Active Directory authentication via LDAP with user@mydomain.com using Delphi

Question

As you can see from the code snippet below. I am currently gathering the information about the AD from the currently logged on user using adshlp and ActiveDs_TLB. I have a form that allows the user to enter their AD password and I verify that is correct before allowing access to the system. This woks fine. The problem I have now is that the users want to be able to enter any AD and ID in the form mydomain.com\userid and have the code authenticate and bring back the same data the code currently retrieves. I have not been able to find an LDAP call that will do that. I would appreciate any help and suggestions that I can get. Thanks

uses
adshlp, ActiveDs_TLB


function Tlogon_form.GetUser(Domain, UserName, pword: string; var ADSIUser: TADSIUserInfo): boolean;
var
  usr   :    IAdsUser;
  usr1  :    IADs;
  flags :    integer;
  grps  :    IAdsMembers;
  grp   :    IAdsGroup;
  varGroup : OleVariant;
  Temp :     LongWord;
  pwd, cn_name, FQDN, AD_path: string;
  HR : boolean;
  fad_domain:string;
  objsysinfo: IADsADSystemInfo;
  domainDN: string;
  List: array [0..10] of String;
  I: integer;
  name_nodes :string;

const
  ADS_SECURE_AUTHENTICATION = $00000001;
begin
  ADSIUser.UID:='';
  ADSIUser.UserName:='';
  ADSIUser.DB_login :='';
  ADSIUser.Disabled:=true;
  ADSIUser.LockedOut:=true;
  ADSIUser.Groups:='';
  Result:=false;
  FQDN :='';
  AD_path := '';
  SBN_SQL.Common_login :='';

  FPassword := pword;
  FUserName := UserName;
  //FDomain := lowercase(Domain); // + '.local';

  if FUserName = '' then exit;

  objsysinfo := CoADSystemInfo.Create;
  domainDN := objsysinfo.GetAnyDCName;
  fad_domain := objsysinfo.DomainDNSName;
  name_nodes := objsysinfo.UserName;

  if domain > '' then
  begin
    fad_domain := domain;
  end
  else
  begin
    domain := fad_domain;
  end;

  fad_domain := fad_domain + '.';

  FQDN := domainDN;
  ad_path := name_nodes;

    try
     if trim(FUserName)<>'' then
     begin
        ADsOpenObject('LDAP://' + AD_path, FUserName, FPassword,ADS_SECURE_AUTHENTICATION, IADsUser, usr);
     end;

     if usr=nil then exit;

     ADSIUser.UID:= UserName;

     ADSIUser.UserName := usr.FullName;
     ADSIUser.DB_login := usr.employeeid;
     //usr:=nil;
     Result:=true;
     exit;
  except
     on e: exception do begin
        Result:=false;
        exit;
     end;
  end;


end;

score 1 · Answer 1 · answered Nov 25 '14 at 19:50

1

What you could do is search for that user based on the userid (without the domain) and thus get the relevant info back.

I wrote an article in "The Delphi Magazine" way back in October 2000 about searching using ADSI and Delphi - and you can still download my code sample and a Delphi component TADSISearcher from my web site - hopefully, that can get you started!

answered Nov 25 '14 at 19:50

marc_s

732,580
175
1,330
1,459

Thank you for your response. That was one of the first web pages I read when I started this project. I found it helpful but did not find my answer there. – rfptwo Nov 26 '14 at 16:20
1

@WisnuWidiarta: site has been discontinued in the meantime - try this link instead: https://1drv.ms/u/s!AtQ29cmdYW3QgVb7mBsPVTpss3fb?e=8kkOgN – marc_s Jun 21 '21 at 05:54
Thx Marc! I will try it. If you have any url about Active Directory that I should read (so I can use the component correctly), it would be greatly appreciated. – Wisnu Widiarta Jun 22 '21 at 11:25
Hi Marc.. I got an error: it cannot found : ActiveDs_TLB (I am using D2010 and Rio). Any advice? Can I get it from https://github.com/mitshel/tech-inv-2012/blob/master/ADOLogin/ActiveDs_TLB.pas ? – Wisnu Widiarta Jun 23 '21 at 11:01

score 0 · Answer 2 · edited Nov 26 '14 at 18:05

0

I also use ADsOpenObject for LDAP validation and in your code you pass the domain as a parameter, so use such parameter in the ADsOpenObject call or perhaps I did not clearly understood the question

function Authenticate(const pUser, pPassword,pDomain: String): HRESULT;  
Var  
 aUser : IAdsUser;  
begin  
 Try  
   Result  := ADsOpenObject(Format('LDAP://%s',[pDomain]),Format('%s\%s',[pDomain,pUser]),pPassword,ADS_SECURE_AUTHENTICATION,IAdsUser,aUser);    
  // here retrieve the information needed   
 Finally  
   aUser := Nil  
 End  
end;

edited Nov 26 '14 at 18:05

marc_s

732,580
175
1,330
1,459

answered Nov 25 '14 at 21:44

alvaroc

433
5
14

1

Except that weird use of `try..finally` block with setting the input string parameter to `nil`, there's one more thing about the `ADsOpenObject` function. [`MSDN`](http://msdn.microsoft.com/en-us/library/aa772238%28v=vs.85%29.aspx) explicitly says *"This function should not be used just to validate user credentials."*. – TLama Nov 25 '14 at 22:24
I tried this and I received 'No such interface supported'. I switched to a combination of calls:ADsOpenObject('WinNT://' + domain + '/' + FUserName, FUserName, FPassword,ADS_SECURE_AUTHENTICATION, IADsUser, usr); cn_name := usr.FullName; – rfptwo Nov 26 '14 at 16:12
ADsOpenObject('LDAP://CN=' + cn_name + ',' + AD_path, FUserName, FPassword,ADS_SECURE_AUTHENTICATION, IADsUser, usr); This allowed me to override the original AD and point to another, but it did not work for my customer due to the way they configured their AD. – rfptwo Nov 26 '14 at 16:18

Active Directory authentication via LDAP with user@mydomain.com using Delphi

2 Answers2

Linked