Home/ Questions/Q 7925455
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-03T18:18:05+00:00

I have a pretty extensive application that has been built to provide SSO to

  • 0

I have a pretty extensive application that has been built to provide SSO to several web applications via OID. The problem is that we have seen some users getting “orphaned” on a role for one of the applications. I have written a method that returns the distinguished name for all of the users with access to that role. To perform the cleanup, I am trying to make sure that the users returned in the previous step actually exist in OID. I have been using the System.DirectoryServices.Protocols.SearchRequest class when searching for users or roles, but it is not working for a distinguished name. Below is my method. It has been changed a couple of times to try different ways to make it work.

    Public Function GetUserByDN(UserDN As String) As SearchResultEntry
        Dim searchString As String = String.Format("baseDN={0}", UserDN)
        Dim containerDN As String = Nothing
        If _extranet Then
            containerDN = "cn=users," & ConfigurationManager.AppSettings("Directory_ExternalDomain")
        Else
            containerDN = "cn=users," & ConfigurationManager.AppSettings("Directory_InternalDomain")
        End If

        Dim attributes(14) As String
        attributes(0) = DIRECTORY_UNIQUE_ID
        attributes(1) = DIRECTORY_FIRST_NAME
        attributes(2) = DIRECTORY_LAST_NAME
        attributes(3) = DIRECTORY_EMAIL_ADDRESS
        attributes(4) = DIRECTORY_TELEPHONE
        attributes(5) = DIRECTORY_STREET
        attributes(6) = DIRECTORY_CITY
        attributes(7) = DIRECTORY_STATE
        attributes(8) = DIRECTORY_ZIP
        attributes(9) = DIRECTORY_CUSTOMER_NAME
        attributes(10) = DIRECTORY_ENABLED
        attributes(11) = DIRECTORY_GIVEN_NAME   ' this is the first name for a domain user
        attributes(12) = DIRECTORY_KBIT_INDICATOR
        attributes(13) = DIRECTORY_REQUESTING_BRANCH
        attributes(14) = DIRECTORY_PWD_MUST_CHANGE

        'Me.Connection.Bind()
        Me.Bind()

        Dim myRequest As New System.DirectoryServices.Protocols.SearchRequest(containerDN, UserDN, SearchScope.Base, attributes)
        Dim myResponse As SearchResponse = Me.Connection.SendRequest(myRequest)
        Dim results As SearchResultEntryCollection = myResponse.Entries

        If results.Count >= 1 Then
            Return results(0)
        Else
            Return Nothing
        End If
    End Function
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It has taken a lot of research and asking questions else where to find the answer to this. It turns out that instead of looking in the users OU and searching for the user’s DN, I should have just looked at the user’s DN and just perform a simple LDAP query. Here is my final solution. I hope this helps the community.

           Public Function GetUserByDN(UserDN As String) As SearchResultEntry
        Dim ldapFilter As String = "(objectClass=person)"

        Dim attributes(14) As String
        attributes(0) = DIRECTORY_UNIQUE_ID
        attributes(1) = DIRECTORY_FIRST_NAME
        attributes(2) = DIRECTORY_LAST_NAME
        attributes(3) = DIRECTORY_EMAIL_ADDRESS
        attributes(4) = DIRECTORY_TELEPHONE
        attributes(5) = DIRECTORY_STREET
        attributes(6) = DIRECTORY_CITY
        attributes(7) = DIRECTORY_STATE
        attributes(8) = DIRECTORY_ZIP
        attributes(9) = DIRECTORY_CUSTOMER_NAME
        attributes(10) = DIRECTORY_ENABLED
        attributes(11) = DIRECTORY_GIVEN_NAME
        attributes(12) = DIRECTORY_KBIT_INDICATOR
        attributes(13) = DIRECTORY_REQUESTING_BRANCH
        attributes(14) = DIRECTORY_PWD_MUST_CHANGE

        Me.Bind()

        Dim myRequest As New SearchRequest(UserDN, ldapFilter, SearchScope.Base, attributes)
        Dim myResponse As SearchResponse = Me.Connection.SendRequest(myRequest)

        If myResponse.Entries.Count >= 1 Then
            Return myResponse.Entries(0)
        Else
            Return Nothing
        End If
    End Function
    • 0