Accessing ActiveDirectory via LDAP

Author: None (None)

Hi community,

is here anybody who knows how to access the Windows ActiveDirectory via the Uniface LDAP driver?

I'd like to query some user information from the AD and display it in a simple form.

I would really appreciate it if anybody have some examples for me!

Thanks!

26 Comments

  1. Paul Koldijk dit a presentation on Uniface and LDAP in the Spring 2011 meeting of the Dutch usergroup: http://www.uniface.nl/wp-content/uploads/2011/07/presentatie_paul_koldijk.pdf


    Author: Theo Neeskens (tneeskens@itblockz.nl)
  2. Hi,

    Is here anybody who knows how to access the Logon User via Windows Active Directory?

    There is a .dll or Uniface function that returns de logged User name?

    Thanks

     


    Author: parcaya (parcaya@compuamerica.com.ve)
  3. I don't think Active Directory knows what the logged on user of the PC is. You can use the proc function $setting like this: $setting ("", "USERNAME", "ENVDATA") or directly call the Windows function GetUserNameA or GetUserNameW in advapi32.dll by means of a C signature. Hope this helps.


    Author: None (None)
  4. Here is the model and form I use to test retrieve from Microsoft Exchange with the LDAP driver. ftp://ftp.compuware.com/pub/uniface/outgoing/cbr/ldap.xml Hope this helps !


    Author: None (None)
  5. Hi,

    thank you for the example code!

    Unfortunately, I always get the return code "-3" (I/O-Error) after the retrieve statement. Procerrorcontext said:

    "ERROR=-3·;MNEM=<UIOSERR_EXCEPTIONAL>·;DESCRIPTION=I/O error·;COMPONENT=LDAP·;PROCNAME=GETEM·;TRIGGER=OPER·;LINE=2"

    It seems like the connection is ok. After the connect statement $status returns "0", but whenever the read trigger runs, the I/O-error occurs.

    I adjusted the asn-file as follows:

    [...

    [DRIVER_SETTINGS]
    LDP = U1.0

    [ENTITIES]
    *.ldap = $LDP:*.*

    [PATHS]
    $LDP=LDP:

    [LOGICALS]
    ldap_server=[MyServerName]
    ldap_port=389
    ldap_userdn=[myUsername]
    ldap_passwd=[myPassword]
    ldap_searchbase=
    ldap_cn=

     ...]

    Do you have any suggestions, what could be wrong?


    Author: None (None)
  6. Difficult to say as I can't see the details of what you are doing. Why not post a messageframe with /pri=255 ?


    Author: None (None)
  7. After I had retrieved the data, the Messageframe has the following output:

    I/O function: S, mode: 0, on file/table: DLDP_PERSON index: 1 >=
    LDP: Error (34) Invalid DN syntax

    Maybe, there is a problem with my BaseDN?? When I make a lookup with an ldap-browser with my BaseDN it works fine, only in Uniface it seems to make problems...

    Can you give me an example of your asn-file with the relevant parts for LDAP please?


    Author: None (None)
  8. Sure. Here are the asn logicals I use to run this program. Hope it helps some. ldap_server emea-ams-dc002.emea.cpwr.corp ldap_port 389 ldap_searchbase OU=Primary,OU=Accounts,OU=Amsterdam,DC=emea,DC=cpwr,DC=corp ldap_userdn CN=Chris Breemer ldap_passwd *****


    Author: None (None)
  9. Hello to all Before compuware introduce an ldap driver we had develop a c++ dll that enumerates objects from ldap and get objects property also in the same dll we have a routine that gets login user and other info. Due to limitations of ldap database driver ( max 255 , no binaries , an incorrect retrieve profile can return data that is not relevant ) still this dll is in use. The call way from uniface is signature of course. If anyone interest i can publish source code with out cost of course. John


    Author: jtsagara (jtsagara@logisoft.gr)
  10. Hi John,

    i'm interested in the code.

     

    TIA Uli


    Author: ulrich-merkel (ulrichmerkel@web.de)
  11. Hi John,

    I'm still having the same problems to connect to ldap with the uniface ldap-driver, so i'd really appreciate it if you publish your c++ dll or source code.

    Thanks!


    Author: None (None)
  12. Hello to all ,

    After your requests , i prepared a zip that contains df_3gl.xml ( a test form ) , u3gl.xml ( signature to see u3gl.dll ) , ldap.txt ( the part of c++ code that is related to ldap) , inlcudes.txt ( the included headers needed)

    Basically we use two routines LDAPObjectsEnumeration that enumerates the tree structure of ldap directory and then we use LDAPGetObjectProperty to point to specified values , so for example if we want the groups from active directory :

    ;***************************************************************************************************************************************
    ;Enumerate LDAP Objects In List vaLDAPObjects
    ; Request    : Guid<!>Name<!>Class<!>ADsPath
    ; Where    : Class = organizationalunit Or group
    ; Sublist Seperator  : "·;"
    ; Recursive Enumeration : True
    Call LDAPObjEnum( gsLDAPServer.GenDum1,LDAPUserName.GenDum1 ,LDAPUserPass.GenDum1 ,  %\
        "Guid<!>GETEX[primaryGroupToken:I]<!>GETEX[name:S]<!>Class<!>ADsPath<!>GETEX[distinguishedName:S]" ,"","organizationalunit·|group","","","","",0,1,"·;" %\
        ,vaLDAPObjects,vnReturnStatus)
    ;***************************************************************************************************************************************
    If ( vnReturnStatus < 0 ) ;Error
     Call Fix_Size_All( (vnReturnStatus*-1) , 4,"0",1,vsErrorNo)
     Message/Error $Text("LDAPERROR%%vsErrorNO")
     ;Reset Entity From Possible RemOcc
     Call InitObject
     Call Retrieve_Ent("<MainEnityName>")
     ;Sort Entity Here Cause We Have Upper & Lower Case Compination And Read Order By Ignores That
     Sort "<MainEnityName>" , "Name"
     Call Create_Lines ("<MainEnityName>")

    Else
     ;Not Kinimatografos
     vnOldCurOcc = $Curocc(<MainEnityName>)

     ;Not Empty Lines In Entity Please
     Call Remove_Lines("<MainEnityName>",2)

     ;Split The Data On Entity
     vnArrayPointer  = 1
     vsOccuranceData = ""
     ;Loop In Array Of Values Avoid GetItem Cause We Have Many = In Our Strings
     While ( vnArrayPointer <= $Number($ItemCount($Replace(vaLDAPObjects,1,"=","||",-1))) )
      vsOccuranceData = $Replace($ItemNr(vnArrayPointer , vaLDAPObjects),1,"<!>","·;",-1) 
      If (vsOccuranceData != "")
       Creocc "<MainEnityName>" , -1
       GetItem Guid.<MainEnityName> ,  vsOccuranceData , 1
       Retrieve/x "<MainEnityName>"
       GetItem PrimaryGroupToken.<MainEnityName> ,  vsOccuranceData , 2
       GetItem Name.<MainEnityName> ,  vsOccuranceData , 3
       GetItem Class.<MainEnityName> ,  vsOccuranceData , 4
       GetItem AdsPath.<MainEnityName> ,  vsOccuranceData , 5
       GetItem DistinguishedName.<MainEnityName> ,  vsOccuranceData , 6
      EndIf
      vnArrayPointer  =  vnArrayPointer + 1
     EndWhile

     ;Sort Entity
     Sort "<MainEnityName>" , "Name"

     ;Not Empty Lines In Entity Please
     Call Create_Lines("<MainEnityName>")

     ;Empty List To Free Some Ram
     vaLDAPObjects  = ""

     ;Not Kinimatografos
     SetOcc "<MainEnityName>",vnOldCurOcc
    EndIf

    Return (0)


    if you want further information about how to build the dll please contact me


    John

     

     


    Author: jtsagara (jtsagara@logisoft.gr)
  13. Hi John,

    I just had a quick look in your archive. in the U3GL.XML export,

    there is only a subsystem definition USYS, but no signatures.

     

    Perhaps your signatures are part of the default subsystem, but you have not set the checkbox "Export default subsystem" in the export screen.


    Author: ulrich-merkel (ulrichmerkel@web.de)
  14. Uli ,

    Hi John,

    I just had a quick look in your archive. in the U3GL.XML export,

    there is only a subsystem definition USYS, but no signatures.



    Perhaps your signatures are part of the default subsystem, but you have not set the checkbox "Export default subsystem" in the export screen.


    i just corrected the zip file download the U3gl Correct , Thanks


    Author: jtsagara (jtsagara@logisoft.gr)
  15. cbreemer said Here is the model and form I use to test retrieve from Microsoft Exchange with the LDAP driver. ftp://ftp.compuware.com/pub/uniface/outgoing/cbr/ldap.xml Hope this helps !

    Hi, this download no longer exists, is there any chance you could point me at a copy (or mail it to me? )


    Author: Iain Sharp (i.sharp@pcisystems.co.uk)
  16. Hi, Please could anyone explain a bit more about Entity mapping with LDAP and how to retrieve the same. Trying it with Uniface 9.2, had setup ldap path in asn, added the driver setting, but a bit confused with her entity setup. If trying to run open command with ldap path, it opens driver successfully. However, throws Uniface -3 and ldap's LDP: Error (1) Operations error while retrieve. Or if there is any way to achieve the same via wsdl? Many Thanks


    Author: dharmesh (pandey.dharmesh@gmail.com)
  17.  I wound up using ms webservices, but couldn't get them to work directly with Uniface, so I have written a very small COM interface to the MS webservices universe, which I add functions to as I need them... 


    Author: Iain Sharp (i.sharp@pcisystems.co.uk)
  18. Hi, I have dug up the PAM for Uniface version 9.2.02 from my personal archive and it states that LDAP 3.0 is supported through the U1.0 LDAP driver. Is this the driver you have been using? The LDAP error you are getting is a very generic one, according to documentation. Paul Koldijk's presentation is still available, if you'd like to review it. Perhaps below URL's can also help you:

    Cheers, Arjen


    Author: Arjen van Vliet (arjen.van.vliet@uniface.com)
  19. Hi Iain,Arjen, Thanks for your response. I am able to retrieve the data from LDAP, yes I am using U1.0 LDAP driver setting and using asn settings as per Paul's presentation. Now, the next thing is to authenticate using username(samaccountname)  and password at login. When I keep the asn path as "$LDP LDP:host+389:DC=abc,DC=co,DC=uk|username|password" and do the retrieve on form by initialising samaccountname, it work correctly. However, if I keep the username and password in the asn path as blank and try to run the open command based on the logging in user and password, at that point open command always give $status as 0, even if the username and password combination is incorrect. Please could you suggest any ways to achieve the authentication process using username and password. And also currently I am trying with port 389, whereas it was not working if I was trying with port 636. Also, I tried setting the LDAP path in asn with generic username password, then once connection with ldap is established, retrieve using samaccountname, then again try to connect to ldap using the DN and password for that user. But DN name comes as blank after retrieve and if I add distinguishedName field, then application just crashes. Anyway to fetch DN name in retrieve? Thanks Dharmesh


    Author: dharmesh (pandey.dharmesh@gmail.com)
  20. Iain Sharp said  I wound up using ms webservices, but couldn't get them to work directly with Uniface, so I have written a very small COM interface to the MS webservices universe, which I add functions to as I need them...   

    Hi Iain, Please could you share some info on your ms webservice and com interface. Thanks


    Author: dharmesh (pandey.dharmesh@gmail.com)
  21. I was able to connect to AD (using LDAP login screen) and retrieve some data from it, but entering the same user name and password is quite annoying and time consuming, so my question is: Is it possible to force LDAP driver to authenticate against AD using current windows user logon object ?


    Author: Branislav Barnak (barnak@synlab.de)
  22. Hi Theo, I tried to follow the link to Pauls presentation, but got a 404? Do I need special privileges to access the netherlands uniface website? http://www.uniface.nl/wp-content/uploads/2011/07/presentatie_paul_koldijk.pdf Greetings from Frankfurt/Germany, Uli


    Author: ulrich-merkel (ulrichmerkel@web.de)
  23. Think the problem is caused just that these psots are from 2012. Because there are 2 pages now (and I set a sort descending), I saw post #3 as the most actual one (top of page), but it is on page 2! Looks like a little flaw on wordpress to shown not the first page. But as it was an interesting topic (and always good to have some examples at hand) ...


    Author: ulrich-merkel (ulrichmerkel@web.de)
  24. Hi, I am using a connection to an LDAP server with open instruction to verify windows user (from environment) and password (typed from user)... it works for sure on U9.6... Gianni


    Author: gianni (gianni.sandigliano@unifacesolutions.com)
  25. Old articles are still available. Dutch user group website has changed from www.uniface.nl to www.uniface2face.nl On request of Uniface BV Page of the 2011 spring conference is http://www.uniface2face.nl/conferenties/voorjaarsconferentie-2011/ And on is the link to Paul's LDAP presentation: http://www.uniface2face.nl/wp-content/uploads/2011/07/presentatie_paul_koldijk.pdf regards, Theo


    Author: Theo Neeskens (tneeskens@itblockz.nl)
  26. Hi Theo, Pauls article looks pretty interesting. Thank you for the updated URL, Uli


    Author: ulrich-merkel (ulrichmerkel@web.de)