How to connect to Active Directory using LDAP from C++?

2
votes

I have setup Active Directory on a Windows Server 2019. I am trying to use LDAP to connect to Active Directory from a Windows client. I have used this code with slight modifications from the Microsoft docs:

//  Verify that the user passed a hostname.
if (hostname!=NULL)
{
    //  Convert argv[] to a wchar_t*
    size_t origsize = strlen(argv[1]) + 1;
    size_t convertedChars = 0;
    wchar_t wcstring[newsize];
    mbstowcs_s(convertedChars, wcstring, origsize, argv[1], _TRUNCATE);
    wcscat_s(wcstring, L" (wchar_t *)");
    hostName = wcstring;
}
else
{
    hostName = NULL;
}

//  Initialize a session. LDAP_PORT is the default port, 389.
pLdapConnection = ldap_init(hostName, LDAP_PORT);

if (pLdapConnection == NULL)
{
    //  Set the HRESULT based on the Windows error code.
    char hr = HRESULT_FROM_WIN32(GetLastError());
    printf( "ldap_init failed with 0x%x.\n",hr);
    goto error_exit;
}
else
    printf("ldap_init succeeded \n");

//  Set the version to 3.0 (default is 2.0).
returnCode = ldap_set_option(pLdapConnection,
                             LDAP_OPT_PROTOCOL_VERSION,
                             (void*)&version);
if(returnCode == LDAP_SUCCESS)
    printf("ldap_set_option succeeded - version set to 3\n");
else
{
    printf("SetOption Error:%0X\n", returnCode);
    goto error_exit;
}

// Connect to the server.
connectSuccess = ldap_connect(pLdapConnection, NULL);

if(connectSuccess == LDAP_SUCCESS)
    printf("ldap_connect succeeded \n");
else
{
    printf("ldap_connect failed with 0x%x.\n",connectSuccess);
    goto error_exit;
}

//  Bind with current credentials (login credentials). Be
//  aware that the password itself is never sent over the 
//  network, and encryption is not used.
printf("Binding ...\n");

returnCode = ldap_bind_s(pLdapConnection, NULL, NULL,
                         LDAP_AUTH_NEGOTIATE);
if (returnCode == LDAP_SUCCESS)
    printf("The bind was successful");
else
    goto error_exit;

//  Normal cleanup and exit.
ldap_unbind(pLdapConnection);
return 0;

//  On error cleanup and exit.
error_exit:
    ldap_unbind(pLdapConnection);
    return -1;

I am new to active directory and have never worked with Windows servers before.

  1. How do I connect to Active Directory in this LDAP query? Do I pass the server name or the Active Directory domain name in the host name in the code?

  2. Also I am getting a server name not resolved error. Should I use the dns service in Windows server or my local lan in order to get rid of the error?

Here is the link to the code from microsoft docs:
here

1
c++active-directoryldapwindows-server-2019
Please share the link of the Microsoft docs from where the code has been copied. Since the current code is incomplete, it is not possible to answer your queries!Am_I_Helpful
@Am_I_helpful I have posted the linksham

1 Answers

1
votes
  1. How do I connect to Active Directory in this LDAP query? Do I pass the server name or the Active Directory domain name in the host name in the code?

As per the code sample shared by you in the question, the docs clearly states that the code can be executed by: (i) either passing the server name as a command line parameter, (ii) or in case of no parameter a serverless bind attempt is performed.

From Microsoft DOCS on Serverless Binding and RootDSE:

If possible, do not hard-code a server name. Furthermore, under most circumstances, binding should not be unnecessarily tied to a single server. Active Directory Domain Services support serverless binding, which means that Active Directory can be bound to on the default domain without specifying the name of a domain controller. For ordinary applications, this is typically the domain of the logged-on user. For service applications, this is either the domain of the service logon account or that of the client that the service impersonates.

Since you're new to Active Directory, I'd suggest you to try running the code by passing your AD domain name (e.g., domain.local, corp.org, etc).

  1. Also I am getting a server name not resolved error. Should I use the dns service in Windows server or my local lan in order to get rid of the error?

This would be tough to answer without more information. By default, name resolution is done first by etc/hosts file, or else by DNS, if the resolution is not possible through former! You should mostly rely on the latter, i.e, correct DNS setting.

You need to investigate why the lookup is failing for the hostname you've supplied. You can do a simple test by checking the output of the command nslookup yourADServerHostName or nslookup yourADServerFQDN in command prompt, and check if it gets resolved to the intended IP-Address.

NOTE: