Active Directory Login Page DN Format?

[Guest]

We are using forms authentication in our web app and typically query our LDAP
Servers by binding to the user node in the LDAP Tree.

We usually see the following DN used as the DN for each user..

http://serverip:389/cn=login,dc=company,dc=org
*where login is their actual windows login

In Active Directory we are seeing this format...
http://server:389/cn=firstname lastname,dc=company,dc=org
*where the cn attribute is their full name not their login

When we try to bind to the directory how should we bind if don't have the
full name from the login page? (ie we'd like to ask for a standard
username/password). The users are within their own OUs and apparently not
within the general cn=Users node too. Anyhow just wondering what format of a
DN might work other than the one above to locate a user within active
directory from an ASP.NET page. Thank you so much I really appreciate it!

Christopher

 

[Oleg Ogurok]

When you're authenticating users, you don't care which container he's in; so
use serverless binding, e.g.

string domainAndUserName = userName + "@" + domain;
using (DirectoryEntry entry = new DirectoryEntry(null, domainAndUserName,
password, AuthenticationTypes.Secure))
{
try
{
// Bind to the native AdsObject to force authentication.
Object obj = entry.NativeObject;
}
catch (COMException ex) { // user unknown or password wrong or account
expired }
This will bind to the root of the AD and try to authenticate

Then you can use DirectorySearcher to find a user by its userName to test
various things, e.g. if the user's password expired, etc.

Here's a useful link:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnclinic/html/scripting09102002.asp