User validation in LDAP / Active Directory

[Migrated content. Thread originally posted on 10 May 2011]

Does anyone have any experiense / code examples with validating users in LDAP / Active Directory ?

I don't have any examples, but if I was going to do this, I would use .Net to create a DLL that wraps all the LDAP functionality I needed to use, and then call this DLL from AcuCobol.

Paul

[Migrated content. Thread originally posted on 10 May 2011]

Does anyone have any experiense / code examples with validating users in LDAP / Active Directory ?

By "validating users", do you mean validating user credentials (username and password)? If so, the easiest approach - if you don't want to, or can't, use a simple Windows LogonUser call and let the OS validate against the domain controller - is to do an LDAP bind against the server (whether it's Active Directory or some other LDAP server) using the user's credentials.

So, you get the username and password, and you get the location of the LDAP server from some source (however your app normally does its configuration); then you initialize the LDAP client API and do a bind.

On Windows, you can use the native WLDAP32 API (ldap_init and ldap_bind), or if you want managed code, the LdapConnection class. These are standard Microsoft interfaces. (There are other choices, such as ADSI, but you don't need the additional complexity.) On Unix, there are various LDAP clients available, such as OpenLDAP (often included with Linux distributions) and various vendor-supplied LDAP client libraries.

[Edit: I've never done this from COBOL, only C; and my experience with Acu / extend is minimal. But the principle should be the same regardless of language.)

If sending credentials in the clear is an issue, you can use LDAP-over-SSL. That's supported out of the box on Windows, and generally supported on various Unix platforms with a combination of OpenLDAP and OpenSSL.