1
Vote

Really Big Problem: Doesn't Filter Distinguished Name properly. Doesn't Handle Escape Characters Correctly Upon WHERE Comparison

description

Tell me I am not the only one to run into this...
 
The Distinguished Name of an object in the Active Directoy requires that certain characters are escaped. Please refer to http://www.rlmueller.net/CharactersEscaped.htm.
 
I have an Active Directory group named "MyActiveDirectoryGroupName" which contains objects that have the following Distinguished Name's:
 
"CN=John Doe,OU=Location A,OU=Company Objects,DC=mycompany,DC=com"
"CN=Jane Doe,OU=Location A,OU=Company Objects,DC=mycompany,DC=com"
"CN=Krugar, Freddy,OU=Location A,OU=Company Objects,DC=mycompany,DC=com"
 
Notice the , in the "CN=". As far as Active Directory is concerned this translates to:
"CN=Krugar\, Freddy,OU=Location A,OU=Company Objects,DC=mycompany,DC=com" because the , has to be escaped using a \ in front of it.
 
 
But guess what...when I run the following query:

 

    DirectoryEntry ROOT = new DirectoryEntry(ConfigurationSettings.AppSettings["ActiveDirectory"]);
    MyCompanyName.LINQ.ActiveDirectory.ADsContext ctx = new MyCompanyName.LINQ.ActiveDirectory.ADsContext(ROOT);
 
    var results = from item in ctx.Groups
                  where item.Name == "MyActiveDirectoryGroupName"         // Note: Name is the [DirectoryAttribute("name")] for the Group object.
                  select item;
 
    foreach (var item in results)
    {
        rptrGroupMember.DataSource = item.Members;
        rptrGroupMember.DataBind();

}

Above Members is a string[] array of the Distinguished Name's of the members in the group I just query'd. LOL! Yay this is what I want....oh but wait...
 
Now I need to take the value in the Members[x] (which is the string Distinguished Name) and go lookup the User information since the Distinguished Name is the unique value I should be using to lookup a user fromt he Active Directory right, or any other object for that matter? ....ok lets do that...
 
So I created the following additional query:

 

public string GetGroupMemberSAMAccountName(object data)
{
    DirectoryEntry ROOT = new DirectoryEntry(ConfigurationSettings.AppSettings["ActiveDirectory"]);
    MyCompanyName.LINQ.ActiveDirectory.ADsContext ctx = new MyCompanyName.LINQ.ActiveDirectory.ADsContext(ROOT);

    var results = from item in ctx.Users
                  where item.Dn == Convert.ToString(data)           // Note: Dn is the [DirectoryAttribute("distinguishedName")] for the User object.
                  select item;
 
    string itemValue= string.Empty;
 
    foreach (var item in results)
    {
        itemValue= item.SAMAccountName;
    }
 
    return itemValue;

}

Ya this should work! And guess what it does except for one thing which is a deal breaker. The only result(s) I get back is the John Doe and the Jane Doe. What? Why? Well after spending a lot of time trying to pin point it, a pattern started to emerge...crap...the Distinguished Name's that have Last Name first and First Name last doesn't match correctly when the LINQ builds the query to use against the LDAP search for the Active Directory. I thought, well maybe I am passing the value wrong to it. If you look at the Convert.ToString(data) value during debugging you see the following:
 
"CN=Krugar\, Freddy,OU=Location A,OU=Company Objects,DC=mycompany,DC=com"
 
Hmmm...wonder what I have to do in order to get this LINQtoAD component to realize that this should match. When I looked further into the debuggin I noticed that the \ gets translated later on int he LINQtoAD project as the 0x5c value which of course is the ANSII value for . Don't know if that has anything to do with it. Anyone have any ideas or resolutions? I can't seriously be the only one who has run into this. And this is the only LINQtoAD component out there that I am aware of. Couldn't we make it work a little better by having the component realize that matching on Distinguished Name is crutial since Active Directory uses this as the object fully qualified name? It kinda like I want to search on a unique ID of a object but LINQtoAD won't let me. Bummer... Any ideas?

comments

afraan wrote Mar 10, 2009 at 2:43 AM

you can just use this format to search DN
where usr.Dn == "<GUID=70992CC0-7E3B-4C74-AC64-C3DD8807919A>"
where 70992CC0-7E3B-4C74-AC64-C3DD8807919A is what you get from your entity class

[DirectoryAttribute("objectGUID")]
public Guid Id { get; set; }

just use Id.ToString();

Hope that helps

mingsai wrote Dec 23, 2010 at 6:21 PM

I believe the search operations work bi-directionally and this may be why you are seeing inconsistent results. See the following for additional information. http://www.ldapexplorer.com/en/manual/109010000-ldap-filter-syntax.htm

wrote Feb 14, 2013 at 7:56 PM