Open LDAP

Ask your Windows PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Locked
User avatar
sekou2331
Posts: 271
Meble kuchenne na zamówienie - na wymiar - Wrocław
Joined: Wed Aug 15, 2012 6:07 am

Open LDAP

Post by sekou2331 »

Hi,



I am trying access information in LDAP. I code in C# that was not written by me that seems to do this. I am trying to make a light weight version in powershell. But it is looking like I have to call a lot of C# methods to do so. Was wondering if there is a way to do this. I am using the below but it keep getting permission issues. Am i approaching this incorrectly?


  1. $root = new-object DirectoryServices.DirectoryEntry("LDAP://servername/ou=organizations,o=.com", "uid=username, ou=Generic Users, ou=App Admins, o=.com", "password")
  2.  
  3. $selector = new-object DirectoryServices.DirectorySearcher($root)
  4.  
  5. $selector.findAll()



ERROR: Exception calling "FindAll" with "0" argument(s): "The user name or password is incorrect.
ERROR: "
LDAP_QUery.ps1 (36, 1): ERROR: At Line: 36 char: 1
ERROR: + $selector.findAll()
ERROR: + ~~~~~~~~~~~~~~~~~~~
ERROR: + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
ERROR: + FullyQualifiedErrorId : COMException
ERROR:

jvierra
Posts: 14213
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: Open LDAP

Post by jvierra »

Is this in a domain?

User avatar
sekou2331
Posts: 271
Joined: Wed Aug 15, 2012 6:07 am

Re: Open LDAP

Post by sekou2331 »

No

jvierra
Posts: 14213
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: Open LDAP

Post by jvierra »

Code: Select all

$ldap = 'LDAP://servername/ou=organizations,o=.com'
$root = [adsi]::New($ldap, 'username','password')
$filter='(objectclass=user)'
$searcher = [adsisearcher]::New($root,$filter)
$searcher.FindAll()

User avatar
sekou2331
Posts: 271
Joined: Wed Aug 15, 2012 6:07 am

Re: Open LDAP

Post by sekou2331 »

Still getting the same error. The login works in C# but will not work in powershell. Really weird.

ERROR: Exception calling "FindAll" with "0" argument(s): "The user name or password is incorrect.
ERROR: "
LDAP_QUery.ps1 (7, 1): ERROR: At Line: 7 char: 1
ERROR: + $searcher.FindAll()
ERROR: + ~~~~~~~~~~~~~~~~~~~
ERROR: + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
ERROR: + FullyQualifiedErrorId : COMException
ERROR:

jvierra
Posts: 14213
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: Open LDAP

Post by jvierra »

Yes. You have to have the correct username and password. We can't help you with that. You may also have to encode the connection which is also up to the remote system.

I highly recommend contacting the support for the system you are connecting to to find out how they have configured it.

I also think your LDAP string is not correct. It should be either:

$ldap = 'LDAP://Server:389'
or
$ldap = 'LDAP://server:389/dc=domain,dc=com'

You have to determine which one you need. The port may need to be the LDAP encrypted port.

If the LDAP domain is a subdomain then the "DC=" part might have three bits.

$ldap = 'LDAP://server:389/dc=domain,dc=subdomain,dc=com'

User avatar
sekou2331
Posts: 271
Joined: Wed Aug 15, 2012 6:07 am

Re: Open LDAP

Post by sekou2331 »

Ok I think I figured out why I was not connecting. It looks like I needed some type of authentication binding. I wrote it still using C# methods. Is there are more PowerShell way for the below. Also how can I see the data under properties. I am only seeing this {adspath, companyname, mscrmid, cn...}.
  1. $username = "Username"
  2.  
  3. $password = "Password"
  4.  
  5. $DomainControllerIpAddress = 'servername'
  6.  
  7. $LdapDn = 'ou=organizations,o=.com'
  8.  
  9. $fastBind = [System.DirectoryServices.AuthenticationTypes]::ServerBind
  10.  
  11. $dn = New-Object System.DirectoryServices.DirectoryEntry ("LDAP://$($DomainControllerIpAddress):389/$LdapDn", $username, $password, $fastBind)
  12.  
  13.  
  14.  
  15. #Here look for a user
  16.  
  17. $ds = new-object System.DirectoryServices.DirectorySearcher($dn)
  18.  
  19. #Find Properties.
  20.  
  21. $ds.PropertiesToLoad.Add("organizationuid")
  22.  
  23. $ds.PropertiesToLoad.Add("companyname")
  24.  
  25. $ds.PropertiesToLoad.Add("id")
  26.  
  27. $ds.PropertiesToLoad.Add("cn")
  28.  
  29.  
  30.  
  31.  
  32.  
  33. $ds.FindAll()

jvierra
Posts: 14213
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: Open LDAP

Post by jvierra »

Here is an example of how to use the directory searcher.

https://gallery.technet.microsoft.com/E ... b4?redir=0

Locked