Subscribe via RSS
Toggle Submenu
  1. Categories
  2. Recent
  3. Tags
View Replies (3)

Resolved Unable to query ActiveDirectory

  1. How-to
0
Votes
Undo
  1. Ashutosh Varshney
    Ashutosh Varshney
  2. PowerBuilder
  3. Tuesday, 31 August 2021 15:07 PM UTC

Hello,

I have a PowerBuilder function which returns an array of members of an ActiveDirectory group. This works fine on my dev PC. However, when deployed it runs fine on some PCs but does not work on some others. I am unable to get to rootDSE when it does not work.

Here is my code...

ole_rootDSE = Create oleObject
li_rc = ole_rootDSE.ConnectToObject('ldap://rootdse')
If li_rc <> 0 Then
   MessageBox('Error', 'rootdse error ' + String(li_rc))
   Return
End If
// Go on to query…

When it does not work, I get a return code of -6.  Any ideas what is wrong and how to fix it?

Your help is very much appreciated.

Thank You.

AV

 

  1. OLE
  2. PowerBuilder
Calling PB functions dynamically
Is there an ECLIPSE Expert in the house?
Responses (3)
Matt Balent
Matt Balent Accepted Answer Pending Moderation
  1. Tuesday, 31 August 2021 15:50 PM UTC
  2. PowerBuilder
  3. # 1

I'd look into user/group permissions.

Comment
Ashutosh Varshney
  1. Ashutosh Varshney
  2. Tuesday, 31 August 2021 21:02 PM UTC
Thanks Matt. Do you know which permissions I should be looking into?
  1. Helpful
There are no comments made yet.
Chris Pollach @Appeon
Chris Pollach @Appeon Accepted Answer Pending Moderation
  1. Tuesday, 31 August 2021 16:07 PM UTC
  2. PowerBuilder
  3. # 2

Hi AV;

    It would not work on a PC that is not a member of a "Domain". However assuming that there is an associated Domain, the problem is most likely a Windows Permission issue. That being said, many IT shops restrict access to the AD from any production user's PC. In the past, I have had to use an IIS Web Service with "Elevated Permissions" to access the AD without any issues.

Regards ... Chris

Comment
Load more comments
Chris Pollach @Appeon
  1. Chris Pollach @Appeon
  2. Tuesday, 31 August 2021 22:50 PM UTC
Yes, I needed to use an AD Admin account ("raised permission") that was specially set-up for my Web Service that had "read only" access to the AD - and, only the parts an App would need to access in the AD. I could not access the AD from any workstation as the AD was behind various firewalls (in production). So that is why I developed an IIS Web Service that sat in the DMZ that allowed Apps to call its WS's (front end of the DMZ) yet the WS had access to the AD on the other side (back end) of the DMZ via "White Holes".
  1. Helpful
Ashutosh Varshney
  1. Ashutosh Varshney
  2. Thursday, 2 September 2021 16:56 PM UTC
Thanks Chris.
  1. Helpful
Kevin Ridley
  1. Kevin Ridley
  2. Thursday, 2 September 2021 19:46 PM UTC
Chances are, like Chris said, the PC's it's not working on are not joined to the domain.
  1. Helpful
There are no comments made yet.
John Fauss
John Fauss Accepted Answer Pending Moderation
  1. Tuesday, 31 August 2021 21:51 PM UTC
  2. PowerBuilder
  3. # 3

You may need to check with someone knowledgeable about Active Directory. If I had to venture a guess, I'd look at granting ADS_RIGHT_DS_READ_PROP or ADS_RIGHT_ACNTRL_DS_LIST on the root.

HTH, John

Comment
Ashutosh Varshney
  1. Ashutosh Varshney
  2. Thursday, 2 September 2021 16:56 PM UTC
Thank You John.
  1. Helpful
There are no comments made yet.
  • Page :
  • 1


There are no replies made for this question yet.
However, you are not allowed to reply to this question.