I have a few nested groups on LDAP server and users in these groups. How can I authenticate users with given username and password by searching only in groups(not whole domain)? Does bind do this?
Asked
Active
Viewed 1,097 times
1
-
What kind of LDAP server do you have? You can restrict the scope of searching by providing a Bind OU, but I'm not sure what LDAP service are you using. – Am_I_Helpful Jul 10 '18 at 12:17
-
I don't know, I have only list od domains and groups such as domainName.com dc=first, dc = second, ou = third... And users and passwords are stored in that ou group, but of course, I can't see them. I need just to check are they in that groups and does password is correct. Can I do this with just bind method? – aurora93 Jul 10 '18 at 12:26
-
Actually, I asked for the type of LDAP Server. Can you confirm if it is a Microsoft based Windows Active Directory server? – Am_I_Helpful Jul 10 '18 at 12:36
-
Yes, it is. I have access using either Novell.Directory.Ldap or System.DirectoryServices.Protocols LdapConnection classes. – aurora93 Jul 10 '18 at 12:45
1 Answers
1
As confirmed by you in the comment section of this question, the LDAP server you're talking about is an Active Directory server. So, my answer is based on this famous answer about how to validate a username and password against Active Directory, except that I've made a modification based on your requirement to limit the scope of search.
If you work on .NET 3.5 or newer, you can use the System.DirectoryServices.AccountManagement namespace's PrincipalContext Constructor (ContextType, String, String) and easily verify your credentials:
// create a "principal context"
using(PrincipalContext pc = new PrincipalContext(ContextType.Domain, "YOUR.DOMAIN",
"OU=Where,OU=You,OU=Wanna,OU=Search,DC=YOUR,DC=DOMAIN"))
// change your container to a base OU where all your users are located.
{
// validate the credentials
bool isValid = pc.ValidateCredentials("myuser", "mypassword");
}
Am_I_Helpful
- 18,735
- 7
- 49
- 73