I've been working on adding LDAP authentication to a GCN site I'm developing for work. I work at a university and we have an AD setup. To this end, I used the code provided from Microsoft for an LDAP login and got the example working successfully.

(see link http://support.microsoft.com/default.aspx?scid=kb;en;316748)

I've spent the last week trying to convert/integrate this for use in GCN without much success. The complexity of the login structure of GCN is making my head spin. Has anyone done this already? And more importantly, would you share your code?

Thanx for your help,

Bob "JohnnyNoir" Singer

I got it working for the AD/LDAP login. I'm going to try convert this for an iPlanet LDAP server login next. Here's my changes for GCN:

Do this first before making any changes to the code: Add the Active Directory account as to the site and
make them an administrator.

Otherwise, you'll have to edit the Community table manually later. I had to do this using SQL Enterprise
Manager. I opened the Community_UsersInRoles table and renamed the Admin account using my AD username.

_____________________________________________________________________________________________

community\communities\common\themes\default\skins\contentskins\users_login.ascx
_____________________________________________________________________________________________

added to the table above the checkbox definition

<tr>
<td><span class="Form_LabelText">Domain:</span></td>
<td><asp:textbox id="txtDomain" CssClass="Form_Field" runat="server" Width="150" Columns="20"></asp:textbox></td>
</tr>

_____________________________________________________________________________________________

community\engine\framework\users\content\login.cs
_____________________________________________________________________________________________

added to class Login : SkinnedCommunityControl

TextBox txtDomain;

added to the InitializeSkin control

// Find the Domain TextBox
txtDomain = (TextBox)GetControl(skin, "txtDomain");

replaced in btnLogin_Click control

replaced this:

switch ( UserUtility.LoginUser(txtUsername.Text,txtPassword.Text) )

with this:

switch ( UserUtility.LoginUser(txtUsername.Text,txtPassword.Text,txtDomain.Text) )

____________________________________________________________________________________________

community\engine\framework\users\components\UserUtility
____________________________________________________________________________________________

added to public class UserUtility

private static String _path =
"LDAP://<fqdn of your AD server>/DC=<netbios name of your domain>";
private static String _filterAttribute;

replaced LoginUser method

public static int LoginUser(string username, string password, string domain){

string domainAndUsername = domain + @"\" + username;
int neg = 1;
int pos = 0;


DirectoryEntry entry = new DirectoryEntry( _path, domainAndUsername, password);
try
{
// Bind to the native AdsObject to force authentication.
//Object obj = entry.NativeObject;
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(SAMAccountName=" + username + ")";
search.PropertiesToLoad.Add("CN");
SearchResult result = search.FindOne();
if(null == result)
{
return neg;
}
// Update the new path to the user in the directory
_path = result.Path;
_filterAttribute = (string)result.Properties["cn"][0];
}
catch (Exception ex)
{
throw new Exception("Error authenticating user. " + ex.Message);
}
//automatically adds AD authenticated user to SQL db
SqlConnection conPortal = new SqlConnection(CommunityGlobals.ConnectionString);
SqlCommand cmdAdd = new SqlCommand("Community_UsersRegisterUser", conPortal);
cmdAdd.CommandType = CommandType.StoredProcedure;
cmdAdd.Parameters.Add("@RETURN_VALUE", SqlDbType.Int).Direction = ParameterDirection.ReturnValue;
cmdAdd.Parameters.Add("@communityID", CommunityGlobals.CommunityID);
cmdAdd.Parameters.Add("@username", username);
cmdAdd.Parameters.Add("@password", "fakepassword");
cmdAdd.Parameters.Add("@email", "");
cmdAdd.Parameters.Add("@firstName", "");
cmdAdd.Parameters.Add("@lastName", "");
cmdAdd.Parameters.Add("@timezone", "");
cmdAdd.Parameters.Add("@occupation", "");
cmdAdd.Parameters.Add("@location", "");
cmdAdd.Parameters.Add("@interests", "");
cmdAdd.Parameters.Add("@msn", "");
cmdAdd.Parameters.Add("@yahoo", "");
cmdAdd.Parameters.Add("@aim", "");
cmdAdd.Parameters.Add("@icq", "");
cmdAdd.Parameters.Add("@url", "");
cmdAdd.Parameters.Add("@fakeEmail", "");
cmdAdd.Parameters.Add("@enableNewsletter", "");
cmdAdd.Parameters.Add("@enableNotifications", "");
//SMR - Enh - Begin: Private Messages
cmdAdd.Parameters.Add("@enablePrivateMessages", "");
//SMR - Enh - End: Private Messages

conPortal.Open();
cmdAdd.ExecuteNonQuery();
int retVal = (int)cmdAdd.Parameters["@RETURN_VALUE"].Value;
conPortal.Close();

return pos;
}

That's it.

This post just saved years of my life being stressed away, I thought it was going to be disgustingly harder than you made it. Thank you for this information!

How exactly does this LDAP Authentication works in a web application?

Can anybody explain me the flow?