通过使用Delphi的user@mydomain.com通过LDAP进行Active Directory身份验证 [英] Active Directory authentication via LDAP with user@mydomain.com using Delphi

问题描述

从下面的代码片段中可以看到.我目前正在使用adshlp和ActiveDs_TLB从当前登录的用户收集有关AD的信息.我有一个允许用户输入其AD密码的表格，并且在允许访问系统之前，我验证了此密码的正确性.没关系我现在遇到的问题是，用户希望能够以mydomain.com \ userid的形式输入任何AD和ID，并使代码进行身份验证，并取回与代码当前检索的数据相同的数据.我还没有找到可以做到这一点的LDAP调用.我将不胜感激. 谢谢

As you can see from the code snippet below. I am currently gathering the information about the AD from the currently logged on user using adshlp and ActiveDs_TLB. I have a form that allows the user to enter their AD password and I verify that is correct before allowing access to the system. This woks fine. The problem I have now is that the users want to be able to enter any AD and ID in the form mydomain.com\userid and have the code authenticate and bring back the same data the code currently retrieves. I have not been able to find an LDAP call that will do that. I would appreciate any help and suggestions that I can get. Thanks

uses
adshlp, ActiveDs_TLB


function Tlogon_form.GetUser(Domain, UserName, pword: string; var ADSIUser: TADSIUserInfo): boolean;
var
  usr   :    IAdsUser;
  usr1  :    IADs;
  flags :    integer;
  grps  :    IAdsMembers;
  grp   :    IAdsGroup;
  varGroup : OleVariant;
  Temp :     LongWord;
  pwd, cn_name, FQDN, AD_path: string;
  HR : boolean;
  fad_domain:string;
  objsysinfo: IADsADSystemInfo;
  domainDN: string;
  List: array [0..10] of String;
  I: integer;
  name_nodes :string;

const
  ADS_SECURE_AUTHENTICATION = $00000001;
begin
  ADSIUser.UID:='';
  ADSIUser.UserName:='';
  ADSIUser.DB_login :='';
  ADSIUser.Disabled:=true;
  ADSIUser.LockedOut:=true;
  ADSIUser.Groups:='';
  Result:=false;
  FQDN :='';
  AD_path := '';
  SBN_SQL.Common_login :='';

  FPassword := pword;
  FUserName := UserName;
  //FDomain := lowercase(Domain); // + '.local';

  if FUserName = '' then exit;

  objsysinfo := CoADSystemInfo.Create;
  domainDN := objsysinfo.GetAnyDCName;
  fad_domain := objsysinfo.DomainDNSName;
  name_nodes := objsysinfo.UserName;

  if domain > '' then
  begin
    fad_domain := domain;
  end
  else
  begin
    domain := fad_domain;
  end;

  fad_domain := fad_domain + '.';

  FQDN := domainDN;
  ad_path := name_nodes;

    try
     if trim(FUserName)<>'' then
     begin
        ADsOpenObject('LDAP://' + AD_path, FUserName, FPassword,ADS_SECURE_AUTHENTICATION, IADsUser, usr);
     end;

     if usr=nil then exit;

     ADSIUser.UID:= UserName;

     ADSIUser.UserName := usr.FullName;
     ADSIUser.DB_login := usr.employeeid;
     //usr:=nil;
     Result:=true;
     exit;
  except
     on e: exception do begin
        Result:=false;
        exit;
     end;
  end;


end;

推荐答案

我还使用 ADsOpenObject 进行LDAP验证，并且在您的代码中将域作为参数传递，因此在 ADsOpenObject 调用，或者我不太清楚这个问题

I also use ADsOpenObject for LDAP validation and in your code you pass the domain as a parameter, so use such parameter in the ADsOpenObject call or perhaps I did not clearly understood the question

function Authenticate(const pUser, pPassword,pDomain: String): HRESULT;  
Var  
 aUser : IAdsUser;  
begin  
 Try  
   Result  := ADsOpenObject(Format('LDAP://%s',[pDomain]),Format('%s\%s',[pDomain,pUser]),pPassword,ADS_SECURE_AUTHENTICATION,IAdsUser,aUser);    
  // here retrieve the information needed   
 Finally  
   aUser := Nil  
 End  
end;  

这篇关于通过使用Delphi的user@mydomain.com通过LDAP进行Active Directory身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！