Re: [ActiveDir] "Who Am I" request

Tue, 23 Jan 2007 03:14:09 -0800 


Using ldp.exe;

rootDSE query for supportedExtension will you the OID:

4> supportedExtension:
1.3.6.1.4.1.1466.20037 = ( LDAP_SERVER_START_TLS_OID );
1.3.6.1.4.1.1466.101.119.1 = ( LDAP_TTL_REFRESH_OID );
1.2.840.113556.1.4.1781 = ( LDAP_SERVER_FAST_BIND_OID );

1.3.6.1.4.1.4203.1.11.3 = ( LDAP_SERVER_WHO_AM_I_OID );


Then it's (post bind to be useful)

 Browse -> Extended Op
  and paste in the OID (1.3.6.1.4.1.4203.1.11.3) with no Data value.




Lee Flight

On Mon, 22 Jan 2007, Joe Kaplan wrote:
It there support for WhoAmI in ldp.exe? It sounds useful and I'd like to try it. :) 

Joe R.: When will this be added to Adfind (or is it already)?

Joe K.
----- Original Message ----- From: "Dmitri Gavrilov" <[EMAIL PROTECTED]> 
To: <ActiveDir@mail.activedir.org>
Sent: Monday, January 22, 2007 9:07 AM
Subject: RE: [ActiveDir] "Who Am I" request


ADAM (starting from ADAM 1.0) and AD (starting from Longhorn) support
WhoAmI extended operation per RFC. In addition, they support
rootDSE/tokenGroups attribute, which is exactly what you need to check
"self group membership".

If you have pre-LH AD, then what you can do is read tokenGroups off the
user object (which you can find using %USERDOMAIN% and %USERNAME% vars
if you have an interactive session, or by looking up user SID from the
token). Note tokenGroups value can vary slightly depending on which DC
you connect to. If you want deterministic results, read
tokenGroupsGlobalAndUniversal (which excludes domain local groups).


-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alexandr Kara
Sent: Monday, January 22, 2007 6:46 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] "Who Am I" request

Hello everybody,
I am trying to get the CN of a user currently connected to Active
Directory
(using a 3rd party library).

I tried the "Who am I?" extended operation from RFC 4532, but I got an
error
120 or 0x78 (I don't know if it is useful).
Do you know of another method to get the CN? I need it to find out if
the user
is part of a group.

Thanks a lot,
Alexandr
List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx

List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx 
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx



Lee Flight
__________________________________________________________
Lee Flight ([EMAIL PROTECTED])         Tel: +44 (0)116 252 2257
IT Services,
Computer Centre, University of Leicester
Leicester LE1 7RH, United Kingdom

List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx

Reply via email to