Help with LDAP Set up to check if member is in Group

S

sspreyer

Registered User.
Local time
Yesterday, 18:47
Joined
Nov 18, 2013
Messages
251
Hi , all

i have been given this domain for a LDAP
Code: 
 CN=AsbAdminGroup,OU=General Groups,OU=Security Groups,OU=RF-CUSTOM,DC=RF-CUSTOM,DC=CO,DC=UK
i wish to be able check if the current user is apart of "AsbAdminGroup" and if they are then allow them to open form "admin"



To be honest i don't know much about LDAP i would be very grateful if someone could point me in the right direction or how to start this code project i have search google high and low nothing really giving me any direction its just confusing the hell out of me.what i need to do. so i have now turn to you guys on here as you have help me so much in the past :)


thanks in advance

Shane
 
Last edited:
The problem is that most of the time, we already know that the person has been validated when they establish a session (particularly since you are clearly looking at a domain environment). If a person can enter the database at all, the domain has already made that person "legal" (as a member of group AuthenticatedUsers, if not some other group). But you are looking at this from the wrong end of the telescope.

See, if the person has permission to open the database at all, then fact of their group membership is already lost because in such environments, you get it because either your personal account or a group of which you are a member has been named in an Access Control List (ACL) on the directory where your application resides. Once you passed that ACL test, we no longer know which one you actually passed. That is, if groups Admin, User, and Schmuck all have ACL access, then Access (big A) cannot tell whether a user who got in was an Admin, a User, or a Schmuck.

The only way I know to get past this is if you know what authentication method you are using AND it has a COM-capable DLL file, you might activate a method that would let you query the user. If you have LDAP software that participates in the COM paradigm, then there would be a call you would make.

OUR problem (and the reason all you heard were crickets) is that your answer depends on knowing what your IT department will let you do with regard to the current user.

NOW... there is another approach but it does not involve LDAP lookups. Once your user starts a session, your code can use Environ("UserName") to determine the login name of your user. You could use that to look up a table of users to see who it is and have a field in that table that identifies that user's group or rights. In a tight domain environment, you should be able to rely on the username being correctly managed.
 
The_Doc_Man said:
NOW... there is another approach but it does not involve LDAP lookups. Once your user starts a session, your code can use Environ("UserName") to determine the login name of your user. You could use that to look up a table of users to see who it is and have a field in that table that identifies that user's group or rights. In a tight domain environment, you should be able to rely on the username being correctly managed.
Click to expand...


Thanks doc man

This is what I have ending up doing using vlookup with environ and check a table see if the user exists in the table.

Thanks again for the advise

Shane
 
You must log in or register to reply here.

Similar threads

J
Code to change Date in a field if the checkbox is checked
Replies
5
Views
281
LarryE
LarryE
T
please help me with db, stuck with option group
2 3 4
Replies
64
Views
1,759
TipsyWolf
T
Fstetson
Need help setting up an initial Company information process
Replies
8
Views
467
Gasman
Gasman
isladogs
Access Europe User Group - Wed 2 Apr: Class Modules: How, Why and When To Use Them in the Real World (Anders Ebro)
Replies
2
Views
357
isladogs
isladogs
D
Setting up a conditional column in power query, using values in a separate table to check if they are in 2 columns.
Replies
1
Views
316
arnelgp
arnelgp

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
Back
Top Bottom