MS Active Directory User Authentication

For questions and postings not covered by the other forums
murray
Posts: 144
Joined: Fri Aug 14, 2009 6:58 pm
Location: New Plymouth, New Zealand

MS Active Directory User Authentication

Postby murray » Thu Mar 31, 2011 2:30 pm

Does Jade 6.3 provide any support for Microsoft Active Directory user authentication?
I have had a search through the documentation and couldn't find anything related.
A search on this forum only turned up an old thread for older versions of Jade (5, 6.0).
I presume the alternative is to use the Microsoft API calls.
This is not urgent, just doing some forward-looking research for future requirements.
Murray (N.Z.)

User avatar
Jade Support
Posts: 103
Joined: Mon Aug 17, 2009 10:27 am
Location: Jade Software Corporation, Christchurch

Re: MS Active Directory User Authentication

Postby Jade Support » Thu Mar 31, 2011 3:31 pm

Hello Murray,

JADE does not natively authenticate against any external authority. You would need to use a 3rd party external library to authenticate against something else, e.g. LDAP/Active Directory/Kerberos/PAM etc. So yes, Active Directory could be used for authentication, but 3rd party code would be required (or appropriate calls to external functions etc.)

Regards,
Jade Support
Jade Software Corporation Ltd

Email: jadesupport@jadeworld.com
Web: http://www.jadeworld.com

Jade Software – complex business problems solved beautifully.

torrie
Posts: 92
Joined: Fri Aug 14, 2009 11:24 am

Re: MS Active Directory User Authentication

Postby torrie » Thu Mar 31, 2011 7:43 pm

We have used the windows API's in the past e.g.

Code: Select all

if call ceLogonUser( psUserName, psDomain, psPassword, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, iHandle, iLastError ) then if call ceCloseHandle( iHandle, iLastError ) then lastError := 0; return true; else // Failed to close the user login handle. lastError := iLastError; return false; endif; else lastError := iLastError; return false; endif;
Where LoginUser and CloseHandle are windows API Fuctions see http://msdn.microsoft.com/en-us/library ... S.85).aspx

There's a couple of traps: If validating on the local machine then just entering the current user ID will return a successful login and if doing this server side, then the user requires some permissions on the server.

Microsoft has a better example for user validation here: http://support.microsoft.com/kb/180548


You can also do this as previously suggested using LDAP. the JadeCare Start Schemas come with LDAP classes http://www.jade.co.nz/jadecare/download.htm. The following code will raise an exception if the login fails.

Code: Select all

vars ldap:CnLdapConnection; entry:CnLdapEntry; search:CnLdapSearch; attribute : CnLdapAttribute; c : Character; i : Integer; sGUID : String; begin // Create the LDAP object create ldap; /* Open an anonymous (unauthenticated) connection to the LDAP server. For anonymous connections, we set the second and third cnOpen parameters (authentication DN and password) to null. */ ldap.cnOpen("concepteng","Domain\torrie","P@55W0RD"); // Now create a search object and do the search create search; /* The first two parameters to cnSearch are the Base DN and filter: refer to ‘The How To and FAQ Section’, and Appendix B, for an explanation of these. The Base DN selects the branch of the directory tree where the search is to begin; it will vary according to the structure of the server’s directory tree, and the requirements of your application. */ // Search from the NAME ldap.cnSearch("OU=Users,OU=MyBusiness,DC=CONCEPTDOMAIN", "(sAMAccountName=torrie)", search); // Close the connection to the LDAP server ldap.cnClose; //Display each entry while search.cnGetNextEntry(entry) do write entry.cnAsString; foreach attribute in entry.allAttributes where attribute.name = "objectGUID" do foreach i in 1 to attribute.allStringValues.first.length do c := attribute.allStringValues.first[i]; sGUID := sGUID & '\' & c.toHex(); endforeach; write sGUID; endforeach; endwhile; delete search; delete ldap; end;
An exception is thrown if the login is not successful

Regards

Torrie

murray
Posts: 144
Joined: Fri Aug 14, 2009 6:58 pm
Location: New Plymouth, New Zealand

Re: MS Active Directory User Authentication

Postby murray » Fri Apr 01, 2011 9:18 am

Thanks for that, Torrie.
Some of our Jade systems are already happily using LDAP access via CardSchema.
Murray (N.Z.)


Return to “General Discussion”

Who is online

Users browsing this forum: No registered users and 5 guests