Web Development Thread, Run LDAP query intranet server in Coding and Web Development; Hi, first of all i appologise if this is more of a security question that web development...
I've got an ...
18th February 2008, 11:33 AM #1
- Rep Power
Run LDAP query intranet server
Hi, first of all i appologise if this is more of a security question that web development...
I've got an asp page that will run an LDAP query against our PDC to list all the pupil users in school. This works lovely at home over a https connection back into the Intranet at school. However if i run the query at school using plain http via the Intranet the query will fail.
Is there some code I need to add to the query or something I need to alter on the page to allow me to access LDAP without using SSL?
If this isn't possible, am I able to have two seperate SSL certificates on one IIS server that are linked to the hostheaders to allow SSL traffic on both the internet domain name, and internal domain name.
Source code is available on request.
IDG Tech News
18th February 2008, 11:47 AM #2
It may be something to do with the user authentication. The account running the ASP script must have the appropriate access to run a LDAP query on the server. You may need to change the user that the ASP engine runs on for that site.
18th February 2008, 02:30 PM #3
- Rep Power
I dont think it is to do with the account that ASP uses, because if you say this works from home over SSL then it will still be using the same ASP account to run the LDAP query.
Im not 100% on this but something inside me thinks that when running LDAP queries via web server they need to be over HTTPS.
Dont take my word for it though, i just remember reading something along them lines when i was looking to do something with PHP.
18th February 2008, 03:21 PM #4
You can certainly do it without SSL but it's a security risk. I'm guessing that if the internal domain name is different from the external name then the certificate won't be valid for this name and that's why it's failing (like when you go to a web site and you get a warning telling you that the certificate was issued for a different site).
I don't see why this should be the case, however. Even when you are at home, the code you are running is being executed on the server so is effectively always local (unless you're doing some kind of client side code which is (IMHO!) a "bad idea")
18th February 2008, 03:23 PM #5
From the description I would guess that you've got the web application set up to impersonate the logged in user.
If this is the case, when you log in externally and provide a username and password ASP can run exactly with your permissions and access the network as if it is you because it knows your password. If you automatically log in, i.e. are running it internally through the network, it still runs as you, however the browser passes it a security token describing who you are, but not what your password is. This token can be used to access other resources on the same machine as IIS as though it was you, but cannot access other servers as the token cannot be passed from the server to another machine.
If this is the problem, then you can give permissions to the asp account as SYNACK suggests or should be able to set explicit user credentials to access LDAP which should work in both cases, but then you have the problem of securing the password.
By SpuffMonkey in forum Wireless Networks
Last Post: 5th February 2007, 05:26 PM
By OverWorked in forum How do you do....it?
Last Post: 8th September 2006, 10:00 AM
By u8dmtm in forum Hardware
Last Post: 9th February 2006, 11:19 AM
Last Post: 31st January 2006, 11:23 PM
By tarquel in forum Windows
Last Post: 4th July 2005, 02:56 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)