LDAP lookup: fails on remote computers -- Please help

  • Thread starter Thread starter Jay
  • Start date Start date
J

Jay

I have a simple LDAP query (grabs all users from a particular AD group and
populates a checkboxlist) that works perfectly fine on the development
machine logged on locally as any user. When I access the website and run
the query from a client however the query fails to run. Someone please
help?

Here's the code for the query (in CheckBoxListsFill sub):

'Impersonate the Windows AD user running the application
Dim impersonationContext As
System.Security.Principal.WindowsImpersonationContext
Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity
currentWindowsIdentity = CType(User.Identity,
System.Security.Principal.WindowsIdentity)
impersonationContext = currentWindowsIdentity.Impersonate()

Try
'Fill Approvers checkbox lists from AD LDAP
'Get all users in the G_SCA_Change_Control_Approvers group
Dim Approvers_entry As New
DirectoryEntry("LDAP://CN=G_SCA_Change_Control_Approvers,OU=Groups,DC=sca,DC
=hin,DC=sk,DC=ca")
Dim Approvers_result As String
Dim entry As New DirectoryEntry("LDAP://SCA")
Dim searcher As New DirectorySearcher(entry)
Dim result As SearchResult
Dim results As SearchResultCollection
searcher.PropertiesToLoad.Add("samAccountName")

'Get the members of the group
For Each Approvers_result In Approvers_entry.Properties("member")
Approvers_result = Approvers_result.ToString.Split(",")(0)
Approvers_result = Approvers_result.ToString.Split("=")(1)
'Find the samAccountName of the current Approvers_result
searcher.Filter = ("(&(objectClass=person)(cn=" & Approvers_result &
"))")
result = searcher.FindOne
cblApprovers.Items.Add(New
ListItem(result.Properties("samAccountName")(0).ToString))
Next

Catch ex As Exception
Response.Write(ex.Message)
End Try
impersonationContext.Undo()

And here's the error message I get as any remote client running the web
page:

Source Error:

An unhandled exception was generated during the execution of the
current web request. Information regarding the origin and location of the
exception can be identified using the exception stack trace below.

Stack Trace:

[COMException (0x80072020): An operations error occurred]
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +513
System.DirectoryServices.DirectoryEntry.Bind() +10
System.DirectoryServices.DirectoryEntry.get_AdsObject() +10
System.DirectoryServices.PropertyValueCollection.PopulateList() +234
System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
+45
Change_Request.frmNewRequest.CheckBoxListsFill() +210
Change_Request.frmNewRequest.Page_Load(Object sender, EventArgs e) +395
System.Web.UI.Control.OnLoad(EventArgs e) +67
System.Web.UI.Control.LoadRecursive() +35
System.Web.UI.Page.ProcessRequestMain() +731

Like I said, any help in this would be very very much appreciated.

Thanks in advance,

Jason
 
I've looked in the 'rights' section in user manager and nothing jumps out at
me as to which right the aspnet user requires. I couldn't find anything on
the provide link either. Could you be more specific please?

Thanks again,

Jay
 
unless you are using digest (and have delagation turned on), credentials
will not delegate. you will have to have your code impersonate a primary
token with access to the ad.

-- bruce (sqlwork.com)



Jay said:
I have a simple LDAP query (grabs all users from a particular AD group and
populates a checkboxlist) that works perfectly fine on the development
machine logged on locally as any user. When I access the website and run
the query from a client however the query fails to run. Someone please
help?

Here's the code for the query (in CheckBoxListsFill sub):

'Impersonate the Windows AD user running the application
Dim impersonationContext As
System.Security.Principal.WindowsImpersonationContext
Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity
currentWindowsIdentity = CType(User.Identity,
System.Security.Principal.WindowsIdentity)
impersonationContext = currentWindowsIdentity.Impersonate()

Try
'Fill Approvers checkbox lists from AD LDAP
'Get all users in the G_SCA_Change_Control_Approvers group
Dim Approvers_entry As New
DirectoryEntry("LDAP://CN=G_SCA_Change_Control_Approvers,OU=Groups,DC=sca,DC
=hin,DC=sk,DC=ca")
Dim Approvers_result As String
Dim entry As New DirectoryEntry("LDAP://SCA")
Dim searcher As New DirectorySearcher(entry)
Dim result As SearchResult
Dim results As SearchResultCollection
searcher.PropertiesToLoad.Add("samAccountName")

'Get the members of the group
For Each Approvers_result In Approvers_entry.Properties("member")
Approvers_result = Approvers_result.ToString.Split(",")(0)
Approvers_result = Approvers_result.ToString.Split("=")(1)
'Find the samAccountName of the current Approvers_result
searcher.Filter = ("(&(objectClass=person)(cn=" & Approvers_result &
"))")
result = searcher.FindOne
cblApprovers.Items.Add(New
ListItem(result.Properties("samAccountName")(0).ToString))
Next

Catch ex As Exception
Response.Write(ex.Message)
End Try
impersonationContext.Undo()

And here's the error message I get as any remote client running the web
page:

Source Error:

An unhandled exception was generated during the execution of the
current web request. Information regarding the origin and location of the
exception can be identified using the exception stack trace below.

Stack Trace:

[COMException (0x80072020): An operations error occurred]
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +513
System.DirectoryServices.DirectoryEntry.Bind() +10
System.DirectoryServices.DirectoryEntry.get_AdsObject() +10
System.DirectoryServices.PropertyValueCollection.PopulateList() +234
System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
+45
Change_Request.frmNewRequest.CheckBoxListsFill() +210
Change_Request.frmNewRequest.Page_Load(Object sender, EventArgs e) +395
System.Web.UI.Control.OnLoad(EventArgs e) +67
System.Web.UI.Control.LoadRecursive() +35
System.Web.UI.Page.ProcessRequestMain() +731

Like I said, any help in this would be very very much appreciated.

Thanks in advance,

Jason
 
Back
Top