Find out User cannot change password value of ldap

Question

1.00/5 (1 vote)

See more:

Hi,
I am trying to find out that in ad, user has allowed to change password or not. I have used SearchResponse to find out that user exists or not. I just want to find out that user cannot change password is true or false.

C#

LdapConnection connection = new LdapConnection(new LdapDirectoryIdentifier(domainname,636));

connection.SessionOptions.VerifyServerCertificate =
                new VerifyServerCertificateCallback((con, cer) => true);

connection.SessionOptions.ProtocolVersion = 3;
 
connection.AuthType = AuthType.Basic;
 
connection.Credential = new NetworkCredential("CN=adminusername,DC=Domain,DC=COM", "password");
 
connection.SessionOptions.SecureSocketLayer=true;
 
using(connection)
{

SearchRequest request = new SearchRequest("ou=users,DC=Domain,DC=COM", "CN=pmutest", System.DirectoryServices.Protocols.SearchScope.Subtree);

SearchResponse response = (SearchResponse)connection.SendRequest(request);
}

This is how I find that user exist or not.

Posted 15-Oct-12 20:36pm

mayankkarki

Updated 23-Nov-12 20:15pm

Mohd. Mukhtar

v3

Add a Solution

Comments

Mohd. Mukhtar 16-Oct-12 2:39am

please update some code snipet how are you checking the user and where you have stored the information regarding the change password status.

mayankkarki 16-Oct-12 2:46am

Thanks, I updated the question.

Mohd. Mukhtar 16-Oct-12 3:49am

Coustmize response and return flag value and check flag value if user has access to change password or not.

mayankkarki 16-Oct-12 4:59am

I didn't understand it. Can you show me how to implement.

Mohd. Mukhtar 16-Oct-12 5:01am

In the below line what value you are getting in response object.

SearchResponse response = (SearchResponse)connection.SendRequest(request);

mayankkarki 16-Oct-12 5:18am

All attributes values are there. I used some attributes like this DirectoryAttribute userAccountControl = response.Entries[0].Attributes["useraccountcontrol"];
But don't know which attribute to used for user cannot change password.

Mohd. Mukhtar 16-Oct-12 5:31am

print the attributes and values of response object, Hope you will figureout the thing now.

mayankkarki 16-Oct-12 7:30am

I print the values of all attributes but didn't find any usefull one.

Mohd. Mukhtar 16-Oct-12 7:46am

Then you need to modify the SendRequest method and in return object you need to add required value.

mayankkarki 16-Oct-12 7:48am

Can you show me how to do this. Its urgent.

Mohd. Mukhtar 16-Oct-12 8:20am

Pls follow the below link.

http://msdn.microsoft.com/en-us/library/ms141885.aspx

and modify the request and attribute which you want in response object.

mayankkarki 16-Oct-12 8:22am

This is the problem that I don't know which attribute is used for users cannot change password.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

mayankkarki · Answer 1 · 2012-11-23T19:56:00

Solution of my problem.

SearchResponse response = (SearchResponse)connection.SendRequest(request);
               DirectoryAttribute attribute = response.Entries[0].Attributes["ntSecurityDescriptor"];

               if (attribute != null)
               {
                   const string PASSWORD_GUID = "{ab721a53-1e2f-11d0-9819-00aa0040529b}";
                   const int ADS_ACETYPE_ACCESS_DENIED_OBJECT = 6;
                   bool fEveryone = false;
                   bool fSelf = false;

                   ActiveDs.ADsSecurityUtility secUtility = new ActiveDs.ADsSecurityUtility();
                   ActiveDs.IADsSecurityDescriptor sd = (IADsSecurityDescriptor)secUtility.ConvertSecurityDescriptor((byte[])attribute[0], (int)ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_RAW, (int)ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID);
                   ActiveDs.IADsAccessControlList acl = (ActiveDs.IADsAccessControlList)sd.DiscretionaryAcl;

                   foreach (ActiveDs.IADsAccessControlEntry ace in acl)
                   {
                       if ((ace.ObjectType != null) && (ace.ObjectType.ToUpper() == PASSWORD_GUID.ToUpper()))
                       {
                           if ((ace.Trustee == "Everyone") && (ace.AceType == ADS_ACETYPE_ACCESS_DENIED_OBJECT))
                           {
                               fEveryone = true;
                           }
                           if ((ace.Trustee == @"NT AUTHORITY\SELF") && (ace.AceType == ADS_ACETYPE_ACCESS_DENIED_OBJECT))
                           {
                               fSelf = true;
                           }

                           break;
                       }
                   }

                   if (fEveryone || fSelf)
                   {
                       return Global.RequestContants.CANT_CHANGE_PASSWORD;
                   }
                   else
                   {
                       return string.Empty;
                   }
               }