Microsoft KB Archive/236400

= How To Use ADSI to Bind to Objects with the NDS Provider =

Article ID: 236400

Article Last Modified on 9/28/2007

-

APPLIES TO


 * Microsoft Active Directory Service Interfaces 2.0
 * Microsoft Active Directory Service Interfaces 2.5
 * Microsoft Active Directory Service Interfaces 2.5
 * Microsoft Active Directory Service Interfaces 2.5

-



This article was previously published under Q236400



SUMMARY
Active Directory Services Interfaces (ADSI) has the ability to access discrete directory services by using a unique provider for each system. The NDS provider is used to access information from NetWare Directory Service (NDS). The NDS provider is dependant on adsNDS.dll, which is installed as part of the ADSI runtime library, as well as APIs that are installed by Client Services for NetWare and Gateway Services for Netware.



MORE INFORMATION
In order to retrieve information about an object, its location in the NDS tree must be known. Once the location of the object is known, the path to that object can be used to bind to it. Once an object is bound to, it is possible to manipulate it. An important aspect of the bind is what user's security context the bind is under. This security context will determine what permissions the program will have on any given object.

Two different bind techniques can be used to determine what context is used. The GetObject (ADsGetObject in Microsoft Visual C++) function call is used to bind as the user currently logged on to the computer that is running the application. If it is necessary to run the application in the context of a user other than the one logged on, then OpenDSObject (ADsOpenObject in Visual C++) should be used.

The bind string that is passed into both GetObject and OpenDSObject is begun by specifying the ProgID of the ADSI provider, in this case "NDS". After the ProgID, "://" is appended. The rest is dependent on the provider that is used. With the NDS provider, the next part of the string is the name of the NDS tree. The tree name is followed by a slash ("/") and then the distinguished name of the object. The distinguished name is the path from the root to the object, including the relative distinguished names (RDNs) of all organizational units or containers in between. Each level is separated by slashes ("/").

The following is an example of binding to a user object in the logged on security context: Dim oUser As IADsUser Set oUser = GetObject("NDS://MyTree/O=MyCompany/OU=MyOU/CN=User1")

OpenDSObject, which is used to specify another security context, has the following parameters:

OpenDSObject(lpszDNName As String, lpszUserName As String, lpszPassword As String, lnReserved As Long)

The first parameter, lpszDNName, is the bind string that you generated earlier, otherwise know as an ADsPath.

The next parameter, lpszUserName, is the user name of the security context that will be used for authentication. This user name must also be specified as a distinguished name, but in the NetWare syntax. In the NetWare syntax, distinguished names are specified from deepest in the tree (object name) to closest to the root. Each level in this case is separated by periods ("."). Placing the object name type in the distinguished name is referred to as using a "typeful" name. The following is an example of a typeful name:

CN=Admin.OU=AdminOU.O=MyCompany

The distinguished name of a user can also be specified as a "typeless" name. A typeless name does not contain any object name types:

Admin.AdminOU.MyCompany

The next parameter in OpenDSObject, lpszPassword, is a string that contains the password of the user specified.

The last parameter to OpenDSObject, lnReserved, specifies the type of connection to be attempted. This flag is ignored by the NDS provider.

The following is an example of how to use OpenDSObject to bind to an NDS server in the security context of a specified user: Dim oUser As IADsUser Dim oSysProv As IADsOpenDSObject

strPath = "NDS://MyTree/o=MyCompany/OU=MyOU/cn=User1" strUserName = "User2.SubOU.MyOU.MyCompany" strPassword = "password"

Set oSysProv = GetObject("NDS:") Set oUser = oSysProv.OpenDSObject(strPath, strUserName, strPassword, 0)

