ADAM- problem binding to newly created user

Discussion in 'Active Directory' started by Darren Sonderfan, Nov 8, 2004.

  1. Hello, after creating a new user and assigning it a new password, I cannot
    successfully bind to the new user. I disabled the requirement for SSL in
    basic authentication by using the ds-behavior option in Dsmgmt.exe. Using
    the ldp.exe tool to connect to the rootDSE , I can bind with the new
    credentials (newUPN and newPassword), so I believe the password was updated
    succesfully. But programmatically I cannot bind. Below is code. Am I
    missing something? Thanks for any suggestions in advance.

    -Darren (a newbie to ADAM)

    // adam instance in running on Windows server 2003 and listening on port
    // 64389 with a domainDNS named AdamOnWinServer2003

    const long ADS_OPTION_PASSWORD_PORTNUMBER = 6;
    const long ADS_OPTION_PASSWORD_METHOD = 7;
    const int ADS_PASSWORD_ENCODE_CLEAR = 1;

    string newUserName = "Bill";
    string newUPN = "";
    string newLastName = "Gates";
    string newDisplayName = newUserName + " " + newLastName;
    string newPassword = "secret1234SECRET";

    int port = 64389;

    AuthenticationTypes AuthTypes = AuthenticationTypes.Signing |
    AuthenticationTypes.Sealing |
    AuthenticationTypes.Secure;

    DirectoryEntry dirEntryRoot;
    dirEntryRoot = new
    DirectoryEntry("LDAP://winServer2003.local:64389/DC=AdamOnWinServer2003" userName, password, AuthTypes);

    DirectoryEntries des = dirEntryRoot.Children;

    DirectoryEntry de = des.Add("CN=" + newLastName, "user");

    de.Properties["userPrincipalName"].Add(newUPN);
    de.Properties["msDS-UserAccountDisabled"].Add(false);

    de.CommitChanges();

    try
    {
    de.Invoke("SetOption", new object[]{ADS_OPTION_PASSWORD_PORTNUMBER,
    port});
    de.Invoke("SetOption", new object[]
    { ADS_OPTION_PASSWORD_METHOD, ADS_PASSWORD_ENCODE_CLEAR});

    de.Invoke("SetPassword", new object[] {"secret123SECRET"});
    de.CommitChanges();

    }
    catch (Exception e)
    {return;}

    // Now try to connect (bind) using the new password

    DirectoryEntry deNewUser;

    string strPath = String.Concat("LDAP://winServer2003.local:64389");


    // Bind to user object using LDAP port.

    try
    {
    deNewUser = new DirectoryEntry(strPath, newUPN, newPassword,
    AuthTypes);
    }
    catch (Exception e)
    {return;}

    // This is where it throws the exception

    try
    {
    deNewUser.RefreshCache();
    }
    catch (Exception e)
    {
    Console.WriteLine("Error: refreshing cache");
    Console.WriteLine( e.ToString() );
    return;
    }
     
    Darren Sonderfan, Nov 8, 2004
    #1
    1. Advertisements

  2. Ah, you can't use Secure bind for ADAM users. That is only for Windows/AD
    users. For ADAM users, you should specify AuthenticationTypes.None (or
    AuthenticationTypes.SecureSocketsLayer if you have a cert set up).

    HTH,

    Joe K.
     
    Joe Kaplan \(MVP - ADSI\), Nov 8, 2004
    #2
    1. Advertisements

  3. Thank you Joe,

    It seems one has to use AuthenticationTypes.Secure for NT users and
    AuthenticationTypes.none for ADAM users.

    -Darren
     
    Darren Sonderfan, Nov 8, 2004
    #3
  4. That's exactly right. If ADAM has an SSL cert, you can also use
    SecureSocketsLayer for ADAM user binds. This will protect the credentials
    on the network as otherwise they are sent in clear text. Thus, having an
    SSL cert for ADAM is probably a good idea.

    Joe K.
     
    Joe Kaplan \(MVP - ADSI\), Nov 8, 2004
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.