LDAP path for Active Directory

1
votes

I am developing Web application in ASP.net 4.0 using MVC.

In my application I am using Exchnage server 2007 for sending email.

I am getting Global Address List from exchange server.

Now the question is how to get LDAP path for Active directory by using UserName, Password and domain name.

Currently what I am doing is I am using DirectoryEntry's object n passing LDAP path for the server which I know in advance.

But what if other unknown exchnage server's credentials am using?

2
asp.net-mvc-3active-directoryldap
I am not familiar with exchange global address list but I did quite a lot of active directory work. If you can share your code and show which part you hard coded, I think I can help to make it domain independentHarvey Kwok

2 Answers

3
votes

Since you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:

Managing Directory Security Principals in the .NET Framework 3.5

Basically, you can define a domain context and easily find users and/or groups in AD:

// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// find yourself:
UserPrincipal myself = UserPrincipal.Current;

// find user by name
UserPrincipal someoneElse = UserPrincipal.FindByIdentity("John Doe");

// get user's LDAP path
if(someoneElse != null)
{
   // the DN (DistinguishedName) is typically your full LDAP path to the object
   // just prepend it with LDAP:// and you should be able to bind to it
   string userDN = someoneElse.DistinguishedName;

   // if you need the full LDAP path, you need to look at the underlying
   // DirectoryEntry object from System.DirectoryServices:
   string ldapPath = (someoneElse.GetUnderlyingObject() as DirectoryEntry).Path;
}

The new S.DS.AM makes it really easy to play around with users and groups in AD. So if you get some bit of information from Exchange, e.g. the user's name, you should be able to pretty easily find that corresponding UserPrincipal in AD and from there on, do whatever you need to do with it.

0
votes

I am not familiar with .net. But I can help to some extend to solve the problem

i guess you are looking for fdn of the user

The domain controller has a dns SRV record of the name

       _ldap._tcp.<DNSDomainName>
       _ldap._tcp.example.com

In this case it will tell you fqdn of the server which runs the AD. (basically the ldap service). Assume you are getting,

       host.example.com

Then do a subtree ldap search from dc=example,dc=com on the host 'host.example.com'. It will be like,

    ldapsearch -h host.example.com -b "dc=example,dc=com" -s sub samaccountname=username

This would get the ldap path (ldap dn) of the user. There is also another problem if the AD is configured not to respond for any anonymous request.

However this may not make any sense if you are looking for the .Net solution. You may try the above solution.