RE: [ActiveDir] ADAM attribute value

[Kevin Sullivan]

I am sorry if this is changing direction but Carlos you said that the SCP is not reliable? Why not? Do you have any supporting anecdotes or docs that back this up?   I am really curious. I have for quite a while thought that not have a core location service was a limitation but don’t’ truly have good supporting rationale…   Thanks, Kevin   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carlos Magalhaes Sent: Thursday, August 12, 2004 5:23 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADAM attribute value   Hi Harry,   Well you in luck as I built a tool that does just that. ADAM (unfortunately) has two things to consider 1. Does not allow you to set the defaultNamingContext  at setup or does not default the defaultNamingContext to the first Application Partition created (I have been assured that it will allow this), 2. It does not register itself within DNS. It does how ever create a Service Connection Point (SPC) (I think I got that right (ERIC :P )  in AD. This is not reliable though.   The most reliable way unfortunately is to:   1. As an administrator remotely connect to the registry of each machine in the domain and read the ADAM reg key. 2. Port scan (OUCH) all the machines in the network find the ones hosting a LDAP service connect to their RootDSE's and read the OID's that they specify and that will tell you if its a ADAM or AD server, but this is tricky as well :)   AD, ADAM or any LDAP programming? - http://groups.yahoo.com/group/adsianddirectoryservices Carlos Magalhaes Active Directory Programming MVP   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harpreet_Kapoor Sent: Thursday, August 12, 2004 10:51 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADAM attribute value Hi ,   Thanx for the help …just one more ques… Actually, we are trying to detect active directory and adam through our code. This code works for Active Directory. Since we are using dc objects only and in ADSI Edit, we are shown the value domainDNS under the heading class , we thought the same code will work for ADAM. Now , in order to identify ADAM , what should be the attribute & the corresponding value that we should use? The only issue of concern in our case is that our ADAM shows objectClass as a mandatory attribute and shows its value as top;domain;domainDNS .However, when we program to retrieve it , ldap_get_values (ld, e, attrs[0] ) fails. Also, ldap_compare_s() returns the error code 16 or 0x10 which means that the attribute does not exist. What could be the reason behind such behaviour? I shall be glad if you could be of some help. Thanks, Harry     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carlos Magalhaes Sent: Thursday, August 12, 2004 1:40 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADAM attribute value   Harry,   ADAM does not implement the domainDNS structure like Active Directory does, instead it uses Application Partitions in your case "dc=abcd,dc=com" , I am not saying that you can not add or use domainDNS, I am just trying to highlight that ADAM was not designed to work with the domainDNS structure like Active Directory was.   You will also find that your RootDSE - defaultNamingContext is not populated by default as it is in Active Directory. You have to populate this attribute manually (very easy).   Now about your code, I am not sure what you mean by "trying to find the value of ObjectClass" are you trying to find all objects using the LDAP filter "ObjectClass=*" ? The objectClass attribute contains the class of which the object is an instance, as well as all classes from which that class is derived.   If you would like to see more detail including some code (which is what I think you trying to do)  here is the link - http://msdn.microsoft.com/library/default.asp?url="">   Let us know how it goes. I also strongly suggest that you read ADAM's technical reference document, alot of work was put into it explaining these concepts and is one of the best ADAM documents around you can find it here -- http://www.microsoft.com/downloads/details.aspx?familyid=96c660f7-d932-4f59-852c-2844b343f3e0&displaylang=en   AD, ADAM or any LDAP programming? - http://groups.yahoo.com/group/adsianddirectoryservices Carlos Magalhaes Active Directory Programming MVP   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harpreet_Kapoor Sent: Thursday, August 12, 2004 9:46 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] ADAM attribute value We are trying to find the value of the "objectClass" attribute in ADAM. For this we wrote the following code :   char *attrs[2] = {"objectClass", NULL};     LDAPMessage* result = NULL;     int nResult = ldap_search_s (ld, "dc=abcd,dc=com", LDAP_SCOPE_SUBTREE, "objectClass=*", attrs, 0, &result);               if (nResult != LDAP_SUCCESS)     {         return LDAPUTIL_GETVERSIONFAIL;     }       int nentries = ldap_count_entries(ld, result);                 if (nentries <= 0)     {         if (result != NULL)             ldap_msgfree (result);           return LDAPUTIL_SUCCESS;     }       LDAPMessage* e = ldap_first_entry (ld, result);     char** vals = ldap_get_values (ld, e, attrs[0] );     int i=0;             if (vals != NULL)     {         if (vals[i] != NULL)         {                         cout<<"\n val[i] "<<vals[i]<<endl;                         i++;         }         ldap_value_free (vals);     }       if (result != NULL)         ldap_msgfree (result);     nResult = ldap_compare_s (ld, dcRoot, "objectClass","domainDNS");     if  ((nResult == LDAP_COMPARE_TRUE))     {         cout<<"Active Directory Application Mode(ADAM)";         return LDAP_SUCCESS;     }   Actually,our main aim is to find the value of objectClass for ADAM(Active Directory Application Mode)for use in ldap_compare_s().This is why we wrote the code above to find the value of the objectclass parameter.   I have the following questions: 1)We have observed that domainDNS works for Active Directory.Does it also work for ADAM? In our case,it does not.If it does not,what is the attribute value of objectClass in case of ADAM?In my case, ldap_compare_s returns the value 0x10 which means that the attribute does not exist. However,in ADAM ,I can clearly see the attribute.But when I give this value in ldap_compare_s(), it returns the error code 0x10.Is there any other attribute which can be used to identify the dc objects on ADAM just as objectclass and its value domainDNS work for Active Directory. 2)ldap_get_values() returns a NULL .What could be the possible solution?   My configuration settings: Root DN : dc=abcd,dc=com   Thanks, Harry