Getting ‘System.__ComObject’ from the LDAP property

active-directoryldap

I'll be the first to admit that this is cut and past programming. I've never looked at AD before, and really don't understand it. I suppose that's my next study…

Anyways, This is some test code, which should display the expiry date — either as something readable, or in ticks — it doesn't matter. (It's a web form, which is running on the dev webserver.)

What I get instead is: "System.__ComObject "

DirectorySearcher searcher = new DirectorySearcher();
searcher.Filter = String.Format( "(SAMAccountName={0})", "TestA33" );
searcher.PropertiesToLoad.Add( "cn" );

SearchResult result = searcher.FindOne();
DirectoryEntry uEntry = result.GetDirectoryEntry();

String expiry = uEntry.Properties["accountExpires"].Value.ToString(); 

Response.Write( expiry );

Best Solution

The article that Dave Cluderay recommended is a good idea. One important thing to note is that if expiration is set to never, the date you get might not make sense.

According to MS documentation, the IADsLargeInteger from the ADSI call represents the number of 100 nanosecond intervals since Jan 1, 1601 (UTC) and "value of 0 or 0x7FFFFFFFFFFFFFFF (9223372036854775807) indicates that the account never expires".

Related Solutions

C# – LDAP DirectorySearcher with MemberOf property

You need to set the OU you want to search as the root of your DirectorySearcher:

DirectoryEntry myOU = new DirectoryEntry("OU=something,OU=yep,DC=dev,DC=local");
DirectorySearcher srch = new DirectorySearcher(myOU);
srch.SearchScope = SearchScope.Subtree;

and then use just the objectCategory=person for your filter - I would use objectCategory which is single-valued and indexed and thus fast rather than objectClass (which is multi-valued and not indexed):

srch.Filter = "(objectCategory=person)";

If you still want to check for membership in a group in addition to being part of the OU, you can add this as a member-of part to the filter:

srch.Filter = "(&(objectCategory=person)(memberOf=cn=Group,ou=yep,dc=dev,dc=local))";

Not totally sure about the wildcards - in general, LDAP search filters do support wildcards, but I'm a bit hesitant about using a wildcard in a RDN like this group DN here.

Marc

Python – Getting groups from LDAP to django

Here's what I did to make it work:

AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = True
AUTH_LDAP_BIND_DN = "existing_user"
AUTH_LDAP_BIND_PASSWORD = "existing_password"

and I changed (objectClass=groupOfNames) to (objectClass=top)

It seems that django_auth_ldap uses the bound user to check for the flags (is_staff, ...) but not to check the groups. So I added credentials to these variables which are now used to search for groups.

However, it works!

Best Solution

Related Solutions

C# – LDAP DirectorySearcher with MemberOf property

Python – Getting groups from LDAP to django

Related Question