Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Active Directory authentication / authorisation

113 views
Skip to first unread message

Max Vit

unread,
Jul 6, 2007, 7:49:40 PM7/6/07
to
I have been toying with the idea of having an Active Directory
authentication / authorisation functionality in MS Access; but there
is not much useful info around.

I have built these functionalities for some applications (JAVA, PHP).
The parameters used there are the LDAP parameters for AD:

*searchFilter: (objectClass=user)
*searchBase: OU=register,OU=applications,DC=inside,DC=mycompany,DC=com
*adminPassword: Password
*adminName: CN=LDAP
Lookup,OU=Services,OU=applications,DC=inside,DC=mycompany,DC=com
*ldapURL: ldap://ldap.nicta.net

But I have not had much experience with LDAP queries using VBA :-(

Is there any sample code showing the correct synthax and appropriate
functions to use these parameters in a VBA for Access environment?

My idea is to have users presented with a login form; if they
authenticate successfully against AD then I can manage their
authorisation in locally in MS Access.

An even better scenario would be to also check if they belong to a
specific AD group - this way I could also manage authorisation using
AD.

I am using Access2k3 on Win XP S2; the AD service supports LDAP v4.

Any help would be greatly appreciated.

Tony Toews [MVP]

unread,
Jul 8, 2007, 9:43:03 PM7/8/07
to
Max Vit <mv...@safe-mail.net> wrote:

>I have been toying with the idea of having an Active Directory
>authentication / authorisation functionality in MS Access; but there
>is not much useful info around.

Here's a dump of everything I found a year or go as is in OneNote. You'll have to
figure out which of these links are appropriate to your scenario. I built a tool
that could create folders and subfrlders by job with different permissions for the
subfolders which varied by group.

nternet resources
Programmatically Set NTFS File System Folder Permissions

Enumerating Local Groups and Descriptions with NetLocalGroupEnum
Pasted from <http://vbnet.mvps.org/code/network/netlocalgroupenumdesc.htm>

Enumerating Members of a Group with NetLocalGroupGetMembers
Pasted from <http://vbnet.mvps.org/code/network/netgocalgroupgetmembers.htm>

Xcacls.exe
Pasted from <http://support.microsoft.com/default.aspx?scid=KB;EN-US;825751>

How To Use High-Level Access Control APIs from Visual Basic
Pasted from <http://support.microsoft.com/default.aspx?scid=kb;EN-US;295004>


http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adsi/adsi/iadsgroup.asp

Following might do everything I want.
http://groups.google.ca/groups?hl=en&lr=lang_en&ie=UTF-8&safe=off&threadm=033401c30554%24deccc7a0%24a401280a%40phx.gbl&rnum=3&prev=/groups%3Fhl%3Den%26ie%3DUTF-8%26safe%3Doff%26q%3Dadsi%2Bsearch%2Borganizationalunit%26spell%3D1

ldap

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnanchor/html/anch_activediradsi.asp

Active Directory Service Interfaces Quick-start Tutorials
Pasted from
<http://msdn.microsoft.com/library/en-us/adsi/adsi/adsi_quick-start_tutorials.asp?frame=true>


IADsAccessControlEntry
Pasted from
<http://msdn.microsoft.com/library/en-us/adsi/adsi/iadsaccesscontrolentry.asp?frame=true>

An ADSI Primer, Part 11: More on Scripting Permissions and Auditing (Windows
Scripting though)
Pasted from
<http://www.windowsitpro.com/WindowsScripting/Article/ArticleID/7456/7456.html>


HOWTO: Use ADsSecurity.dll to Remotely Add Local Account ACEs to an NTFS File
Pasted from <http://support.microsoft.com/default.aspx?scid=kb;en-us;Q285998>

How To Use ADSI to Set Automatic Inheritance of File/Folder Permissions
Pasted from <http://support.microsoft.com/kb/266461/EN-US/>

http://groups.google.ca/groups?q=group+dacl+security+permissions+group:*vb*&hl=en&lr=lang_en&safe=off&selm=3A42D078.3ED7F611%40hotmail.com&rnum=10

Various constants are at the following:
http://www.serverwatch.com/tutorials/article.php/1476721

Security and Access Rights
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/fileio/base/file_security_and_access_rights.asp


How To Use ADSI to Set Automatic Inheritance of File/Folder Permissions
Pasted from <http://support.microsoft.com/default.aspx?scid=kb;en-us;266461>
VBScript recursive changing of subfolders


IADsAccessControlEntry Property Methods
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adsi/adsi/iadsaccesscontrolentry_property_methods.asp


HOWTO: Use ADsSecurity.dll to Remotely Add Local Account ACEs to an NTFS File
Pasted from <http://support.microsoft.com/default.aspx?scid=kb;en-us;Q285998>

How To Use ADsSecurity.dll to Add an Access Control Entry to an NTFS Folder
Pasted from <http://support.microsoft.com/default.aspx?scid=kb;en-us;Q279682>

--
Tony Toews, Microsoft Access MVP
Please respond only in the newsgroups so that others can
read the entire thread of messages.
Microsoft Access Links, Hints, Tips & Accounting Systems at
http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/

Max Vit

unread,
Jul 8, 2007, 9:56:18 PM7/8/07
to
Hi Tony - Thanks a lot, very useful information!

Once I find some suitable solution I'll post the code here for the
benefit of others.

0 new messages