4

I'm wondering how I could get a list of members of an AD group.

Checking if an entered password of a user is correct works perfectly fine. For this I'm using Novell's Ldap.NetStandard: 

private bool IsUserValid(string userName,string userPassword)
{
    try{
        using (var connection = new LdapConnection { SecureSocketLayer = false })
        {
            connection.Connect("test.local", LdapConnection.DEFAULT_PORT);
            connection.Bind(userDn, userPassword);

            if (connection.Bound)
            {
                return true;
            }
        }
    }
    catch (LdapException ex)
    {
        Console.WriteLine(ex.Massage);
    }

    return false;
}

What I want now is something like this:

bool isUserInGroup("testUser","testGroup");

The problem is I can't get my method working:

public bool IsUserMemberOfGroup(string userName,string groupName)
{
    var ldapConn = GetConnection();

    var searchBase = "";
    var filter = $"(&(objectClass=group)(cn={groupName}))";
    var search = ldapConn.Search(searchBase, LdapConnection.SCOPE_BASE, filter, null, false);
    while (search.hasMore())
    {
        var nextEntry = search.next();
        if (nextEntry.DN == userName)
            return true;                    
    }

    return false;
}

What ever I'm doing, I'm not getting back any value from my Ldap.Search()...

Improve this question
4
  • Don't use need to specify your search base first before starting the search? i.e. var searchBase = "DC=test,DC=local"; Commented Nov 6, 2017 at 23:29
  • @DavidLiang also tried that. The result is still the same... Commented Nov 13, 2017 at 8:11
  • aww it's not easy to tell what's going on, as I can't ask much about your AD setup. I can just tell you what my setup looks up. Please look at my answer here. Commented Nov 13, 2017 at 17:37
  • @DavidLiang Thanks a lot I will have a look at it! Commented Nov 14, 2017 at 11:27

2 Answers 2

Reset to default
2

Now there is an implementation of System.DirectoryServices.AccountManagement for .NET Core 2. It is available via nuget.

With this package you are able to things like that:

        using (var principalContext = new PrincipalContext(ContextType.Domain, "YOUR AD DOMAIN"))
        {
            var domainUsers = new List<string>();
            var userPrinciple = new UserPrincipal(principalContext);

            // Performe search for Domain users
            using (var searchResult = new PrincipalSearcher(userPrinciple))
            {
                foreach (var domainUser in searchResult.FindAll())
                {
                    if (domainUser.DisplayName != null)
                    {
                        domainUsers.Add(domainUser.DisplayName);
                    }
                }
            }
        }

This performs a search for the user in your domain.Nearly the same is possible for searching your group. The way I used to search my AD (description in my question) is now obsolet:

Checking if an entered password of a user is correct works perfectly fine. For this I'm using Novell's Ldap.NetStandard:

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

How about:

HttpContext.User.IsInRole("nameOfYourAdGroup");

(namespace System.Security.Claims)

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.