ADAM attribute value

A

Ajay Bansal

We are trying to find the value of the "objectClass" attribute in ADAM.

For this we wrote the following code :



char *attrs[2] = {"objectClass", NULL};

LDAPMessage* result = NULL;



int nResult = ldap_search_s (ld, "dc=abcd,dc=com", LDAP_SCOPE_SUBTREE,
"objectClass=*", attrs, 0, &result);



if (nResult != LDAP_SUCCESS)

{

return LDAPUTIL_GETVERSIONFAIL;

}



int nentries = ldap_count_entries(ld, result);



if (nentries <= 0)

{

if (result != NULL)

ldap_msgfree (result);



return LDAPUTIL_SUCCESS;

}



LDAPMessage* e = ldap_first_entry (ld, result);

char** vals = ldap_get_values (ld, e, attrs[0] );

int i=0;

if (vals != NULL)

{

if (vals != NULL)

{

cout<<"\n val "<<vals<<endl;

i++;

}

ldap_value_free (vals);

}



if (result != NULL)

ldap_msgfree (result);



nResult = ldap_compare_s (ld, dcRoot, "objectClass","domainDNS");

if ((nResult == LDAP_COMPARE_TRUE))

{

cout<<"Active Directory Application Mode(ADAM)";

return LDAP_SUCCESS;

}



Actually,our main aim is to find the value of objectClass for ADAM(Active
Directory Application Mode)for use in ldap_compare_s().This is why we wrote
the code above to find the value of the objectclass parameter.



I have the following questions:

1)We have observed that domainDNS works for Active Directory.Does it also
work for ADAM? In our case,it does not.If it does not,what is the attribute
value of objectClass in case of ADAM?In my case, ldap_compare_s returns the
value 0x10 which means that the attribute does not exist. However,in ADAM ,I
can clearly see the attribute.But when I give this value in
ldap_compare_s(), it returns the error code 0x10.

Is there any other attribute which can be used to identify the dc objects on
ADAM just as objectclass and its value domainDNS work for Active Directory.

2)ldap_get_values() returns a NULL .What could be the possible solution?

3) I have also come to know that the RootDSE - defaultNamingContext is not
populated by default as it is in Active Directory. You have to populate this
attribute manually. How do we do that ?



My configuration settings:

Root DN : dc=abcd,dc=com

Regards
Ajay
 
D

Dmitri Gavrilov [MSFT]

Comments and answers inline.

--
Dmitri Gavrilov
SDE, Active Directory Core

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Ajay Bansal said:
We are trying to find the value of the "objectClass" attribute in ADAM.

For this we wrote the following code :



char *attrs[2] = {"objectClass", NULL};

LDAPMessage* result = NULL;



int nResult = ldap_search_s (ld, "dc=abcd,dc=com", LDAP_SCOPE_SUBTREE,
"objectClass=*", attrs, 0, &result);
Click to expand...

You don't need to do a subtree search here, LDAP_SCOPE_BASE is more
appropriate. You are just reading one object, right?
if (nResult != LDAP_SUCCESS)

{

return LDAPUTIL_GETVERSIONFAIL;

}



int nentries = ldap_count_entries(ld, result);



if (nentries <= 0)

{

if (result != NULL)

ldap_msgfree (result);



return LDAPUTIL_SUCCESS;

}



LDAPMessage* e = ldap_first_entry (ld, result);

char** vals = ldap_get_values (ld, e, attrs[0] );

int i=0;

if (vals != NULL)

{

if (vals != NULL)

{

cout<<"\n val "<<vals<<endl;

i++;

}

ldap_value_free (vals);

}



if (result != NULL)

ldap_msgfree (result);



nResult = ldap_compare_s (ld, dcRoot, "objectClass","domainDNS");

if ((nResult == LDAP_COMPARE_TRUE))

{

cout<<"Active Directory Application Mode(ADAM)";

return LDAP_SUCCESS;

}



Actually,our main aim is to find the value of objectClass for ADAM(Active
Directory Application Mode)for use in ldap_compare_s().This is why we wrote
the code above to find the value of the objectclass parameter.
Click to expand...


There's no objectClass for ADAM. You are reading the objectClass of a
specific object in ADAM. It could be something else. For example, if you
create o=org,dc=com, then the objectClass will be "organization". What are
you after? Do you want to detect whether you are talking to ADAM or AD vs.
some other LDAP directory? If so, you should read
rootDSE/supportedCapabilities value and look for AD and ADAM OIDs there.
I have the following questions:

1)We have observed that domainDNS works for Active Directory.Does it also
work for ADAM? In our case,it does not.If it does not,what is the attribute
value of objectClass in case of ADAM?In my case, ldap_compare_s returns the
value 0x10 which means that the attribute does not exist. However,in ADAM ,I
can clearly see the attribute.But when I give this value in
ldap_compare_s(), it returns the error code 0x10.
Click to expand...

You are getting LDAP_NO_SUCH_ATTRIBUTE. Most likely because your bind did
not succeed. ADAM considers you anonymous and does not let you read
anything.
Is there any other attribute which can be used to identify the dc objects on
ADAM just as objectclass and its value domainDNS work for Active
Click to expand...
Directory.

Read supportedCapabilities as I described below. That's the correct way.
2)ldap_get_values() returns a NULL .What could be the possible solution?
Click to expand...

Do a successful bind, make sure the user accessing ADAM has sufficient
permissions to read whatever he is reading.
3) I have also come to know that the RootDSE - defaultNamingContext is not
populated by default as it is in Active Directory. You have to populate this
attribute manually. How do we do that ?
Click to expand...

Set msDS-defaultNamingContext on the dsa object. This is defined in the
docs.
 
A

Ajay Bansal

Hi Dmitri,

Thanks a lot. This helped us a lot.

Regards
Ajay
Dmitri Gavrilov said:
Comments and answers inline.

--
Dmitri Gavrilov
SDE, Active Directory Core

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Ajay Bansal said:
We are trying to find the value of the "objectClass" attribute in ADAM.

For this we wrote the following code :



char *attrs[2] = {"objectClass", NULL};

LDAPMessage* result = NULL;



int nResult = ldap_search_s (ld, "dc=abcd,dc=com", LDAP_SCOPE_SUBTREE,
"objectClass=*", attrs, 0, &result);
Click to expand...

You don't need to do a subtree search here, LDAP_SCOPE_BASE is more
appropriate. You are just reading one object, right?
if (nResult != LDAP_SUCCESS)

{

return LDAPUTIL_GETVERSIONFAIL;

}



int nentries = ldap_count_entries(ld, result);



if (nentries <= 0)

{

if (result != NULL)

ldap_msgfree (result);



return LDAPUTIL_SUCCESS;

}



LDAPMessage* e = ldap_first_entry (ld, result);

char** vals = ldap_get_values (ld, e, attrs[0] );

int i=0;

if (vals != NULL)

{

if (vals != NULL)

{

cout<<"\n val "<<vals<<endl;

i++;

}

ldap_value_free (vals);

}



if (result != NULL)

ldap_msgfree (result);



nResult = ldap_compare_s (ld, dcRoot, "objectClass","domainDNS");

if ((nResult == LDAP_COMPARE_TRUE))

{

cout<<"Active Directory Application Mode(ADAM)";

return LDAP_SUCCESS;

}



Actually,our main aim is to find the value of objectClass for ADAM(Active
Directory Application Mode)for use in ldap_compare_s().This is why we wrote
the code above to find the value of the objectclass parameter.
Click to expand...


There's no objectClass for ADAM. You are reading the objectClass of a
specific object in ADAM. It could be something else. For example, if you
create o=org,dc=com, then the objectClass will be "organization". What are
you after? Do you want to detect whether you are talking to ADAM or AD vs.
some other LDAP directory? If so, you should read
rootDSE/supportedCapabilities value and look for AD and ADAM OIDs there.
I have the following questions:

1)We have observed that domainDNS works for Active Directory.Does it also
work for ADAM? In our case,it does not.If it does not,what is the attribute
value of objectClass in case of ADAM?In my case, ldap_compare_s returns the
value 0x10 which means that the attribute does not exist. However,in
Click to expand...
ADAM
,I
can clearly see the attribute.But when I give this value in
ldap_compare_s(), it returns the error code 0x10.
Click to expand...

You are getting LDAP_NO_SUCH_ATTRIBUTE. Most likely because your bind did
not succeed. ADAM considers you anonymous and does not let you read
anything.
Is there any other attribute which can be used to identify the dc
Click to expand...
objects
on
ADAM just as objectclass and its value domainDNS work for Active
Click to expand...
Directory.

Read supportedCapabilities as I described below. That's the correct way.
2)ldap_get_values() returns a NULL .What could be the possible solution?
Click to expand...

Do a successful bind, make sure the user accessing ADAM has sufficient
permissions to read whatever he is reading.
3) I have also come to know that the RootDSE - defaultNamingContext is not
populated by default as it is in Active Directory. You have to populate this
attribute manually. How do we do that ?
Click to expand...

Set msDS-defaultNamingContext on the dsa object. This is defined in the
docs.
My configuration settings:

Root DN : dc=abcd,dc=com

Regards
Ajay
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Adding Class in Active Directory Schema through LDAP 1
ADAM SCP and replication issues 0
Ldap Search - Operations error. 7
System.DirectoryServices - Constraint violation 5
System.DirectoryServices questions 4
checking for / accessing custom attribute fails with 0x8000500c 5
fieldnames for csvde command 3
LDIFDE: member attribute returns a list of characters, instead of user name. 1

Top