Question : Verify user exists in AD using LDAP

Hi,

Is there a way to verify that an user exists in the AD?

The scenario is that, I have to add a network/domain user to my application and provide application level rights. For this I am storing the network ID of the user and their corresponding functions available in my application.

While I am able to authorize the user for logging in into my application with user id and password, I am not able to verify if the user being added to the application is an authentic network/domain user. The issue is when the admin is trying to add the user to the application and configure their functions.

All search ends with providing user id and password. This is not a solution for me since the admin user will not be knowing the password of the user while adding to the application.

Answer : Verify user exists in AD using LDAP



Huh.... finally i made it work after a long battle....

Thanks for everyone for sparing some time and effort into my question.

The following is the steps to make LDAP working... (a disclaimer here is that I am not sure if there are any other AD implementations where this solution might not work)

1) Prepare/build your LDAP statement to be like below.
LDAP://<domainname>/DC=<partoneofdomainname>,DC=<parttwoofdomainname>

Note: What is this partXofdomainname? Well, each domain name is made of multiple parts (exact technical term is not known to me). Each part is seperated by a period (.), and you would have to provide all the parts seperated by commas and assigned to "DC".

2) Create a DirectoryEntry object with the built path.

3) Create a DirectorySearcher object and then assign the SearchRoot of the object to the DirectoryEntry object.
Note: for some reason if i pass the DirectoryEntry object as a parameter to the constructor of the DirectorySearcher it does not work.

4) Add a filter to the DirectorySearcher object for the string "(&(objectClass=user) (cn=" + UserName + "))" ... and the UserName is the id of the user you need to validate at the end of the string.

5) Add another filter to the DirectorySearcher object for the sAMAccountName as "(sAMAccountName=" + UserName + ")".

6) Then create a SearchResultCollection object and assign the result of the FindAll or FindOne method result of the DirectorySearcher object.
Ex:
DirectoryEntry DE = new DirectoryEntry();
DirectorySearcher DS = new DirectorySearcher();
DS.SearchRoot = DE;
DS.Filter = "(&(objectClass=user) (cn=" + UserName + "))";
DS.Filter = "(sAMAccountName=" + UserName + ")";

SearchCollection searchResult = DE.FindOne(); //Can also use DE.FindAll();

7) If you just need to ensure the user exists, then check the count of searchResult.

8) Else you would have to add additional statements to handle the PropertiesToLoad method of the DirectorySearcher object.

Thats all... you are done....... :)
Random Solutions  
 
programming4us programming4us