Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 Help Groups for Snitz Forums 2000 Users
 Help: Authentication: NT
 Active Directory and Snitz
 New Topic  Topic Locked
 Printer Friendly
Next Page
Author Previous Topic Topic Next Topic
Page: of 2

bdinicola
Starting Member

USA
14 Posts

Posted - 20 May 2002 :  13:00:17  Show Profile  Visit bdinicola's Homepage  Send bdinicola an AOL message  Send bdinicola an ICQ Message
Is anyone working on implementing Active Directory authentication into Snitz?

Thanks!
Billie


j26121968
Starting Member

2 Posts

Posted - 01 June 2002 :  18:05:32  Show Profile
Yes, we're going to implement this behavour. All works fine except the use of NT Groups...

Go to Top of Page

LaurieS
Starting Member

USA
2 Posts

Posted - 19 June 2002 :  15:31:10  Show Profile
quote:

Yes, we're going to implement this behavour. All works fine except the use of NT Groups...




What doesn't work with the NT Groups? I've set up a few things testing here and it seems to work fine.

Go to Top of Page

purnhar
Starting Member

8 Posts

Posted - 20 June 2002 :  02:43:11  Show Profile
I implemented AD-integration using NT-Authentification. When NT-Authentication is used, new users are automatically registered to the forum. Their name and email adress is extracted from active directory in register.asp. Perhaps we should merge our efforts.

Global NT-Groups work like expected (using the default implementation from Snitz 4.0 Beta 03). Is there a function to discover if a user is member of a local group?

Regards,
Ralf
Go to Top of Page

mradel
Starting Member

2 Posts

Posted - 09 July 2002 :  18:34:11  Show Profile
Has anyone successfully implemented Snitz using AD? What version of Snitz and were any mods needed? We are REALLY looking to do this quickly and any assistance would be MUCH appreciated.

Thanks!
Go to Top of Page

purnhar
Starting Member

8 Posts

Posted - 10 July 2002 :  11:03:06  Show Profile
In our implementation we modified register.asp to retrieve user-information from active directory, when a user (nt-authenticated with AutoLogon enabled) enteres the forum for the first time. This way the fields name, lastname and email are populated from AD. Currently there are two problems:

1. AD root is hard coded into the asp-file. It would be better, if a configuration option could be integrated to switch on AD access und specify parameters like AD root and searchbase.

2. AD information is only retrieved during authentication. If AD information changes (for example the email adress) the profile in the forum is not updated.

Ralf

Go to Top of Page

mradel
Starting Member

2 Posts

Posted - 10 July 2002 :  17:34:58  Show Profile
Ralf

Being a newbie to both Snitz and AD, can you (or anyone else who has it working) please post or send the code that you used?

Thanks so much!

mradel


Go to Top of Page

AkulaSSN
Starting Member

6 Posts

Posted - 15 July 2002 :  16:00:48  Show Profile  Send AkulaSSN an ICQ Message
quote:

In our implementation we modified register.asp to retrieve user-information from active directory, when a user (nt-authenticated with AutoLogon enabled) enteres the forum for the first time. This way the fields name, lastname and email are populated from AD. Currently there are two problems:

1. AD root is hard coded into the asp-file. It would be better, if a configuration option could be integrated to switch on AD access und specify parameters like AD root and searchbase.

2. AD information is only retrieved during authentication. If AD information changes (for example the email adress) the profile in the forum is not updated.

Ralf





How did you manage to get Snitz to use the email address from the Active Directory? I've been looking at various posts, but am unsure of how to proceed to try this out. Any Help would be much appreciated.

Go to Top of Page

purnhar
Starting Member

8 Posts

Posted - 16 July 2002 :  03:37:12  Show Profile
Ok. Here is my inc_activedirectory.asp
You have to customize the consts LDAP_STRING and LDAP_SEARCH.
I included the file in register.asp and used the provided functions
to initialize the corresponding fields with values from the AD.

Ralf

inc_activedirectory.asp:

Dim oADUser
Dim sADUser

Set oADUser = Nothing
sADUser = ""

Const LDAP_STRING = "LDAP://your.domain.com/"
Const LDAP_SEARCH = "DC=your,DC=domain,DC=com"

Function findADUser(rsID)

Dim oDB
Dim oRS

Dim oUser

Set oDB = CreateObject("ADODB.Connection")
oDB.Provider = "ADsDSOObject"
oDB.Open "Active Directory Provider"

Set oRS = oDB.Execute("select AdsPath from '" & LDAP_STRING & LDAP_SEARCH & "' where name='" & rsID & "' and objectclass='user' and objectclass<>'computer'")

If oRS.EOF Then
Set oUser = Nothing
Else
Set oUser = GetObject(oRS("AdsPath"))
End If

Set findAdUser = oUser

Set oUser = Nothing
Set oRS = Nothing
Set oDB = Nothing

End Function

Sub getADUser()
If (oADUser Is Nothing and not (sADUser = strDBNTUserName)) Then
Set oADUser = findADUser(strDBNTUserName)
sADUser = strDBNTUserName
End If
End Sub

Function getADField(sFieldName)
On Error Resume Next
getADUser()
sValue = oADUser.Get(sFieldName)
If err.number = 0 Then
getADField = sValue
Else
getADField = ""
End If
On Error Goto 0
End Function

Function getADEmail()
sEmail = getADField("mail")
if (sEmail = "") Then
sEmail = strDBNTUserName & "@local"
end if
getADEmail = sEmail
End Function

Function getADFirstName()
getADFirstName = getADField("givenName")
End Function

Function getADLastName()
getADLastName = getADField("sn")
End Function

Function getADFullName()
If (getADLastName = "" or getADFirstName = "") Then
fullName = getADField("description")
If (fullName = "") Then
fullName = getADField("displayName")
If (fullName = "") Then
fullName = sADUser
End If
End If
Else
fullName = getADLastName() & ", " & getADFirstName
End If
getADFullName = fullName
End Function

%>



Edited by - purnhar on 16 July 2002 03:39:42
Go to Top of Page

Nikkol
Forum Moderator

USA
6907 Posts

Posted - 16 July 2002 :  06:58:10  Show Profile
quote:

2. AD information is only retrieved during authentication. If AD information changes (for example the email adress) the profile in the forum is not updated.


I haven't integrated AD into snitz (yet), but seems like this could be either an admin option to update email addresses -or- an option in the user's profile to grab their new address. The only problem would be if the user's CN was changed as well.

Nikkol
Go to Top of Page

AkulaSSN
Starting Member

6 Posts

Posted - 16 July 2002 :  09:45:38  Show Profile  Send AkulaSSN an ICQ Message
quote:

Ok. Here is my inc_activedirectory.asp
You have to customize the consts LDAP_STRING and LDAP_SEARCH.
I included the file in register.asp and used the provided functions
to initialize the corresponding fields with values from the AD.

Ralf



Thanks for listing that code, i've popped in onto the forums (with correct ldap names), but am unsure of where to add the "getademail" function to actually pull the email address from the active directory.

Go to Top of Page

purnhar
Starting Member

8 Posts

Posted - 17 July 2002 :  03:06:21  Show Profile
quote:


Thanks for listing that code, i've popped in onto the forums (with correct ldap names), but am unsure of where to add the "getademail" function to actually pull the email address from the active directory.




I included inc_activedirectory.asp in register.asp and edited the lines
for populating the default values in the members table (near line 211).

Ralf

Go to Top of Page

purnhar
Starting Member

8 Posts

Posted - 17 July 2002 :  03:15:17  Show Profile
quote:

I haven't integrated AD into snitz (yet), but seems like this could be either an admin option to update email addresses -or- an option in the user's profile to grab their new address. The only problem would be if the user's CN was changed as well.




AD integration should be an admin-option. IMHO it's only usefull with NT-Authentication and maybe Autologin enabled. The user information should be read from the AD everytime, a user visits the forum (during creation of the session). LDAP-ROOT and LDAP-Searchbase should be admin options.

If the CN changes, a new forum account will be created. We could perhaps develop a script, that checks, if all the forum members still are active in the AD. Inactive accounts or accounts that have been deleted could be locked.

Ralf

Go to Top of Page

timd
Starting Member

United Kingdom
7 Posts

Posted - 17 July 2002 :  09:12:43  Show Profile  Visit timd's Homepage
I've put a similar post elsewhere, but this seems to be the closest to what I'm looking for....if we can implement AD, then surely we can implement NDS? Is anyone else looking as authenticating through NDS?

I found an ODBC driver for NDS on Novell's site (http://developer.novell.com/ndk/odbc.htm) which allows you to read the NDS details as relational tables. So you can connect to NDS like any other data source. So Ralf's code above may be usable (with tweaking) for NDS as well.

So far I reckon this'll give me my user list (ie save users having to initially sign-up), but I don't know whether I can use it for authentication. I don't want to be passing people's login passwords around the network if I can avoid it, but I don't know enough about how NDS works to get round this - also (thankfully!) there don't appear to be any passwords stored in the NDS 'tables'. When a user's logged in, is there some sort of hash code generated like with NT, which could be used to authenticate the user?

I don't know if I'm really asking a specific question here - I'm really just putting down thoughts - if any of it's way off-beam, I'm very happy to be corrected.

Cheers,

Tim.

Go to Top of Page

Nikkol
Forum Moderator

USA
6907 Posts

Posted - 17 July 2002 :  11:13:01  Show Profile
Tim,
ADSI includes methods for connecting to NDS. I haven't investigated since we aren't on a Novell network, but look at Microsoft's ADSI SDK for info on how to connect to NDS.

Nikkol
Go to Top of Page

AkulaSSN
Starting Member

6 Posts

Posted - 18 July 2002 :  04:37:56  Show Profile  Send AkulaSSN an ICQ Message
quote:


I included inc_activedirectory.asp in register.asp and edited the lines
for populating the default values in the members table (near line 211).

Ralf



Hi, i'm being thick as 2 planks on this. I can see the line...
strSql = strSql & ", " & "'" & chkString(Request.Form("Email"),"SQLString") & "'"

But really don't know how to call the getademail function here. :-(

any help really would be appreciated.
Adie

Go to Top of Page
Page: of 2 Previous Topic Topic Next Topic  
Next Page
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.15 seconds. Powered By: Snitz Forums 2000 Version 3.4.07