If you did a bind to the directory with that user object, then you should be
able to do a search to find the user object you used for the bind. This
might only be complicated if you authenticated with a foreign domain user,
but I doubt you are doing that.
The exact nature of the search would depend on the user name format you are
using in the bind. If you did a simple bind with the DN, then you already
have the path to the user object. :)
Joe K.
----- Original Message -----
From: "Alexandr Kara" <[EMAIL PROTECTED]>
To: <ActiveDir@mail.activedir.org>
Sent: Tuesday, January 23, 2007 11:26 AM
Subject: Re: [ActiveDir] "Who Am I" request
Hello Dmitri,
thanks for your reply. The server I connect to is pre-LH (Windows 2003 I
think), which doesn't support WhoAmI.
You suggested that I read tokenGroups, but I have no "user object" to read
it
from. All I have generic connection to a LDAP server (I need to use the
OpenLDAP library for compatibility).
Can I get the user object by some other means?
Thanks a lot,
Alexandr
Dne pondělí 22 leden 2007 16:07 Dmitri Gavrilov napsal(a):
ADAM (starting from ADAM 1.0) and AD (starting from Longhorn) support
WhoAmI extended operation per RFC. In addition, they support
rootDSE/tokenGroups attribute, which is exactly what you need to check
"self group membership".
If you have pre-LH AD, then what you can do is read tokenGroups off the
user object (which you can find using %USERDOMAIN% and %USERNAME% vars
if you have an interactive session, or by looking up user SID from the
token). Note tokenGroups value can vary slightly depending on which DC
you connect to. If you want deterministic results, read
tokenGroupsGlobalAndUniversal (which excludes domain local groups).
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alexandr Kara
Sent: Monday, January 22, 2007 6:46 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] "Who Am I" request
Hello everybody,
I am trying to get the CN of a user currently connected to Active
Directory
(using a 3rd party library).
I tried the "Who am I?" extended operation from RFC 4532, but I got an
error
120 or 0x78 (I don't know if it is useful).
Do you know of another method to get the CN? I need it to find out if
the user
is part of a group.
Thanks a lot,
Alexandr
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
