Writing to AD using LDAP/C#

R

Robert Iver

Hello,

I am developing an application in C# using VS .NET 2005 that
will be accessing and updating Active Directory via LDAP. So, far I
have written the main portions, but now I am stuck on the code to
CHANGE and ADD/DELETE entries.

I'm pretty sure my problem is security related, but I can't
quite narrow it down. I bind to the root of the AD domain using an
account that is a Domain Admin on the AD server itself, HOWEVER....
the actual application is running on a user's workstation presumably
as the local system account.

Is there a way to "impersonate" this domain admin user like you
can in ASP.NET applications? I can do everything I want to do with AD
except CHANGE it in any way.

Thanks in advance for your help.....
 
P

Peter Bradley

It may not. The OP is asking about LDAP. The link you give uses WinNT:

<quote>
"This walkthrough used the WinNT service provider for Active Directory.
Other services are available, including the Lightweight Directory Access
Protocol (LDAP), the Novell NetWare Directory Service (NDS), and the Novell
Netware 3.x service (NWCOMPAT). Each provider provides a different set of
objects to allow you to examine and manipulate directories."
</quote>

If the OP is binding using a domain admin account, his code should work - at
least as far as security is concerned. What error messages are being
returned? Programming AD is a nightmare. There are so many things that can
go wrong. For a start there are three ways of accessing attributes when
using LDAP:
* Using the managed DirectoryEntry object
* Using the ADSI COM object wrapped by the DirectoryEntry object by calling
Invoke() on the DirectoryEntry object
* Using the wrapped COM object directly by obtaining it from a
DirectoryEntry object

Some attributes require one way: some require another. Or so it seems to
us.

Additionally, it seems that additions/alterations have to be made in some
specific, but unspecified in the documentation, order.

And finally, it seems that these requirements are different depending on
whether or not you are adding or updating an entry.


Peter
 
M

Marc Scheuner

I am developing an application in C# using VS .NET 2005 that
will be accessing and updating Active Directory via LDAP. So, far I
have written the main portions, but now I am stuck on the code to
CHANGE and ADD/DELETE entries.
Click to expand...

Can you show us some code that attempts to update your AD? Maybe it's
something else entirely... Try to limit your posting to just the
relevant pieces of code (no fluff around it), and please also try to
spell out all LDAP paths etc. that you're using - we can't look into
your variables listed in your code - thanks!

Marc
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

facing an issue querying AD using C# 4
connecting problem in vb.net with ldap to active directory 4
How can i connect LDAP and query AD to authorize Domain User Name and Password? 0
AD w/ LDAP 2
How to read ACLs in AD with dotnet managed C# ? 1
C# and LDAP 3
LDAP and Sybase connection using C# 2
LDAP + AD 3

Top