Author |
Topic  |
bdinicola
Starting Member
USA
14 Posts |
Posted - 20 May 2002 : 13:00:17
|
Is anyone working on implementing Active Directory authentication into Snitz?
Thanks! Billie
|
|
j26121968
Starting Member
2 Posts |
Posted - 01 June 2002 : 18:05:32
|
Yes, we're going to implement this behavour. All works fine except the use of NT Groups...
|
 |
|
LaurieS
Starting Member
USA
2 Posts |
Posted - 19 June 2002 : 15:31:10
|
quote:
Yes, we're going to implement this behavour. All works fine except the use of NT Groups...
What doesn't work with the NT Groups? I've set up a few things testing here and it seems to work fine.
|
 |
|
purnhar
Starting Member
8 Posts |
Posted - 20 June 2002 : 02:43:11
|
I implemented AD-integration using NT-Authentification. When NT-Authentication is used, new users are automatically registered to the forum. Their name and email adress is extracted from active directory in register.asp. Perhaps we should merge our efforts.
Global NT-Groups work like expected (using the default implementation from Snitz 4.0 Beta 03). Is there a function to discover if a user is member of a local group?
Regards, Ralf |
 |
|
mradel
Starting Member
2 Posts |
Posted - 09 July 2002 : 18:34:11
|
Has anyone successfully implemented Snitz using AD? What version of Snitz and were any mods needed? We are REALLY looking to do this quickly and any assistance would be MUCH appreciated.
Thanks! |
 |
|
purnhar
Starting Member
8 Posts |
Posted - 10 July 2002 : 11:03:06
|
In our implementation we modified register.asp to retrieve user-information from active directory, when a user (nt-authenticated with AutoLogon enabled) enteres the forum for the first time. This way the fields name, lastname and email are populated from AD. Currently there are two problems:
1. AD root is hard coded into the asp-file. It would be better, if a configuration option could be integrated to switch on AD access und specify parameters like AD root and searchbase.
2. AD information is only retrieved during authentication. If AD information changes (for example the email adress) the profile in the forum is not updated.
Ralf
|
 |
|
mradel
Starting Member
2 Posts |
Posted - 10 July 2002 : 17:34:58
|
Ralf
Being a newbie to both Snitz and AD, can you (or anyone else who has it working) please post or send the code that you used?
Thanks so much!
mradel
|
 |
|
AkulaSSN
Starting Member
6 Posts |
Posted - 15 July 2002 : 16:00:48
|
quote:
In our implementation we modified register.asp to retrieve user-information from active directory, when a user (nt-authenticated with AutoLogon enabled) enteres the forum for the first time. This way the fields name, lastname and email are populated from AD. Currently there are two problems:
1. AD root is hard coded into the asp-file. It would be better, if a configuration option could be integrated to switch on AD access und specify parameters like AD root and searchbase.
2. AD information is only retrieved during authentication. If AD information changes (for example the email adress) the profile in the forum is not updated.
Ralf
How did you manage to get Snitz to use the email address from the Active Directory? I've been looking at various posts, but am unsure of how to proceed to try this out. Any Help would be much appreciated.
|
 |
|
purnhar
Starting Member
8 Posts |
Posted - 16 July 2002 : 03:37:12
|
Ok. Here is my inc_activedirectory.asp You have to customize the consts LDAP_STRING and LDAP_SEARCH. I included the file in register.asp and used the provided functions to initialize the corresponding fields with values from the AD.
Ralf
inc_activedirectory.asp:
Dim oADUser Dim sADUser Set oADUser = Nothing sADUser = "" Const LDAP_STRING = "LDAP://your.domain.com/" Const LDAP_SEARCH = "DC=your,DC=domain,DC=com" Function findADUser(rsID) Dim oDB Dim oRS Dim oUser Set oDB = CreateObject("ADODB.Connection") oDB.Provider = "ADsDSOObject" oDB.Open "Active Directory Provider" Set oRS = oDB.Execute("select AdsPath from '" & LDAP_STRING & LDAP_SEARCH & "' where name='" & rsID & "' and objectclass='user' and objectclass<>'computer'") If oRS.EOF Then Set oUser = Nothing Else Set oUser = GetObject(oRS("AdsPath")) End If Set findAdUser = oUser Set oUser = Nothing Set oRS = Nothing Set oDB = Nothing End Function Sub getADUser() If (oADUser Is Nothing and not (sADUser = strDBNTUserName)) Then Set oADUser = findADUser(strDBNTUserName) sADUser = strDBNTUserName End If End Sub Function getADField(sFieldName) On Error Resume Next getADUser() sValue = oADUser.Get(sFieldName) If err.number = 0 Then getADField = sValue Else getADField = "" End If On Error Goto 0 End Function Function getADEmail() sEmail = getADField("mail") if (sEmail = "") Then sEmail = strDBNTUserName & "@local" end if getADEmail = sEmail End Function Function getADFirstName() getADFirstName = getADField("givenName") End Function Function getADLastName() getADLastName = getADField("sn") End Function Function getADFullName() If (getADLastName = "" or getADFirstName = "") Then fullName = getADField("description") If (fullName = "") Then fullName = getADField("displayName") If (fullName = "") Then fullName = sADUser End If End If Else fullName = getADLastName() & ", " & getADFirstName End If getADFullName = fullName End Function %>
Edited by - purnhar on 16 July 2002 03:39:42 |
 |
|
Nikkol
Forum Moderator
    
USA
6907 Posts |
Posted - 16 July 2002 : 06:58:10
|
quote:
2. AD information is only retrieved during authentication. If AD information changes (for example the email adress) the profile in the forum is not updated.
I haven't integrated AD into snitz (yet), but seems like this could be either an admin option to update email addresses -or- an option in the user's profile to grab their new address. The only problem would be if the user's CN was changed as well.
Nikkol |
 |
|
AkulaSSN
Starting Member
6 Posts |
Posted - 16 July 2002 : 09:45:38
|
quote:
Ok. Here is my inc_activedirectory.asp You have to customize the consts LDAP_STRING and LDAP_SEARCH. I included the file in register.asp and used the provided functions to initialize the corresponding fields with values from the AD.
Ralf
Thanks for listing that code, i've popped in onto the forums (with correct ldap names), but am unsure of where to add the "getademail" function to actually pull the email address from the active directory.
|
 |
|
purnhar
Starting Member
8 Posts |
Posted - 17 July 2002 : 03:06:21
|
quote:
Thanks for listing that code, i've popped in onto the forums (with correct ldap names), but am unsure of where to add the "getademail" function to actually pull the email address from the active directory.
I included inc_activedirectory.asp in register.asp and edited the lines for populating the default values in the members table (near line 211).
Ralf
|
 |
|
purnhar
Starting Member
8 Posts |
Posted - 17 July 2002 : 03:15:17
|
quote:
I haven't integrated AD into snitz (yet), but seems like this could be either an admin option to update email addresses -or- an option in the user's profile to grab their new address. The only problem would be if the user's CN was changed as well.
AD integration should be an admin-option. IMHO it's only usefull with NT-Authentication and maybe Autologin enabled. The user information should be read from the AD everytime, a user visits the forum (during creation of the session). LDAP-ROOT and LDAP-Searchbase should be admin options.
If the CN changes, a new forum account will be created. We could perhaps develop a script, that checks, if all the forum members still are active in the AD. Inactive accounts or accounts that have been deleted could be locked.
Ralf
|
 |
|
timd
Starting Member
United Kingdom
7 Posts |
Posted - 17 July 2002 : 09:12:43
|
I've put a similar post elsewhere, but this seems to be the closest to what I'm looking for....if we can implement AD, then surely we can implement NDS? Is anyone else looking as authenticating through NDS?
I found an ODBC driver for NDS on Novell's site (http://developer.novell.com/ndk/odbc.htm) which allows you to read the NDS details as relational tables. So you can connect to NDS like any other data source. So Ralf's code above may be usable (with tweaking) for NDS as well.
So far I reckon this'll give me my user list (ie save users having to initially sign-up), but I don't know whether I can use it for authentication. I don't want to be passing people's login passwords around the network if I can avoid it, but I don't know enough about how NDS works to get round this - also (thankfully!) there don't appear to be any passwords stored in the NDS 'tables'. When a user's logged in, is there some sort of hash code generated like with NT, which could be used to authenticate the user?
I don't know if I'm really asking a specific question here - I'm really just putting down thoughts - if any of it's way off-beam, I'm very happy to be corrected.
Cheers,
Tim.
|
 |
|
Nikkol
Forum Moderator
    
USA
6907 Posts |
Posted - 17 July 2002 : 11:13:01
|
Tim, ADSI includes methods for connecting to NDS. I haven't investigated since we aren't on a Novell network, but look at Microsoft's ADSI SDK for info on how to connect to NDS.
Nikkol |
 |
|
AkulaSSN
Starting Member
6 Posts |
Posted - 18 July 2002 : 04:37:56
|
quote:
I included inc_activedirectory.asp in register.asp and edited the lines for populating the default values in the members table (near line 211).
Ralf
Hi, i'm being thick as 2 planks on this. I can see the line... strSql = strSql & ", " & "'" & chkString(Request.Form("Email"),"SQLString") & "'"
But really don't know how to call the getademail function here. :-(
any help really would be appreciated. Adie
|
 |
|
Topic  |
|