Last post Sep 26, 2012 10:11 PM by JerryHsi
None
0 Points
10 Posts
Aug 26, 2012 11:38 PM|JerryHsi|LINK
Hi,
Is it possible to have a LDAP connection string that searches across forests?
If I have 2 forests: forest A with domain A, forest B with domain B, there is a one-way trust between domain A and domain B.
Domain B is the trusted domain, domain A is the trusting domain.
Can I write a LDAP connection string that binds to domain A but able to forward users searches to domain B?
eg: LDAP://domainA - forward searches to domain B if authenticating with domain B users or LDAP://domainA/DC=domainB
LDAP
Member
50 Points
30 Posts
Sep 26, 2012 09:39 AM|lamba.rahul89|LINK
Here is you solution
string ldapBase = "LDAP://DC_DNS_NAME:389/"; string sFromWhere = ldapBase + "rootDSE"; DirectoryEntry root = new DirectoryEntry(sFromWhere, "AdminLogin", "PWD"); string configurationNamingContext = root.Properties["configurationNamingContext"][0].ToString(); /* Retreiving the root of all the domains */ sFromWhere = ldapBase + configurationNamingContext; DirectoryEntry deBase = new DirectoryEntry(sFromWhere, "AdminLogin", "PWD"); DirectorySearcher dsLookForDomain = new DirectorySearcher(deBase); dsLookForDomain.Filter = "(&(objectClass=crossRef)(nETBIOSName=*))"; dsLookForDomain.SearchScope = SearchScope.Subtree; dsLookForDomain.PropertiesToLoad.Add("nCName"); dsLookForDomain.PropertiesToLoad.Add("dnsRoot"); SearchResultCollection srcDomains = dsLookForDomain.FindAll(); foreach (SearchResult aSRDomain in srcDomains) { }
Then foreach domain, you can look for what you need.
Sep 26, 2012 10:11 PM|JerryHsi|LINK
Thank You! I used the following to do authentication:
DirectoryEntry root = new DirectoryEntry( adsPath, username, password, AuthenticationTypes.Secure | AuthenticationTypes.FastBind ); try{ object tmp = root.NativeObject; return true; }
It works ok - What do you reckon about the approach above?
http://forums.asp.net/t/1832296.aspx/1?ActiveDirectoryMembershipProvider+class+across+multiple+domains
None
0 Points
10 Posts
Cross-Forests LDAP Connection string
Aug 26, 2012 11:38 PM|JerryHsi|LINK
Hi,
Is it possible to have a LDAP connection string that searches across forests?
If I have 2 forests: forest A with domain A, forest B with domain B, there is a one-way trust between domain A and domain B.
Domain B is the trusted domain, domain A is the trusting domain.
Can I write a LDAP connection string that binds to domain A but able to forward users searches to domain B?
eg: LDAP://domainA - forward searches to domain B if authenticating with domain B users or LDAP://domainA/DC=domainB
LDAP
Member
50 Points
30 Posts
Re: Cross-Forests LDAP Connection string
Sep 26, 2012 09:39 AM|lamba.rahul89|LINK
Here is you solution
string ldapBase = "LDAP://DC_DNS_NAME:389/"; string sFromWhere = ldapBase + "rootDSE"; DirectoryEntry root = new DirectoryEntry(sFromWhere, "AdminLogin", "PWD"); string configurationNamingContext = root.Properties["configurationNamingContext"][0].ToString(); /* Retreiving the root of all the domains */ sFromWhere = ldapBase + configurationNamingContext; DirectoryEntry deBase = new DirectoryEntry(sFromWhere, "AdminLogin", "PWD"); DirectorySearcher dsLookForDomain = new DirectorySearcher(deBase); dsLookForDomain.Filter = "(&(objectClass=crossRef)(nETBIOSName=*))"; dsLookForDomain.SearchScope = SearchScope.Subtree; dsLookForDomain.PropertiesToLoad.Add("nCName"); dsLookForDomain.PropertiesToLoad.Add("dnsRoot"); SearchResultCollection srcDomains = dsLookForDomain.FindAll(); foreach (SearchResult aSRDomain in srcDomains) { }Then foreach domain, you can look for what you need.
LDAP
None
0 Points
10 Posts
Re: Cross-Forests LDAP Connection string
Sep 26, 2012 10:11 PM|JerryHsi|LINK
Thank You! I used the following to do authentication:
DirectoryEntry root = new DirectoryEntry( adsPath, username, password, AuthenticationTypes.Secure | AuthenticationTypes.FastBind ); try{ object tmp = root.NativeObject; return true; }It works ok - What do you reckon about the approach above?
http://forums.asp.net/t/1832296.aspx/1?ActiveDirectoryMembershipProvider+class+across+multiple+domains