Active Directory and Network ID - asp.net

I know that I can get the fully qualified domain name by using the windows NT network domain. I'd like to do the reverse:
Ex: User.Identity.Name = "slaterock\fflintstone";
Active Directory returns fully qualified domain name of slaterock.bedrock.us.com.
I would like to be able to get the domain portion of User.Identity.Name by querying Active Directory (LDAP) by that user. I would be using the user's email address:
(&(objectClass=user)(objectCategory=Person)(mail=fred.flintstone#slaterock.com))
I have no trouble returning the AD attributes, but I cannot figure out an absolute link between the attributes I have and the domain name returned in User.Identity.Name. I see parts of it in the domain components (DC=slaterock,DC=bedrock,DC=US,DC=blah,blah) but I need the direct link.
Thanks

First, a bit of terminology to be clear (and to help any searches you do):
the 'slaterock' in 'slaterock\fflintstone' is the NetBIOS Domain Name for the domain.
'DC=slaterock,DC=bedrock,DC=US,DC=blah,blah' is the defaultNamingContext for the domain.
CN=fred flinstone,OU=Quarry1,DC=slaterock,DC=bedrock,... is the user account's distinguishedName.
To translate from the user's distinguishedName to the NetBIOS Domain Name of their domain:
get the user account's distinguishedName and chop it up to get the defaultNamingContext.
Then do a search against the container: "CN=Partitions,CN=Configuration,DC=JohnLewis,DC=co,DC=uk"
for an object with an nCName value that matches the defaultNamingContext from above.
Get the nETBIOSName attribute of that object and you've got what you're after.

Related

Configure authentication and synchronization with two LDAP in Alfresco 5.1

We perform migration from enterprise version Alfresco 4.2 to the 5.1.
There are two Active Directory domains (primary and child) in company, for this reason we configure two LDAP(AD) subsystems in Alfresco 5.1.
Structure of properties:
/opt/tomcat7/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad/ldap2
/opt/tomcat7/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad/ldap1
Problem is that authentication and synchronistaion work only for one ldap-ad subsystem (ldap1 or ldap2), which have first place in the list of authentication chain (ldap1 and ldap2 don't work together).
Authentication chain screenshot
For a example, if ldap1 have first place in the list, that user's login from ldap2 fails (and conversely!).
In this case I look error in alfresco.log:
Caused by: net.sf.acegisecurity.AuthenticationCredentialsNotFoundException: A valid SecureContext was not provided in the RequestContext
My properties:
/opt/tomcat7/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad/ldap1/ldap-ad-authentication.properties
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s#fake.local
ldap.authentication.java.naming.provider.url=ldap://fake.local:***
ldap.authentication.defaultAdministratorUserNames=fake_user
ldap.authentication.java.naming.referral=follow
ldap.synchronization.java.naming.security.principal=fake_user#fake.local
ldap.synchronization.java.naming.security.credentials=somepassword
ldap.synchronization.groupSearchBase=ou=Archiv,ou=FileServerGroups,ou=Groups,dc=fake,dc=local
ldap.synchronization.userSearchBase=dc=fake,dc=local
ldap.synchronization.groupDisplayNameAttributeName=description
ldap.synchronization.userOrganizationalIdAttributeNameCustom=distinguishedName
ldap.synchronization.com.sun.jndi.ldap.connect.pool=true
/opt/tomcat7/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad/ldap2/ldap-ad-authentication.properties
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s#gss.fake.local
ldap.authentication.java.naming.provider.url=ldap://gss.fake.local:***
ldap.authentication.defaultAdministratorUserNames=fake_user
ldap.authentication.java.naming.referral=follow
ldap.synchronization.java.naming.security.principal=fake_user#fake.local
ldap.synchronization.java.naming.security.credentials=somepassword%
ldap.synchronization.groupSearchBase=ou=Archiv,ou=FileServerGroups,ou=Groups,dc=gss,dc=fake,dc=local
ldap.synchronization.userSearchBase=dc=gss,dc=fake,dc=local
ldap.synchronization.groupDisplayNameAttributeName=description
ldap.synchronization.userOrganizationalIdAttributeNameCustom=distinguishedName
ldap.synchronization.com.sun.jndi.ldap.connect.pool=true
alfresco-global.properties
### Authentication ###
#authentication.chain=ldap1:ldap-ad,ldap2:ldap-ad,alfrescoNtlm1:alfrescoNtlm
authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad,ldap2:ldap-ad
Thanks in advance!
Finally, I resolved issue related to authentication users.
I put empty string of parametr:
ldap.authentication.userNameFormat=
for each LDAP subsystems in files ldap-ad-authentication.properties.
After, users from two ldaps could login successfully.
ldap.authentication.userNameFormat
Specifies how to map the user identifier entered by the user to that
passed through to LDAP. If set to an empty string (the default for the
ldap subsystem), an LDAP query involving
ldap.synchronization.personQuery and
ldap.synchronization.userIdAttributeName will be performed to resolve
the DN from the user ID dynamically. This allows directories to be
structured and does not require the user ID to appear in the DN.
If set to a non-empty value, the substring %s in this value will be
replaced with the entered user ID to produce the ID passed to LDAP.
This restricts LDAP user names to a fixed format. The recommended
format of this value depends on your LDAP server.

MailMessage only accepts sender with #domain

I wrote a code in .NET to send emails in my application:
Oxygenne + ASP.Net:
mensagem:=MailMessage.Create(configemail[1],toUsers);
mensagem.Subject:=title;
mensagem.Body:=body;
mensagem.IsBodyHtml:=IsBodyHtml;
This works fine when configemail[1] is something like "myemail#gmail.com". However, I have the need to send emails without using domain, something like "myemail".
I am getting this error:
The specified string is not in the form required for an e-mail address
I believe this happens because the code validates if the variable has #anydomain in the string.
Am I able to override it, and let the user try to send emails without usind "#domain" in their address?
So far as I'm aware, SMTP requires all recipient mailboxes to have a domain part. You may be able to interact with a specific mail system via other protocols that allows you to interact with just local mailboxes but you shouldn't expect SMTP tools to be the means of doing so.
Per RFC 5321:
Only resolvable, fully-qualified domain names (FQDNs) are permitted
when domain names are used in SMTP ... There are two exceptions to the
rule requiring FQDNs
The reserved mailbox name "postmaster" may be used in a RCPT
command without domain qualification
Which in turn leads us to the syntax for the RCPT command:
rcpt = "RCPT TO:" ( "<Postmaster#" Domain ">" / "<Postmaster>" /
Forward-path ) [SP Rcpt-parameters] CRLF
So, the only generally applicable form that is available is the Forward-Path, which via a few hops (and ignoring some legacy options not helpful to you here) leads us to the Mailbox syntax:
Mailbox = Local-part "#" ( Domain / address-literal )
So, either way you have to have the # and then your choices boil down to a domain name or an IP address. Note that this may give us an opening though - you may be able to get what you want by specifying the addresses as myemail#127.0.0.1.

Cross domain cookie accessing

How can we access cookie created by one domain in another domain.
I have created cookie as following in one domain
Response.Cookies["newOne"].Value = "something";
from another domain I am accessing it as
var data = Request.Cookies["newOne"].Value; //This is throwing exception
I am able to access cookie from local but not from another domain.
Give your cookie domain name also as shown :-
Response.Cookies["newOne"].Value = "something";
Response.Cookies["newOne"].Domain = ".mydomain.com"
and then access its value in other domain.
HttpCookie hcookie = new HttpCookie("cookiename","Cookie Value");
hcookie.Domain = ".example.com";
Please try this link
http://msdn.microsoft.com/en-us/library/dd920298(v=vs.95).aspx
This question's pretty cold, but in case anyone else stumbling on it, or the OP still has need, I've created an NPM module, which allows you to share locally-stored data across domains:
https://www.npmjs.com/package/cookie-toss
By using an iframe hosted on Domain A, you can store all of your user data on Domain A, and reference that data by posting requests to the Domain A iframe.
Thus, Domains B, C, etc. can inject the iframe and post requests to it to store and access the desired data. Domain A becomes the hub for all shared data.
With a domain whitelist inside of Domain A, you can ensure only your dependent sites can access the data on Domain A.
The trick is to have the code inside of the iframe on Domain A which is able to recognize which data is being requested. The README in the above NPM module goes more in depth into the procedure.
Hope this helps!

postmaster#servername.mydomain.com as "from" address

Very first time in 6 years, my client has reported that they are receiving email from my asp.net web applicaation with "from" id as "postmaster#servername.mydomain.com". Though, the mail id I use to send emails are "support#mydomain.com".
Not all the emails are delivered with postmaster# as "from" address.
The "to" address of these kind of emails are like donotreply# . So if a "to" address belongs to "donotreply" category, will SMTP will change the original "from" address to "postmaster#"?
We haven't faced this anytime before but why is it occurring now? I googled and found https://webmasters.stackexchange.com/questions/2030/should-i-set-up-standard-email-accounts-what-are-they and Do I really need webmaster#domain.com, postmaster#domain.com, etc. emails? but not sure what it has to do with my SMTP.
Can someone help me understand why it is happening?
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/6bb0d71f-d3d7-4f59-aa01-4d5c022274a4.mspx?mfr=true
From the above link,
To rename the default domain
1.In IIS Manager, expand the SMTP virtual server, and then click Domains.
2.In the details pane, right-click a domain name, and then click Rename.
3.Type a new name for the default domain.
For me the domain name was "servername.mydomain.com" and I modified it as "mydomain.com"

Tilde prefix returns invalid home directory

I am trying to find the home directory of users on a UNIX (Solaris/AIX) box using
echo ~username
This does return the home directory for all valid users. For some reason this command also outputs home directory which are non-existent for few users who seem not to have logon access to that server.
For eg. the above command would return below for a non-existent user -
/home/username
What I expected was
~username
as output for a user with no access and that does happen with certain usernames.
This makes me think what could be causing a difference between different users who do not have access to this server. Has this something to do with LDAP?
Nothing I can find in /etc/passwd too.
getent and finger commands were outputting a default home directory for a non-existent user (not retrieved using ldaplist) because the requests were handled through an intermediate access control mechanism such as Cisco SA Control for role based access control.

Resources