使用 Delphi 通过 LDAP 与 user@mydomain.com 进行 Active Directory 身份验证 [英] Active Directory authentication via LDAP with user@mydomain.com using Delphi

问题描述

您可以从下面的代码片段中看到.我目前正在使用 adshlp 和 ActiveDs_TLB 从当前登录的用户那里收集有关 AD 的信息.我有一个表单，允许用户输入他们的 AD 密码，我在允许访问系统之前验证它是正确的.这炒得很好.我现在遇到的问题是，用户希望能够以 mydomain.comuserid 的形式输入任何 AD 和 ID，并让代码进行身份验证并带回代码当前检索到的相同数据.我还没有找到可以做到这一点的 LDAP 调用.如果能得到任何帮助和建议，我将不胜感激.谢谢

As you can see from the code snippet below. I am currently gathering the information about the AD from the currently logged on user using adshlp and ActiveDs_TLB. I have a form that allows the user to enter their AD password and I verify that is correct before allowing access to the system. This woks fine. The problem I have now is that the users want to be able to enter any AD and ID in the form mydomain.comuserid and have the code authenticate and bring back the same data the code currently retrieves. I have not been able to find an LDAP call that will do that. I would appreciate any help and suggestions that I can get. Thanks

uses
adshlp, ActiveDs_TLB


function Tlogon_form.GetUser(Domain, UserName, pword: string; var ADSIUser: TADSIUserInfo): boolean;
var
  usr   :    IAdsUser;
  usr1  :    IADs;
  flags :    integer;
  grps  :    IAdsMembers;
  grp   :    IAdsGroup;
  varGroup : OleVariant;
  Temp :     LongWord;
  pwd, cn_name, FQDN, AD_path: string;
  HR : boolean;
  fad_domain:string;
  objsysinfo: IADsADSystemInfo;
  domainDN: string;
  List: array [0..10] of String;
  I: integer;
  name_nodes :string;

const
  ADS_SECURE_AUTHENTICATION = $00000001;
begin
  ADSIUser.UID:='';
  ADSIUser.UserName:='';
  ADSIUser.DB_login :='';
  ADSIUser.Disabled:=true;
  ADSIUser.LockedOut:=true;
  ADSIUser.Groups:='';
  Result:=false;
  FQDN :='';
  AD_path := '';
  SBN_SQL.Common_login :='';

  FPassword := pword;
  FUserName := UserName;
  //FDomain := lowercase(Domain); // + '.local';

  if FUserName = '' then exit;

  objsysinfo := CoADSystemInfo.Create;
  domainDN := objsysinfo.GetAnyDCName;
  fad_domain := objsysinfo.DomainDNSName;
  name_nodes := objsysinfo.UserName;

  if domain > '' then
  begin
    fad_domain := domain;
  end
  else
  begin
    domain := fad_domain;
  end;

  fad_domain := fad_domain + '.';

  FQDN := domainDN;
  ad_path := name_nodes;

    try
     if trim(FUserName)<>'' then
     begin
        ADsOpenObject('LDAP://' + AD_path, FUserName, FPassword,ADS_SECURE_AUTHENTICATION, IADsUser, usr);
     end;

     if usr=nil then exit;

     ADSIUser.UID:= UserName;

     ADSIUser.UserName := usr.FullName;
     ADSIUser.DB_login := usr.employeeid;
     //usr:=nil;
     Result:=true;
     exit;
  except
     on e: exception do begin
        Result:=false;
        exit;
     end;
  end;


end;

推荐答案

我也使用 ADsOpenObject 进行 LDAP 验证，并且在您的代码中您将域作为参数传递，所以在 ADsOpenObject 调用或者我没有清楚地理解问题

I also use ADsOpenObject for LDAP validation and in your code you pass the domain as a parameter, so use such parameter in the ADsOpenObject call or perhaps I did not clearly understood the question

function Authenticate(const pUser, pPassword,pDomain: String): HRESULT;  
Var  
 aUser : IAdsUser;  
begin  
 Try  
   Result  := ADsOpenObject(Format('LDAP://%s',[pDomain]),Format('%s\%s',[pDomain,pUser]),pPassword,ADS_SECURE_AUTHENTICATION,IAdsUser,aUser);    
  // here retrieve the information needed   
 Finally  
   aUser := Nil  
 End  
end;  

这篇关于使用 Delphi 通过 LDAP 与 user@mydomain.com 进行 Active Directory 身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！