Open LDAP

Post by **sekou2331** » Tue Jan 28, 2020 10:51 am

Hi,

I am trying access information in LDAP. I code in C# that was not written by me that seems to do this. I am trying to make a light weight version in powershell. But it is looking like I have to call a lot of C# methods to do so. Was wondering if there is a way to do this. I am using the below but it keep getting permission issues. Am i approaching this incorrectly?

Code: [Select all] [Expand/Collapse] [Download] (Untitled.ps1)

$root = new-object DirectoryServices.DirectoryEntry("LDAP://servername/ou=organizations,o=.com", "uid=username, ou=Generic Users, ou=App Admins, o=.com", "password")
$selector = new-object DirectoryServices.DirectorySearcher($root)
$selector.findAll()

ERROR: Exception calling "FindAll" with "0" argument(s): "The user name or password is incorrect.
ERROR: "
LDAP_QUery.ps1 (36, 1): ERROR: At Line: 36 char: 1
ERROR: + $selector.findAll()
ERROR: + ~~~~~~~~~~~~~~~~~~~
ERROR: + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
ERROR: + FullyQualifiedErrorId : COMException
ERROR:

jvierra · Post by **jvierra** » Tue Jan 28, 2020 10:57 am

Is this in a domain?

Post by **sekou2331** » Tue Jan 28, 2020 11:29 am

jvierra · Post by **jvierra** » Tue Jan 28, 2020 11:31 am

Code: Select all

$ldap = 'LDAP://servername/ou=organizations,o=.com'
$root = [adsi]::New($ldap, 'username','password')
$filter='(objectclass=user)'
$searcher = [adsisearcher]::New($root,$filter)
$searcher.FindAll()

Post by **sekou2331** » Tue Jan 28, 2020 1:34 pm

Still getting the same error. The login works in C# but will not work in powershell. Really weird.

ERROR: Exception calling "FindAll" with "0" argument(s): "The user name or password is incorrect.
ERROR: "
LDAP_QUery.ps1 (7, 1): ERROR: At Line: 7 char: 1
ERROR: + $searcher.FindAll()
ERROR: + ~~~~~~~~~~~~~~~~~~~
ERROR: + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
ERROR: + FullyQualifiedErrorId : COMException
ERROR:

jvierra · Post by **jvierra** » Tue Jan 28, 2020 1:48 pm

Yes. You have to have the correct username and password. We can't help you with that. You may also have to encode the connection which is also up to the remote system.

I highly recommend contacting the support for the system you are connecting to to find out how they have configured it.

I also think your LDAP string is not correct. It should be either:

$ldap = 'LDAP://Server:389'
or
$ldap = 'LDAP://server:389/dc=domain,dc=com'

You have to determine which one you need. The port may need to be the LDAP encrypted port.

If the LDAP domain is a subdomain then the "DC=" part might have three bits.

$ldap = 'LDAP://server:389/dc=domain,dc=subdomain,dc=com'

Post by **sekou2331** » Wed Jan 29, 2020 7:14 am

Ok I think I figured out why I was not connecting. It looks like I needed some type of authentication binding. I wrote it still using C# methods. Is there are more PowerShell way for the below. Also how can I see the data under properties. I am only seeing this {adspath, companyname, mscrmid, cn...}.

Code: [Select all] [Expand/Collapse] [Download] (Untitled.ps1)

$username = "Username"
$password = "Password"
$DomainControllerIpAddress = 'servername'
$LdapDn = 'ou=organizations,o=.com'
$fastBind = [System.DirectoryServices.AuthenticationTypes]::ServerBind
$dn = New-Object System.DirectoryServices.DirectoryEntry ("LDAP://$($DomainControllerIpAddress):389/$LdapDn", $username, $password, $fastBind)
 
#Here look for a user
$ds = new-object System.DirectoryServices.DirectorySearcher($dn)
#Find Properties.
$ds.PropertiesToLoad.Add("organizationuid")
$ds.PropertiesToLoad.Add("companyname")
$ds.PropertiesToLoad.Add("id")
$ds.PropertiesToLoad.Add("cn")
 
 
$ds.FindAll()

jvierra · Post by **jvierra** » Wed Jan 29, 2020 9:56 am

Here is an example of how to use the directory searcher.

https://gallery.technet.microsoft.com/E ... b4?redir=0

SAPIEN Technologies

Open LDAP

Open LDAP

Re: Open LDAP

Re: Open LDAP

Re: Open LDAP

Re: Open LDAP

Re: Open LDAP

Re: Open LDAP

Re: Open LDAP