MS Active Directory User Authentication

[murray]

Does Jade 6.3 provide any support for Microsoft Active Directory user authentication?
I have had a search through the documentation and couldn't find anything related.
A search on this forum only turned up an old thread for older versions of Jade (5, 6.0).
I presume the alternative is to use the Microsoft API calls.
This is not urgent, just doing some forward-looking research for future requirements.

[Jade Support]

Hello Murray,

JADE does not natively authenticate against any external authority. You would need to use a 3rd party external library to authenticate against something else, e.g. LDAP/Active Directory/Kerberos/PAM etc. So yes, Active Directory could be used for authentication, but 3rd party code would be required (or appropriate calls to external functions etc.)

Regards,

[torrie]

We have used the windows API's in the past e.g.

Code: Select all

if call ceLogonUser( psUserName, psDomain, psPassword, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, iHandle, iLastError ) then if call ceCloseHandle( iHandle, iLastError ) then lastError := 0; return true; else // Failed to close the user login handle. lastError := iLastError; return false; endif; else lastError := iLastError; return false; endif;

Where LoginUser and CloseHandle are windows API Fuctions see http://msdn.microsoft.com/en-us/library ... S.85).aspx

There's a couple of traps: If validating on the local machine then just entering the current user ID will return a successful login and if doing this server side, then the user requires some permissions on the server.

Microsoft has a better example for user validation here: http://support.microsoft.com/kb/180548


You can also do this as previously suggested using LDAP. the JadeCare Start Schemas come with LDAP classes http://www.jade.co.nz/jadecare/download.htm. The following code will raise an exception if the login fails.

Code: Select all

vars ldap:CnLdapConnection; entry:CnLdapEntry; search:CnLdapSearch; attribute : CnLdapAttribute; c : Character; i : Integer; sGUID : String; begin // Create the LDAP object create ldap; /* Open an anonymous (unauthenticated) connection to the LDAP server. For anonymous connections, we set the second and third cnOpen parameters (authentication DN and password) to null. */ ldap.cnOpen("concepteng","Domain\torrie","P@55W0RD"); // Now create a search object and do the search create search; /* The first two parameters to cnSearch are the Base DN and filter: refer to ‘The How To and FAQ Section’, and Appendix B, for an explanation of these. The Base DN selects the branch of the directory tree where the search is to begin; it will vary according to the structure of the server’s directory tree, and the requirements of your application. */ // Search from the NAME ldap.cnSearch("OU=Users,OU=MyBusiness,DC=CONCEPTDOMAIN", "(sAMAccountName=torrie)", search); // Close the connection to the LDAP server ldap.cnClose; //Display each entry while search.cnGetNextEntry(entry) do write entry.cnAsString; foreach attribute in entry.allAttributes where attribute.name = "objectGUID" do foreach i in 1 to attribute.allStringValues.first.length do c := attribute.allStringValues.first[i]; sGUID := sGUID & '\' & c.toHex(); endforeach; write sGUID; endforeach; endwhile; delete search; delete ldap; end;

An exception is thrown if the login is not successful

Regards

Torrie

[murray]

Thanks for that, Torrie.
Some of our Jade systems are already happily using LDAP access via CardSchema.