|
<< Click to Display Table of Contents >> Navigation: Forum > Authetificate User via LDAP against active directory |
08-19-2021, 09:54 AM:
Is it possible to authenticate user via LDAP against active directory in IW 15.
In VCL-Applications the function below works fine
In intraweb-Application at line
adshlp.ADsGetObject('LDAP://'+FDomain,ActiveDs_TLB.IDirectorySearch,DSearch);
Exception says "ungültige Syntax" -> “invalid syntax” at runtime.
Code:
function SearchUser (CommonName : string) : string;
var
DSearch : ActiveDs_TLB.IDirectorySearch;
opt : array[0..0] of ActiveDs_TLB.ads_searchpref_info; // has to be an array
ptrResult : THandle;
col : ActiveDs_TLB.ads_search_column;
Searchpath : WideString;
begin
Result:='';
Searchpath:='LDAP://'+FDomain;
adshlp.ADsGetObject(Searchpath,ActiveDs_TLB.IDirectorySearch,DSearch);
opt[0].dwSearchPref:=ADS_SEARCHPREF_SEARCH_SCOPE;
opt[0].vValue.dwType:=ADSTYPE_INTEGER;
opt[0].vValue.Integer:=ADS_SCOPE_SUBTREE;
if Succeeded(DSearch.SetSearchPreference(@opt[0],1)) then
begin
DSearch.ExecuteSearch('(&(objectClass=user)(sAMAccountName='+CommonName+'))',@ColNames,ColCount,ptrResult);
if DSearch.GetNextRow(ptrResult)<>S_ADS_NOMORE_ROWS then
begin
if Succeeded(DSearch.GetColumn(ptrResult,ColNames[2],col)) then
begin
if col.pADsValues<>nil then Result:=col.pAdsvalues^.CaseIgnoreString;
DSearch.FreeColumn(col);
end;
end
end
end;
08-23-2021, 10:12 PM:
Whenever you are using any type library I suspect of COM initialization issues. Have you tried to change the COM initialization options in ServerController and see how it behaves?
08-30-2021, 02:45 PM:
Thanks,
with comInitialization= ciNormal or ciMultiThreaded adsGetObject works fine !
BUT if password and user are correct adsOpenObject now returns not zero . Variable ap ist filled correct.
Returnvalues are like: 71498898, 75889652 or 74120338
Code:
function AuthADUser (aUser,aPassword : string) : boolean;
var
ADSerg: HRESULT;
ap : string;
User : IADsUser;
begin
ADSerg:=0;
ap:=SearchUser (aUser);
result:=(length(ap)>0);
if not result then
begin
MessageDlg('Benutzer nicht gefunden',mtInformation,[MBOK],0);
end;
if result then
begin
try
ADSerg:=adshlp.ADsOpenObject(ap, aUser,aPassword, 1, IID_IADsUser,user);
result:=(ADSerg=s_OK);
except
on e :eoleException do
begin
result:=false;
MessageDlg('Name oder Passwort sind falsch !',mtInformation,[MBOK],0);
end
else
begin
result:=false;
MessageDlg('Name oder Passwort sind falsch !',mtInformation,[MBOK],0);
end;
end;
end;
if result then
begin
user.GetInfo;
result:=(user.EmailAddress<>'');
end
end;
function TIWUserSession.CheckUser(const aUserName, aPassword: string): Boolean;
begin
Result := FAuthenticated;
if not Result then begin
FAuthenticated := AuthADUser(aUserName,aPassword); // do your username/password validation here
Result := FAuthenticated;
end;
end;
09-01-2021, 05:41 AM:
But IW has no influence over this AD COM object... do you know what these return values mean?
09-30-2021, 04:56 PM:
Sorry for the late response:
These values makes no sense and seems to be random even with same credentials: 74841234,75627666,71302290,71498898,75889652,74120338
I wonder why the response is different from VCL with the same source.
If ADsOpenObject fires no exception the user can pass so I modified the source to:
try
ADSerg:=adshlp.ADsOpenObject(ap, aUser,aPassword, 1, IID_IADsUser,user);
//result:=(ADSerg=s_OK);
result:=true;
except