BpcADSI
Active Directory support through ADSI interface
Language: Delphi 7 - 2007
Overview
Provides active directory support for login and password authentication using one of 2 modes - bpcADSIWinNT (winNT lookup), bpcADSILdap (LDAP Lookup), as well as discovery of the current user. This component will work in a loaded DLL on a server as well as a desktop application.
Registers the TbpcADSI component in the Delphi IDE.
Example Canonical Strings:
(Used for LDAP authentication): CN=Fred,DC=bishopphillips,DC=com
IMPORTANT NOTE FOR AUTHENTICATION MODES
- IF FAuthMode=bpcADSILdap:
Use where user accounts have bad login lockout enabled.
While WinNT could do the entire access check and return the user object in one step given the username and password,
it defaults to kerberos first and if that fails it uses nt. That means that a bad password
will receive at least 2, possibly 3 login attempts which will trigger the acount lockout flag on normal account lockout settings. So..we have to use LDAP to test the password...BUT you can't access the user object in AD using LDAP if you don't know the canonical name (full name) which means that merely having the username is insufficient. So we access the Users container instead under LDAP using username and password to authenticate, and if that works we use the WinNT (with either
the cached LDAP login, or the launching user login - not sure whether winnt can see ldap caches) to access the user object.
- IF FAuthMode=bpcADSIWinNT:
Use where user accounts DO NOT have bad login lockout enabled. Uses WinNT only (Faster).
uses SysUtils, Classes, ActiveX, Windows, Types, ComCtrls, ExtCtrls, ActiveDs_TLB, adshlp, oleserver, Variants;
type
TbpcADPassword = record
Expired: boolean;
NeverExpires: boolean;
CannotChange: boolean;
end;
type
TbpcADSIUserInfo = record
UID: string;
UserName: string;
Description: string;
Password: TbpcADPassword;
Disabled: boolean;
LockedOut: boolean;
Groups: string; //CSV
end;
type
TbpcADSIAuthMode = ( bpcADSIWinNT, bpcADSILdap );
TbpcADSI = class(TComponent)
private
FUserName: string;
FPassword: string;
FCurrentUser: string;
FCurrentDomain: string;
FAuthMode : TbpcADSIAuthMode;
FLDAPCanonical : string;
function GetCurrentUserName: string;
function GetCurrentDomain: string;
protected
{ Protected declarations }
public
AnonWinNTError : boolean;
constructor Create(AOwner: TComponent); override;
destructor Destroy; override;
property CurrentUserName: string read FCurrentUser;
property CurrentDomain: string read FCurrentDomain;
function GetUser(Domain, UserName: string; var ADSIUser: TbpcADSIUserInfo): boolean;
function Authenticate(Domain, UserName, Group: string): boolean;
published
property LoginUserName: string read FUserName write FUserName;
property LoginPassword: string read FPassword write FPassword;
property LDAPCanonical : string read FLDAPCanonical write FLDAPCanonical;
property AuthMode : TbpcADSIAuthMode read FAuthMode write FAuthMode;
end;
