Atozed Forums
Authetificate User via LDAP against active directory - Printable Version

+- Atozed Forums (https://www.atozed.com/forums)
+-- Forum: Atozed Software Products (https://www.atozed.com/forums/forum-1.html)
+--- Forum: IntraWeb (https://www.atozed.com/forums/forum-3.html)
+---- Forum: English (https://www.atozed.com/forums/forum-16.html)
+----- Forum: IntraWeb General Discussion (https://www.atozed.com/forums/forum-4.html)
+----- Thread: Authetificate User via LDAP against active directory (/thread-2492.html)



Authetificate User via LDAP against active directory - mikel.pahl - 08-19-2021

Is it possible to authenticate user via LDAP against active directory in IW 15.
In VCL-Applications the function below works fine

In intraweb-Application at line
adshlp.ADsGetObject('LDAP://'+FDomain,ActiveDs_TLB.IDirectorySearch,DSearch);
Exception says "ungültige Syntax" -> “invalid syntax” at runtime.


Code:
function SearchUser (CommonName : string) : string;
var
  DSearch      : ActiveDs_TLB.IDirectorySearch;
  opt          : array[0..0] of ActiveDs_TLB.ads_searchpref_info; // has to be an array
  ptrResult    : THandle;
  col          : ActiveDs_TLB.ads_search_column;
  Searchpath   : WideString;
begin
  Result:='';
  Searchpath:='LDAP://'+FDomain;
  adshlp.ADsGetObject(Searchpath,ActiveDs_TLB.IDirectorySearch,DSearch);
  opt[0].dwSearchPref:=ADS_SEARCHPREF_SEARCH_SCOPE;
  opt[0].vValue.dwType:=ADSTYPE_INTEGER;
  opt[0].vValue.Integer:=ADS_SCOPE_SUBTREE;
  if Succeeded(DSearch.SetSearchPreference(@opt[0],1)) then
  begin
    DSearch.ExecuteSearch('(&(objectClass=user)(sAMAccountName='+CommonName+'))',@ColNames,ColCount,ptrResult);
    if DSearch.GetNextRow(ptrResult)<>S_ADS_NOMORE_ROWS then
    begin
      if Succeeded(DSearch.GetColumn(ptrResult,ColNames[2],col)) then
      begin
        if col.pADsValues<>nil then Result:=col.pAdsvalues^.CaseIgnoreString;
        DSearch.FreeColumn(col);
      end;
    end
  end
end;



RE: Authetificate User via LDAP against active directory - Alexandre Machado - 08-23-2021

Whenever you are using any type library I suspect of COM initialization issues. Have you tried to change the COM initialization options in ServerController and see how it behaves?


RE: Authetificate User via LDAP against active directory - mikel.pahl - 08-30-2021

Thanks,
with comInitialization= ciNormal or ciMultiThreaded  adsGetObject works fine !

BUT if password and user are correct adsOpenObject now returns not zero . Variable ap ist filled correct.
Returnvalues are like: 71498898, 75889652 or 74120338

Code:
function AuthADUser (aUser,aPassword : string) : boolean;
var
  ADSerg: HRESULT;
  ap    : string;
  User  : IADsUser;
begin
  ADSerg:=0;
  ap:=SearchUser (aUser);
  result:=(length(ap)>0);
  if not result then
  begin
    MessageDlg('Benutzer nicht gefunden',mtInformation,[MBOK],0);
  end;
  if result  then
  begin
    try
      ADSerg:=adshlp.ADsOpenObject(ap, aUser,aPassword, 1, IID_IADsUser,user);
      result:=(ADSerg=s_OK);
    except
      on e :eoleException do
      begin
        result:=false;
        MessageDlg('Name oder Passwort sind falsch !',mtInformation,[MBOK],0);
      end
      else
      begin
        result:=false;
        MessageDlg('Name oder Passwort sind falsch !',mtInformation,[MBOK],0);
      end;
    end;
  end;
  if result  then
  begin
    user.GetInfo;
    result:=(user.EmailAddress<>'');
  end
end;


function TIWUserSession.CheckUser(const aUserName, aPassword: string): Boolean;
begin
  Result := FAuthenticated;
  if not Result then begin
    FAuthenticated := AuthADUser(aUserName,aPassword); // do your username/password validation here
    Result := FAuthenticated;
  end;
end;



RE: Authetificate User via LDAP against active directory - Alexandre Machado - 09-01-2021

But IW has no influence over this AD COM object... do you know what these return values mean?


RE: Authetificate User via LDAP against active directory - mikel.pahl - 09-30-2021

Sorry for the late response:
These values makes no sense and seems to be random even with same credentials: 74841234,75627666,71302290,71498898,75889652,74120338

I wonder why the response is different from VCL with the same source.

If ADsOpenObject fires no exception the user can pass so I modified the source to:
try
ADSerg:=adshlp.ADsOpenObject(ap, aUser,aPassword, 1, IID_IADsUser,user);
//result:=(ADSerg=s_OK);
result:=true;
except