FW user login to authenticate from windows active directory

Re: FW user login to authenticate from windows active directory

Postby hebert_j_vargas » Tue Nov 17, 2015 6:15 pm

Baxajaun wrote:Hi Herbert,

here in line 29:

oRootDSE := CreateObject("LDAP://",cUserID,cPassword)

Error description: Error TOleAuto/-1 CO_E_CLASSSTRING: TOLEAUTO:NEW
Args:
[ 1] = C LDAP://
[ 2] = U
[ 3] = C FPGRANDE

Thanks in advance.

Regards


Thank's Baxajaun, the code must be:

oRootDSE := CreateObject("LDAP://")

I forgot to remove those parameter's, but all you get from GetObject or CreateObject is NIL :( .
Compiler version: xHarbour 1.2.3 Intl. (SimpLex) (Build 20141106)
FiveWin Version: FWHX 15.01
BCC 5.8.2
User avatar
hebert_j_vargas
 
Posts: 99
Joined: Thu Aug 02, 2012 3:21 pm

Re: FW user login to authenticate from windows active directory

Postby Baxajaun » Wed Nov 18, 2015 10:04 am

Thanks Herbert,

but with that change

Error description: Error TOleAuto/-1 CO_E_CLASSSTRING: TOLEAUTO:NEW
Args:
[ 1] = C LDAP://
[ 2] = U
[ 3] = U

in line

oRootDSE := CreateObject("LDAP://")

Thanks in advance !

Regards,
User avatar
Baxajaun
 
Posts: 968
Joined: Wed Oct 19, 2005 2:17 pm
Location: Gatika. Bizkaia

Re: FW user login to authenticate from windows active directory

Postby Rick Lipkin » Wed Nov 18, 2015 1:10 pm

To All

These are my modifications from the original LDAP code .. I use this routine to pull AD information for a selected User :

Code: Select all  Expand view  RUN

#Include "FiveWIn.Ch"
#Include "xBrowse.Ch"
#include "ado.ch"

#define ADS_SCOPE_BASE      0
#define ADS_SCOPE_ONELEVEL  1
#define ADS_SCOPE_SUBTREE   2



//----------------------
Func _UserGet( cMode,cAdFind,oAdFind,cUserId,oUserId,cFullName,oFullName,cLname,oLname,cFname,oFname,cPhone,oPhone,cFrom,cDomain,;
               oButt1,oButt2,oButt3,oButt4,oButt5,oButt6)

Local oDLG,oLBX,lOk3
Local oRsAd,oCn,cConnect,cSql,oErr
Local oProp,oRs
Local aData,aHead,nI,aReg

Local oBtn1,oBtn2
Local Saying,cValue

If cMode = "V"
   Return(.t.)
Endif

If cMode = "R" .and. cUserId = "All"
   If cFrom = "BUTTON"
   Else
      Return(.t.)
   Endif
Endif

If empty( cFrom )
   cFrom := "FIELD"
Endif

If Empty( cDomain )
   Saying := "Sorry .. the Domain Name has not been defined"
   Msginfo( Saying )
   Return(.f.)
Endif


If cFrom = "FIELD"
   cAdFind := alltrim( oAdFInd:GetText() )
Endif

If empty(cAdFind) .or. cAdFind = "  "
   cAdFInd:= "Bogus"
Endif

// make sure there are no illegal charactors
If _NameCHk( cAdFind,.t.)
Else
   cAdFInd := Space(35)
   oAdFind:ReFresh()
   oAdFInd:SetFocus()
   Return(.f.)
Endif

cDomain  := "LDAP://"+alltrim(cDomain)
cConnect := "Active Directory Provider"

oCn := CREATEOBJECT( "ADODB.Connection" )
oCn:Provider := 'ADsDSOObject'

TRY
   oCn:Open( cConnect )
CATCH oErr
   Saying := "Could not open a Global Connection to Domain "+cDomain
   MsgInfo( Saying )
   RETURN(.F.)
END TRY

*msginfo( "Connection Established" )

oRs := TOleAuto():new("ADODB.Command")
oRs:ActiveConnection := oCn

cSQL := "SELECT "
cSql += " telephoneNumber,"
cSql += " displayName,"          // fullname
cSql += " sAMAccountname,"       // userid
cSql += " sn,"                   // last name  sn
cSql += " givenname"             // first name
cSql += ""
cSql += " FROM '"+cDomain+"'"
cSql += " WHERE objectCategory   = 'person' AND"
cSql += "       objectClass      = 'user'   "

DO Case
Case cAdFind = "Bogus"
     // do nothing .. full table scan
OtherWise
   cSql += " and displayname = '*"+alltrim(cAdFind)+"*' "
End DO

cSql += " ORDER BY displayName"

oRs:CommandText := cSql //cString + cWhere

oProp           := oRs:Properties( 'SearchScope' )
oProp:value     := ADS_SCOPE_SUBTREE

oProp           := oRs:Properties( 'Page size' )
oProp:value     := 2000

Try
  oRsAd := oRs:Execute()
Catch oErr
   Msginfo( "LDAP Query Execution Error")
   oCN:CLose()
   Return(.f.)
End Try

aData := {}
aHead := {}

// generate xBrowse headings
nFields := oRsAd:Fields:Count()

For nI := 0 TO nFields - 1
    Aadd( aHead, oRsAd:Fields(nI):name )
Next


nLen := oRsAd:RecordCount()

IF nLen > 0
   oRsAd:MoveFirst()

   Do WHILE .not. oRsAd:Eof()

      aReg := {}

      For nI := 1 TO Len(aHead)
         Aadd( aReg, oRsAd:Fields( aHead[nI] ):value )
      NEXT

      If empty( aReg[1]) .or. aReg[1] = " "
      Else
         Aadd( aData, aReg )
      ENdif

      oRsAd:MoveNext()

    Enddo

Else
   Msginfo( "No LDAP Data found" )
   oRsAd:CLose()
   oCN:CLose()
   Return(.f.)
Endif

LightGreyGrad()

If cMode = "R"
Else
   oButt1:Disable()
   oButt2:Disable()
   oButt3:Disable()
   oButt4:Disable()
   oButt5:Disable()
   oButt6:Disable()
Endif

lOk3   := .f.

DEFINE DIALOG oDlg RESOURCE "USERSLCT"  ;
       TITLE "User LDAP Look Up Table"  ;

   REDEFINE xBROWSE oLBX            ;
            ARRAY aData             ;
            HEADERS "FirstName",    ;
                    "LastName",     ;
                    "UserId",       ;
                    "FullName",     ;
                    "Phone"         ;
       COLSIZES 97,97,97,150        ;
       ID 111 of oDlg               ;
       AUTOSORT AUTOCOLS LINES CELL

   oLbx:lHScroll := .f. // turn off horiz scroll bar
   oLbx:lRecordSelector := .f.
   oLbx:nMarqueeStyle   := MARQSTYLE_HIGHLROW

   oLbx:bLDblClick := { |nRow,nCol | (lOk3 := .t.,oDlg:End()) }

   _BrowColor(oLbx)

   REDEFINE BTNBMP oBtn1 ID 113 of oDlg   ;
         RESOURCE "OK", "DOK", "DOK" ;
         PROMPT "&Ok" LEFT 2007;
         ACTION (lok3 := .t., oDlg:End() )

   REDEFINE BTNBMP oBtn2 ID 112 OF oDlg   ;
         RESOURCE "CANCEL", "DCANCEL", "DCANCEL" ;
         PROMPT "&Cancel" LEFT 2007;
         ACTION ( lOk3 := .f.,oDlg:End())

ACTIVATE DIALOG oDlg;
         ON INIT ( oDlg:Move(100,400)) ; //, oLbx:SetFocus() );
         VALID(!GETKEYSTATE( 27 ))

If lOk3 = .t.

   cFname      :=  If(empty(oLbx:aCols[ 1 ]:Value),space(15),;
                     substr(oLbx:aCols[ 1 ]:Value+space(15),1,15))
   cLname      :=  If(empty(oLbx:aCols[ 2 ]:Value),space(15),;
                     substr(oLbx:aCols[ 2 ]:Value+space(15),1,15))
   cUserId     :=  If(empty(oLbx:aCols[ 3 ]:Value),space(25),;
                     substr(oLbx:aCols[ 3 ]:Value+space(25),1,25))
   cFullName   :=  If(empty(oLbx:aCols[ 4 ]:Value),space(35),;
                     substr(oLbx:aCols[ 4 ]:Value+space(35),1,35))
   cPhone      :=  If(empty(oLbx:aCols[ 5 ]:Value),space(15),;
                     substr(oLbx:aCols[ 5 ]:Value+space(15),1,15))

   cAdFind     := space(35)

   If .not. empty(oUserId)
      oUserId:ReFresh()
   Endif
   If .not. empty(oFullName)
      oFullName:ReFresh()
   Endif
   If .not. empty(oLname)
      oLname:ReFresh()
   Endif
   If .not. empty(oFname)
      oFname:ReFresh()
   Endif
   If .not. empty( oPhone )
      oPhone:ReFresh()
   Endif
   oAdFind:ReFresh()

ELse

   cAdFind := space(35)
   oAdFind:ReFresh()

Endif

If cMode = "R"
Else
   oButt1:Enable()
   oButt2:Enable()
   oButt3:Enable()
   oButt4:Enable()
   oButt5:Enable()
   oButt6:Enable()
ENdif

LightGreenGrad()
oRsAd:CLose()
oCN:CLose()

RETURN( Lok3 )


// end UserSlct.prg

 
User avatar
Rick Lipkin
 
Posts: 2666
Joined: Fri Oct 07, 2005 1:50 pm
Location: Columbia, South Carolina USA

Re: FW user login to authenticate from windows active directory

Postby hebert_j_vargas » Wed Nov 18, 2015 1:32 pm

Thank's Rick, I already tested your procedure, It worked fine, but what I need is to verify the user by valildating user and password from LDAP services, What I've found is has something to do with xharbour and ole issue, OLE can't find "LDAP".

Ragard's
Compiler version: xHarbour 1.2.3 Intl. (SimpLex) (Build 20141106)
FiveWin Version: FWHX 15.01
BCC 5.8.2
User avatar
hebert_j_vargas
 
Posts: 99
Joined: Thu Aug 02, 2012 3:21 pm

Re: FW user login to authenticate from windows active directory

Postby Baxajaun » Wed Nov 18, 2015 1:33 pm

Hi Rick,

could you share these functions:

- _Namechk()
- LightGreyGrad()
- _BrowColor()

Thanks in advance !

Regards
User avatar
Baxajaun
 
Posts: 968
Joined: Wed Oct 19, 2005 2:17 pm
Location: Gatika. Bizkaia

Re: FW user login to authenticate from windows active directory

Postby Rick Lipkin » Wed Nov 18, 2015 1:41 pm

Sure .. here are the Functions ..

Rick lipkin
Code: Select all  Expand view  RUN

//--------------------
Func _NameChk( cNAME, lEMPTY )

LOCAL SAYING

IF empty(lEMPTY)
   lEMPTY := .F.
ENDIF

IF lEMPTY = .F.
   IF empty(alltrim(cNAME )) .or. cNAME = "  "
      SAYING := "Sorry .. This field can not be BLANK"
      MsgInfo( SAYING )
      RETURN(.F.)
   ENDIF
ENDIF

IF AT( "'", cNAME ) > 0 .or.;
   AT( '"', cNAME ) > 0 .or.;
   AT( '(', cNAME ) > 0 .or.;
   AT( ':', cNAME ) > 0 .or.;
   AT( ')', cNAME ) > 0
   SAYING := "Sorry .. Apostrophes, Quotes, Colons, and Parentheses are ILLEGAL characters"
   MsgInfo( SAYING )
   RETURN(.F.)
ENDIF

RETURN(.T.)
 

Code: Select all  Expand view  RUN

//------------------
Func LightGreyGrad()

SetDlgGradient( { { .50, nRGB( 216, 216, 216 ), nRGB( 255, 255, 255 ) } } )

Return(nil)
 

Code: Select all  Expand view  RUN

//----------------------
Func _BrowColor( oLbx )
                               // foreground      // background
local aGradBarSelFocus := {{1, RGB(0,128,255) , RGB(0,128,255) }}          // in focus
local aGradBarSel         := {{1, RGB(255,255,255), RGB(192,192,192)  }}   // not in focus   192

WITH OBJECT oLbx
      :bClrSel       := {|| { CLR_BLACK, aGradBarSel } }  // not in focus
      :bClrSelFocus := { || { CLR_WHITE, aGradBarSelFocus } }     // in focus
END

Return(nil)
 
User avatar
Rick Lipkin
 
Posts: 2666
Joined: Fri Oct 07, 2005 1:50 pm
Location: Columbia, South Carolina USA

Re: FW user login to authenticate from windows active directory

Postby Rick Lipkin » Wed Nov 18, 2015 1:52 pm

Herbert

User-Password ( userPassword ) is an AD attribute, however if you include it in my above code .. it does not resolve and is probably encrypted ..

http://www.kouti.com/tables/userattributes.htm

Rick Lipkin
User avatar
Rick Lipkin
 
Posts: 2666
Joined: Fri Oct 07, 2005 1:50 pm
Location: Columbia, South Carolina USA

Re: FW user login to authenticate from windows active directory

Postby Baxajaun » Wed Nov 18, 2015 1:55 pm

Thanks a lot Rick !!!

Regards,
User avatar
Baxajaun
 
Posts: 968
Joined: Wed Oct 19, 2005 2:17 pm
Location: Gatika. Bizkaia

Re: FW user login to authenticate from windows active directory

Postby Baxajaun » Fri Nov 20, 2015 11:58 am

Hi Herbert,

have you login Active Directory from FWH ?

Perhaps, Mr, Rao could help with this .

Thanks in advance.

Regards
User avatar
Baxajaun
 
Posts: 968
Joined: Wed Oct 19, 2005 2:17 pm
Location: Gatika. Bizkaia

Re: FW user login to authenticate from windows active directory

Postby hebert_j_vargas » Fri Nov 20, 2015 3:03 pm

Baxajaun wrote:Hi Herbert,

have you login Active Directory from FWH ?

Perhaps, Mr, Rao could help with this .

Thanks in advance.

Regards

Hi baxajaun, I try 2 aproach
Code: Select all  Expand view  RUN

oCon := TOleAuto():new("ADODB.Connection")
           oCon:Provider := 'ADsDSOObject'
           oPro := oCon:Properties('User ID')
           oPro:Value := cUserId
           oPro := oCon:Properties('Password')
           oPro:Value := cPassword
           oPro := oCon:Properties('Encrypt Password')
           oPro:Value := .t.
           //oCon:Properties("Encrypt Password") := .t.
           oCon:Open( "Active Directory Provider" )
 

Even you put a wrong password you can log to Activde Directory
and the one translated from visual basic
Code: Select all  Expand view  RUN
       local oRootDSE, oDSO, oU, lError
     
         default cDNSDomain := "DC=pdvsa,DC=com"
         TRY
            oRootDSE := GetActiveObject("LDAP://RootDSE")
         CATCH
            oRootDSE := CreateObject("LDAP:",cUserID,cPassword)
         END

         If empty( cDNSDomain )
            cDNSDomain := oRootDSE:Get( "defaultNamingContext" )
         EndIf
       
        TRY
           oDSO := GetActiveObject( "LDAP:" )
           oU := oDSO:OpenDSObject( "LDAP://" +  cDNSDomain, cUserID, cPassword, 1 ) //ADS Fast Bind
           lError := .f.
        CATCH
           lError := .t.
        END

This one, can't get ole service from LDAP. Maybe mr. Rao can give us a hand on this issue.
Compiler version: xHarbour 1.2.3 Intl. (SimpLex) (Build 20141106)
FiveWin Version: FWHX 15.01
BCC 5.8.2
User avatar
hebert_j_vargas
 
Posts: 99
Joined: Thu Aug 02, 2012 3:21 pm

Re: FW user login to authenticate from windows active directory

Postby hebert_j_vargas » Mon Nov 23, 2015 3:34 pm

hebert_j_vargas wrote:
Baxajaun wrote:Hi Herbert,

have you login Active Directory from FWH ?

Perhaps, Mr, Rao could help with this .

Thanks in advance.

Regards

Hi baxajaun, I try 2 aproach
Code: Select all  Expand view  RUN

oCon := TOleAuto():new("ADODB.Connection")
           oCon:Provider := 'ADsDSOObject'
           oPro := oCon:Properties('User ID')
           oPro:Value := cUserId
           oPro := oCon:Properties('Password')
           oPro:Value := cPassword
           oPro := oCon:Properties('Encrypt Password')
           oPro:Value := .t.
           //oCon:Properties("Encrypt Password") := .t.
           oCon:Open( "Active Directory Provider" )
 

Even you put a wrong password you can log to Activde Directory
and the one translated from visual basic
Code: Select all  Expand view  RUN
       local oRootDSE, oDSO, oU, lError
     
         default cDNSDomain := "DC=pdvsa,DC=com"
         TRY
            oRootDSE := GetActiveObject("LDAP://RootDSE")
         CATCH
            oRootDSE := CreateObject("LDAP:",cUserID,cPassword)
         END

         If empty( cDNSDomain )
            cDNSDomain := oRootDSE:Get( "defaultNamingContext" )
         EndIf
       
        TRY
           oDSO := GetActiveObject( "LDAP:" )
           oU := oDSO:OpenDSObject( "LDAP://" +  cDNSDomain, cUserID, cPassword, 1 ) //ADS Fast Bind
           lError := .f.
        CATCH
           lError := .t.
        END

This one, can't get ole service from LDAP. Maybe mr. Rao can give us a hand on this issue.


Mr. Rao, could you pleae give us a hand on this?
Compiler version: xHarbour 1.2.3 Intl. (SimpLex) (Build 20141106)
FiveWin Version: FWHX 15.01
BCC 5.8.2
User avatar
hebert_j_vargas
 
Posts: 99
Joined: Thu Aug 02, 2012 3:21 pm

Re: FW user login to authenticate from windows active directory

Postby hebert_j_vargas » Wed Nov 25, 2015 2:53 pm

UP
Compiler version: xHarbour 1.2.3 Intl. (SimpLex) (Build 20141106)
FiveWin Version: FWHX 15.01
BCC 5.8.2
User avatar
hebert_j_vargas
 
Posts: 99
Joined: Thu Aug 02, 2012 3:21 pm

Re: FW user login to authenticate from windows active directory

Postby Baxajaun » Mon Nov 30, 2015 9:41 am

Up !
User avatar
Baxajaun
 
Posts: 968
Joined: Wed Oct 19, 2005 2:17 pm
Location: Gatika. Bizkaia

Re: FW user login to authenticate from windows active directory

Postby Rick Lipkin » Mon Nov 30, 2015 1:29 pm

Just a dumb observation and this may not be the case .. but in order to use Active Directory the MACHINE your customer is using to authenticate your application ( external app I presume ) MUST be a member of the domain.

You just can not take any computer that is not part of the domain and expect the user on that machine to authenticate to Active Directory. .. UNLESS you are using a VPN back to the domain or RDP into a machine attached and inside the domain.

Rick Lipkin
User avatar
Rick Lipkin
 
Posts: 2666
Joined: Fri Oct 07, 2005 1:50 pm
Location: Columbia, South Carolina USA

Re: FW user login to authenticate from windows active directory

Postby Horizon » Wed Nov 08, 2017 1:01 pm

UP
Regards,

Hakan ONEMLI

Harbour & MSVC 2022 & FWH 23.04
Horizon
 
Posts: 1322
Joined: Fri May 23, 2008 1:33 pm

PreviousNext

Return to FiveWin for Harbour/xHarbour

Who is online

Users browsing this forum: Google [Bot] and 41 guests