Active Directory authentication via LDAP with user

2019-04-15 01:34发布

站内问答 / 后端开发
1676 2 4

As you can see from the code snippet below. I am currently gathering the information about the AD from the currently logged on user using adshlp and ActiveDs_TLB. I have a form that allows the user to enter their AD password and I verify that is correct before allowing access to the system. This woks fine. The problem I have now is that the users want to be able to enter any AD and ID in the form mydomain.com\userid and have the code authenticate and bring back the same data the code currently retrieves. I have not been able to find an LDAP call that will do that. I would appreciate any help and suggestions that I can get. Thanks 

uses
adshlp, ActiveDs_TLB


function Tlogon_form.GetUser(Domain, UserName, pword: string; var ADSIUser: TADSIUserInfo): boolean;
var
  usr   :    IAdsUser;
  usr1  :    IADs;
  flags :    integer;
  grps  :    IAdsMembers;
  grp   :    IAdsGroup;
  varGroup : OleVariant;
  Temp :     LongWord;
  pwd, cn_name, FQDN, AD_path: string;
  HR : boolean;
  fad_domain:string;
  objsysinfo: IADsADSystemInfo;
  domainDN: string;
  List: array [0..10] of String;
  I: integer;
  name_nodes :string;

const
  ADS_SECURE_AUTHENTICATION = $00000001;
begin
  ADSIUser.UID:='';
  ADSIUser.UserName:='';
  ADSIUser.DB_login :='';
  ADSIUser.Disabled:=true;
  ADSIUser.LockedOut:=true;
  ADSIUser.Groups:='';
  Result:=false;
  FQDN :='';
  AD_path := '';
  SBN_SQL.Common_login :='';

  FPassword := pword;
  FUserName := UserName;
  //FDomain := lowercase(Domain); // + '.local';

  if FUserName = '' then exit;

  objsysinfo := CoADSystemInfo.Create;
  domainDN := objsysinfo.GetAnyDCName;
  fad_domain := objsysinfo.DomainDNSName;
  name_nodes := objsysinfo.UserName;

  if domain > '' then
  begin
    fad_domain := domain;
  end
  else
  begin
    domain := fad_domain;
  end;

  fad_domain := fad_domain + '.';

  FQDN := domainDN;
  ad_path := name_nodes;

    try
     if trim(FUserName)<>'' then
     begin
        ADsOpenObject('LDAP://' + AD_path, FUserName, FPassword,ADS_SECURE_AUTHENTICATION, IADsUser, usr);
     end;

     if usr=nil then exit;

     ADSIUser.UID:= UserName;

     ADSIUser.UserName := usr.FullName;
     ADSIUser.DB_login := usr.employeeid;
     //usr:=nil;
     Result:=true;
     exit;
  except
     on e: exception do begin
        Result:=false;
        exit;
     end;
  end;


end;

2条回答
Lonely孤独者°
2楼-- · 2019-04-15 02:18

I also use ADsOpenObject for LDAP validation and in your code you pass the domain as a parameter, so use such parameter in the ADsOpenObject call or perhaps I did not clearly understood the question

function Authenticate(const pUser, pPassword,pDomain: String): HRESULT;  
Var  
 aUser : IAdsUser;  
begin  
 Try  
   Result  := ADsOpenObject(Format('LDAP://%s',[pDomain]),Format('%s\%s',[pDomain,pUser]),pPassword,ADS_SECURE_AUTHENTICATION,IAdsUser,aUser);    
  // here retrieve the information needed   
 Finally  
   aUser := Nil  
 End  
end;
查看更多
0人赞 添加讨论(0) 举报
ら.Afraid
3楼-- · 2019-04-15 02:34

What you could do is search for that user based on the userid (without the domain) and thus get the relevant info back.

I wrote an article in "The Delphi Magazine" way back in October 2000 about searching using ADSI and Delphi - and you can still download my code sample and a Delphi component TADSISearcher from my web site - hopefully, that can get you started!

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)