+ Post New Thread
Results 1 to 5 of 5
Web Development Thread, Run LDAP query intranet server in Coding and Web Development; Hi, first of all i appologise if this is more of a security question that web development... I've got an ...
  1. #1

    Join Date
    Aug 2006
    Location
    Notts
    Posts
    38
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Run LDAP query intranet server

    Hi, first of all i appologise if this is more of a security question that web development...

    I've got an asp page that will run an LDAP query against our PDC to list all the pupil users in school. This works lovely at home over a https connection back into the Intranet at school. However if i run the query at school using plain http via the Intranet the query will fail.

    Is there some code I need to add to the query or something I need to alter on the page to allow me to access LDAP without using SSL?

    If this isn't possible, am I able to have two seperate SSL certificates on one IIS server that are linked to the hostheaders to allow SSL traffic on both the internet domain name, and internal domain name.

    Source code is available on request.

    Many thanks
    Ryan

  2. #2

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,223
    Thank Post
    874
    Thanked 2,717 Times in 2,302 Posts
    Blog Entries
    11
    Rep Power
    780
    It may be something to do with the user authentication. The account running the ASP script must have the appropriate access to run a LDAP query on the server. You may need to change the user that the ASP engine runs on for that site.

  3. #3

    Join Date
    Jan 2008
    Posts
    12
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I dont think it is to do with the account that ASP uses, because if you say this works from home over SSL then it will still be using the same ASP account to run the LDAP query.

    Im not 100% on this but something inside me thinks that when running LDAP queries via web server they need to be over HTTPS.

    Dont take my word for it though, i just remember reading something along them lines when i was looking to do something with PHP.

    Cheers

    N

  4. #4

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,156
    Thank Post
    116
    Thanked 529 Times in 452 Posts
    Blog Entries
    2
    Rep Power
    124
    You can certainly do it without SSL but it's a security risk. I'm guessing that if the internal domain name is different from the external name then the certificate won't be valid for this name and that's why it's failing (like when you go to a web site and you get a warning telling you that the certificate was issued for a different site).

    I don't see why this should be the case, however. Even when you are at home, the code you are running is being executed on the server so is effectively always local (unless you're doing some kind of client side code which is (IMHO!) a "bad idea")

  5. #5
    rpwillis's Avatar
    Join Date
    Aug 2007
    Location
    SalamanderSoft Ltd
    Posts
    178
    Thank Post
    43
    Thanked 61 Times in 49 Posts
    Rep Power
    26
    From the description I would guess that you've got the web application set up to impersonate the logged in user.

    If this is the case, when you log in externally and provide a username and password ASP can run exactly with your permissions and access the network as if it is you because it knows your password. If you automatically log in, i.e. are running it internally through the network, it still runs as you, however the browser passes it a security token describing who you are, but not what your password is. This token can be used to access other resources on the same machine as IIS as though it was you, but cannot access other servers as the token cannot be passed from the server to another machine.

    If this is the problem, then you can give permissions to the asp account as SYNACK suggests or should be able to set explicit user credentials to access LDAP which should work in both cases, but then you have the problem of securing the password.

    Richard

SHARE:
+ Post New Thread

Similar Threads

  1. DNS LDAP query
    By SpuffMonkey in forum Wireless Networks
    Replies: 1
    Last Post: 5th February 2007, 04:26 PM
  2. Renaming the intranet server hosting Liberum
    By OverWorked in forum How do you do....it?
    Replies: 3
    Last Post: 8th September 2006, 09:00 AM
  3. Pricing an Intranet server
    By u8dmtm in forum Hardware
    Replies: 20
    Last Post: 9th February 2006, 10:19 AM
  4. using Linux for a web/intranet server
    By beeswax in forum *nix
    Replies: 47
    Last Post: 31st January 2006, 10:23 PM
  5. Exchange Server 2003 licensing query
    By tarquel in forum Windows
    Replies: 5
    Last Post: 4th July 2005, 01:56 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •