/>"
set in my web.config file.
What i dont understand is that the college ldap server required no
authentication and i can bind anonymously.
I really appreciate your help.Looking forward to your reply!
Thanks

"Paul Clement" wrote:

On Tue, 2 Aug 2005 06:11:05 -0700, "Amar" <Am**@discussions.microsoft.com> wrote:

¤ I am trying to connect to my college LDAP directory using ASP.NET. This LDap
¤ does not have security as it returns only user demographic information.
¤ i do not need to bind with a username or credentials.
¤ What i am trying to do is, i am trying to look up all the information for
¤ the user with user id 'testuser'. The following is the Vb.net code for my
¤ aspx page:
¤
¤ Dim oRoot As DirectoryEntry = New
¤ DirectoryEntry("LDAP://directory.x.y/ou=People,dc=x,dc=y")
¤ Dim oSearcher As DirectorySearcher = New DirectorySearcher(oRoot)
¤ Dim oResult As SearchResult
¤ Dim propName As String
¤ Dim obProp As Object
¤
¤ Try
¤ oSearcher.Filter = "uupid=testuser"
¤ oResult = oSearcher.FindOne
¤ For Each propName In oResult.Properties.PropertyNames
¤ For Each obProp In oResult.Properties(propName)
¤ Response.Write("name= " & propName)
¤ Response.Write("value= " & obProp)
¤ Next
¤ Next
¤ Catch Ex as Exception
¤ End Try
¤
¤ The above code fails at the line "oResult = oSearcher.FindOne" and gives me
¤ an error which is useless: "Unknown error (0x80005000)"
¤ I have already posted this question twice. Is there nobody whos faced this
¤ problem?
¤ Please help me!! Thanks in advance.

Sounds like it might be a credentials issue. What level of security is set for your web application
in IIS? Are you implementing impersonation?
Paul
~~~~
Microsoft MVP (Visual Basic)

Have you tried using ADSIEdit or ADSIView yet? (Does it work?)
---Yes i tried connecting using ldp.exe and it does work. Since it does not
require a username and password to connect it allows me to connect and shows
me search values if i do a search.

Does this work in a console app?
---I tried doing a desktop application using Vb.net. Gives me the same error
that i get through a web application. It bombs out at the line
osearcher.FindOne with the same stupid error "Unknown Error(0x80005000)"

Is your LDAP string is correct? ---My LDAP String is correct i believe because i used the same string in the
windows support tool application ldp.exe as mentioned above and it works.
Probably i am not using it in the right format in my asp.net application and
you could guide me there. I have mentioned what i use in my first question to
which you replied
Is " LDAP://directory.x.y/ou=People,dc=x,dc=y" the actual LDAP string? --- No this is just an example string. I have some values for x and y that
correspond to my ldap server. I can tell u these if you want.
Is the IIS server trusted at the respective domain you're trying to
search? ---I dont know because the LDAP server is on the college campus servers and
i have no access to that server. Also, as per your suggestion it should not
matter because if a desktop application should work then i dont need a web
application and we can leave IIS out of this.
Have you tried filtering using another property (like SAMAccountName)? --- I thought this property could only be used for windows 95,98,NT4
machines. If i am wrong please post an example with the use of this property.
I will appreciate that.
You can also try using DirectoryEntry("LDAP...", null, null,
AutheticationTypes.Secure); ---I tried using that. Still the same problem. Also as i mentioned i dont
need to use authenticationtypes.secure because i can bind anonymously to this
ldap server thats what the campus people who have this server tell me.

Please help me!! Thanks for all your help till now. I really appreciate your
looking into this problem. Looking forward to your reply.

"Erick Sgarbi" wrote:
Have you tried using ADSIEdit or ADSIView yet? (Does it work?)
Does this work in a console app?
Is your LDAP string is correct?
Is " LDAP://directory.x.y/ou=People,dc=x,dc=y" the actual LDAP string?
Is the IIS server trusted at the respective domain you're trying to
search?
Have you tried filtering using another property (like SAMAccountName)?

I am sure after answering these questions someone will be able to help.
You can also try using DirectoryEntry("LDAP...", null, null,
AutheticationTypes.Secure);
Erick Sgarbi
www.blog.csharpbox.com

"Amar" <Am**@discussions.microsoft.com> wrote in message
news:16**********************************@microsof t.com:

Thank you for looking into the matter.
I tried implementing the primary token thing but it is of no avail.
Paul, currently my application is using "Anonymous" user on IIS and IIS
controls the password for the user. I also have the statement "<identity
impersonate="true"/>"
set in my web.config file.
What i dont understand is that the college ldap server required no
authentication and i can bind anonymously.
I really appreciate your help.Looking forward to your reply!
Thanks

"Paul Clement" wrote:

On Tue, 2 Aug 2005 06:11:05 -0700, "Amar" <Am**@discussions.microsoft.com> wrote:

¤ I am trying to connect to my college LDAP directory using ASP.NET. This LDap
¤ does not have security as it returns only user demographic information.
¤ i do not need to bind with a username or credentials.
¤ What i am trying to do is, i am trying to look up all the information for
¤ the user with user id 'testuser'. The following is the Vb.net code for my
¤ aspx page:
¤
¤ Dim oRoot As DirectoryEntry = New
¤ DirectoryEntry("LDAP://directory.x.y/ou=People,dc=x,dc=y")
¤ Dim oSearcher As DirectorySearcher = New DirectorySearcher(oRoot)
¤ Dim oResult As SearchResult
¤ Dim propName As String
¤ Dim obProp As Object
¤
¤ Try
¤ oSearcher.Filter = "uupid=testuser"
¤ oResult = oSearcher.FindOne
¤ For Each propName In oResult.Properties.PropertyNames
¤ For Each obProp In oResult.Properties(propName)
¤ Response.Write("name= " & propName)
¤ Response.Write("value= " & obProp)
¤ Next
¤ Next
¤ Catch Ex as Exception
¤ End Try
¤
¤ The above code fails at the line "oResult = oSearcher.FindOne" and gives me
¤ an error which is useless: "Unknown error (0x80005000)"
¤ I have already posted this question twice. Is there nobody whos faced this
¤ problem?
¤ Please help me!! Thanks in advance.

Sounds like it might be a credentials issue. What level of security is set for your web application
in IIS? Are you implementing impersonation?
Paul
~~~~
Microsoft MVP (Visual Basic)

On Tue, 2 Aug 2005 12:31:06 -0700, "Amar" <Am**@discussions.microsoft.com> wrote:

¤ Thank you for looking into the matter.
¤ I tried implementing the primary token thing but it is of no avail.
¤ Paul, currently my application is using "Anonymous" user on IIS and IIS
¤ controls the password for the user. I also have the statement "<identity
¤ impersonate="true"/>"
¤ set in my web.config file.
¤ What i dont understand is that the college ldap server required no
¤ authentication and i can bind anonymously.
¤ I really appreciate your help.Looking forward to your reply!
¤ Thanks

You might have some problem accessing Active Directory with the Anonymous account, since it's a
least privileged account.

Can you use Basic or Integrated Windows authentication with a domain account and impersonation? If
not, you may need to run this web application under an account that has sufficient privileges for
Active Directory access.
Paul
~~~~
Microsoft MVP (Visual Basic)

Thanks again Paul. I tried using the impersonation parameter into the
web.config file, also tried using a domain user account to run the web
application under but no use.
Sorry, but nothing just seems to work! The following is the error and the
stack.
Unknown error (0x80005000) at
System.DirectoryServices.DirectoryEntry.Bind(Boole an throwIfFail) at
System.DirectoryServices.DirectoryEntry.Bind() at
System.DirectoryServices.DirectoryEntry.get_AdsObj ect() at
System.DirectoryServices.DirectorySearcher.FindAll (Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindOne ()

Thanks,
Amar

"Paul Clement" wrote:

On Tue, 2 Aug 2005 12:31:06 -0700, "Amar" <Am**@discussions.microsoft.com> wrote:

¤ Thank you for looking into the matter.
¤ I tried implementing the primary token thing but it is of no avail.
¤ Paul, currently my application is using "Anonymous" user on IIS and IIS
¤ controls the password for the user. I also have the statement "<identity
¤ impersonate="true"/>"
¤ set in my web.config file.
¤ What i dont understand is that the college ldap server required no
¤ authentication and i can bind anonymously.
¤ I really appreciate your help.Looking forward to your reply!
¤ Thanks

You might have some problem accessing Active Directory with the Anonymous account, since it's a
least privileged account.

Can you use Basic or Integrated Windows authentication with a domain account and impersonation? If
not, you may need to run this web application under an account that has sufficient privileges for
Active Directory access.
Paul
~~~~
Microsoft MVP (Visual Basic)

Thanks Paul. I think i solved the problem. Here's how i did it:
1. I passed the filter but without the "ou=people" in the Ldap path
(LDAP://directory.x.y/dc=x,dc=y)
2. This returned the uid from the server.
3. i then built the ldap path again with the necessary DN, hence the final
ldap path was
LDAP://directory.x.y/uid=12345,ou=People,dc=x,dc=y

Thanks for all your efforts Paul

"Paul Clement" wrote:

On Tue, 2 Aug 2005 12:31:06 -0700, "Amar" <Am**@discussions.microsoft.com> wrote:

¤ Thank you for looking into the matter.
¤ I tried implementing the primary token thing but it is of no avail.
¤ Paul, currently my application is using "Anonymous" user on IIS and IIS
¤ controls the password for the user. I also have the statement "<identity
¤ impersonate="true"/>"
¤ set in my web.config file.
¤ What i dont understand is that the college ldap server required no
¤ authentication and i can bind anonymously.
¤ I really appreciate your help.Looking forward to your reply!
¤ Thanks

You might have some problem accessing Active Directory with the Anonymous account, since it's a
least privileged account.

Can you use Basic or Integrated Windows authentication with a domain account and impersonation? If
not, you may need to run this web application under an account that has sufficient privileges for
Active Directory access.
Paul
~~~~
Microsoft MVP (Visual Basic)