Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Getting name and email from AD
Message
From
22/07/2022 01:18:26
Hank Fay
Berea, Kentucky, United States
 
 
To
21/07/2022 23:30:43
Al Doman
M3 Enterprises Inc.
North Vancouver, British Columbia, Canada
General information
Forum:
Visual FoxPro
Category:
Coding, syntax & commands
Title:
Re: Getting name and email from AD
Miscellaneous
Thread ID:
01684680
Message ID:
01684696
Views:
41
When a user logs in, sys(0) gives you the userid, in AD terms. https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ldap/distinguished-names

In one app I work on the organization gives us the Distinguished Name (see article above). We store that in the user table. Using the userid (from sys(0)) I then confirm (or not) that the DN matches.

If your customer can live with that (providing the DN for all users of your system) I can send you the relevant code (which uses LDAP for the query). Stuart Dunkeld, on foxite.com, wrote the hard parts. :)

Hank

PS: I wouldn't consider capturing the users AD password. The horror, the horror ...


>>>>Thank you for your message.
>>>>Now - just this morning (since the customer is in Europe) - I received a new requirement. Now the customer wants a user to enter both the AD username and AD password into my VFP application. And my VFP application to check if this is a valid user. Initially I thought that they would not want a user to enter his/her password into the VFP application.
>>>>So, I am back to Tamar's link where the VFP application should create a query to the AD and validate a user.
>>>>I will need to find the name of the AD/SQL Server DB to do that.
>>>
>>>I question the need for this. If the user has already signed in to a domain-joined computer. their session is already authenticated. Why should they need to authenticate again from within your app, with the same credentials?
>>>
>>>If access privileges within your app depend on the AD username, you already have that, and you know they've already successfully authenticated against AD using that username.
>>
>>They have what they call "shared PCs". So, they would like various users to log into my application with the same username and password they use for their AD log in. So that each user will only have to remember one username and one password.
>>So, I will have to build a feature where the application will validate if this or that user is already in the AD.
>
>Multiple users can sign in (one at a time) on a "shared" computer - one signs out, another signs in.
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform