RE: Reading active directory from RPG -- WEB400

Kevin,

You do a synchronous bind operation to validate their credentials.

Matt 

-----Original Message-----
From: web400-bounces+matt.haas=thomson.com@xxxxxxxxxxxx
[mailto:web400-bounces+matt.haas=thomson.com@xxxxxxxxxxxx] On Behalf Of
Kevin Touchette
Sent: Wednesday, November 02, 2005 12:36 PM
To: Web Enabling the AS400 / iSeries
Subject: RE: [WEB400] Reading active directory from RPG

Mike,

  Scott's code was exactly what I was looking for, the only thing I
don't understand is, how do I authenticate a user's password.  I don't
think we  want to make it so that all users can connect to the LDAP
server.  Or do we?  I was kind of thinking that one account would be
able to connect and do a query of a user profile and password?  How do I
get the password to authenticate it?

Kevin Touchette 

-----Original Message-----
From: Mike Cunningham [mailto:MCUNNING@xxxxxxx] 
Sent: Tuesday, November 01, 2005 10:17 AM
To: web400@xxxxxxxxxxxx; WaldenL@xxxxxxxxxxxxxxx
Subject: RE: [WEB400] Reading active directory from RPG

If your getting into LDAP coding you might want to look at a product
like this http://iseries.msp.be/MSPLIB/ We user this and I think there
are others out there. Using something like this makes doing LDAP from
RPG a lot easier.
 
Turns an LDAP lookup and update into something very easy to
understand...
 
// Create pointer to server                            
 pLDAP = LDAPCreate(LDAPServer:389);                   
// Set server login user                               
 dn = 'cn=' + %trim(ldapusr) + ',' + %trim(LDAP_O);    
// Login to server                                     
 ldapok = LDAPConnect(pLDAP:dn:%trim(ldappwd));        
// Set LDAP Organization                               
 ldapok = LDAPsetBaseDN(pLDAP: %trim(LDAP_O));         
// Set LDAP Attributes to retrieve                     
 Attributes = 'initials,fullname';                     
 ldapok = LDAPsetAttributes(pLDAP: %trim(Attributes)); 
// Set LDAP User to query                                 
 filter = '(cn=' + %trim(Netwid) + ')';                   
 ldapok = LDAPsetFilter(pLDAP: filter);                   
// Test for valid connection to LDAP server               
 n = LDAPQuery(pLDAP);                                    
 If n > 0;                                                
   // Read defined attributes for defined user to buffer  
    ldapok = LDAPFetch(pLDAP);                            
   // Read defined attributes for defined user from buffer
    LDAP_Initial = LDAPgetValue(pLDAP: 'initials');

    LDAP_FullName = LDAPgetValue(pLDAP: 'fullname');   
.
.
.                   
// Update LDAP if needed                                  
    If Initial <> Old_Initial or                          
        FullName <> Old_FullName;

      dn = 'cn=' + %trim(Netwid) + ',' +                         
                    %trim(LDAP_OU) + ',' + %trim(LDAP_O);        
     If Initial <> Old_Initial;                                  
      ldapok = LDAPsetValue(pLDAP: 'initials': %trim(Initial));  
     EndIf;                                                      
     If FullName <> Old_FullName;                                
      ldapok = LDAPsetValue(pLDAP: 'fullname': %trim(FullName)); 
     EndIf;                                                      
     ldapok = LDAPModify(pLDAP: dn);                             
    EndIf;                                                       
  EndIf;        
 
LDAPDisconnect(pLDAP); 
                                                
>>> WaldenL@xxxxxxxxxxxxxxx 11/1/2005 11:45:34 AM >>>

AD is just an LDAP server (ok, it's more than that, but you can treat it
like one) so scott's code at:
http://archive.midrange.com/rpg400-l/200206/msg00503.html should point
you in the right direction.

-Walden