CODEWITHSUNDEEP
c#f#ldap
Wojciech Szabowicz
Wojciech Szabowicz

Reputation: 4198

Getting user group in LDAP using Novell.Directory.Ldap.NETStandard

I have simple service that gets user details using Novell.Directory.Ldap.NETStandard and F# (I can provide transcript for c# if that is necessary, but this part is very similar) and it looks like this:

use connection = new LdapConnection();
connection.Connect(credentials.host, LdapConnection.DefaultPort);
connection.Bind($"{credentials.domain}\{credentials.username}", credentials.password);
match connection.Connected with
| true ->   
    let schema = connection.FetchSchema((connection.GetSchemaDn()));
    let filter = $"(SAMAccountName={credentials.username})"
    let searcher = connection.Search(String.Empty, LdapConnection.ScopeBase, filter, null, false);
    return (searcher |> Some, String.Empty)

| false -> 
    raise (Exception()) 
    return (None, $"Cannot connect to domain {credentials.domain} with user {credentials.username}")

Now I cant find information about group that this user is assign to, normally when I use Directory.Service I just add:

directorySearcher.Filter <- sprintf "(SAMAccountName=%s)"credentials.username

To directory searcher and I can filter this information out (as Directory.Service is windows limited i can not use it in this project), but I can not find any information how to use it in Novell.Directory.Ldap.

Upvotes: 0

Views: 1890

Answers (2)

Carlos Sua
Carlos Sua

Reputation: 1

Make sure you use StringValueArray instead of String value as it will cut off the groups they are a part of

 LdapAttributeSet attributeSet = nextEntry.GetAttributeSet();
 System.Collections.IEnumerator ienum = attributeSet.GetEnumerator();
 while (ienum.MoveNext())
 {
     LdapAttribute attribute = (LdapAttribute)ienum.Current;
     string attributeName = attribute.Name;
     string[] attributeVal = attribute.StringValueArray;
     foreach (string val in attributeVal)
     {
         if (val.Contains("AD_GROUP"))
         {
             isPartOfGroup = true;
         }
     }

     Console.WriteLine(attributeName + "value:" + attributeVal);

Upvotes: 0

EricLavault
EricLavault

Reputation: 16035

You have to provide the required attributes (ie. memberOf in order to read user's group) as an array of strings instead of null when calling Search() :

let attrs = [| "SAMAccountName"; "memberOf"; |];
let searcher = connection.Search(searchbase, scope, filter, attrs, false);

You can also pass "*" to get all non-operational attributes.

Upvotes: 2

Related Questions