Pages: 1

#1 2025-03-31 18:16:15

jdredd
Member
Registered: 2024-12-02
Posts: 13

LDAP test to ldap.forumsys.com issues

I can get a conneciton to ldap.forumsys.com

username is "uid=einstein,dc=example,dc=com"
password is "password"

TLdapClient.Connect - works
TLdapClient.Connect(false) - works
TLdapClient.Bind - works
TLdapClient.Connected(True) - works

TLdapClient.GetUserInfo - throws an exception errror.

It seems to error out in

procedure TLdapClient.RetrieveRootDseInfo;
..
..
  fRootDN := root.Attributes.GetByName('rootDomainNamingContext');
..
..

because root itself is NIL when i inspect it.

Using Delphi 12.3 and latest mORMot2 as of today.

What would be the trouble of asking for a simple demo program to connect to this free test server service?

To connect, bind, GetUserInfo then do

var
LDAPProperties := LDAP.SearchAll([], ObjectFilter(ofUsers, getUserNameOnly(self.Username.text)),
      [roCanonicalNameAtRoot, roSortByName, roSddlKnownUuid, roAutoRange, roKnownValuesAsArray]);

To get the JSON dump of this info?

Also, I am struggling to know when to do what when it comes to these login process.

I have some AD LDAP servers, where user just types in an email address and works fine.
But when/when do i deal with cases where a person would have to type in something like "uid=einstein,dc=example,dc=com"
A bit wordy? Has to be something easier? Or this because of just a goofy test server setup requiring this for some reason?

Is there an example of a login process that would basically handle any and all possible login types?
Or maybe a good guide? As I have zero clue what people will be using. Or their setups.
And need to make it work as best as possible with any LDAP configuration. No matter how goofy it is.

Last edited by jdredd (2025-03-31 18:18:57)

Offline

#2 2025-03-31 19:19:16

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,934
Website

Re: LDAP test to ldap.forumsys.com issues

My guess is that ldap.forumsys.com is to test binding, and not much more.

Offline

#3 2025-03-31 20:20:57

jdredd
Member
Registered: 2024-12-02
Posts: 13

Re: LDAP test to ldap.forumsys.com issues

Using LDP.exe I can do some stuff...

92c3d0f9956f5413521c2d318942e989.png

Dn: uid=einstein,dc=example,dc=com
cn: Albert Einstein;
mail: einstein@ldap.forumsys.com;
objectClass (4): inetOrgPerson; organizationalPerson; person; top;
sn: Einstein;
telephoneNumber: 314-159-2653;
uid: einstein;
userPassword: {sha}W6ph5Mm5Pz8GgiULbPgzG37mj9g=;

Offline

#4 2025-04-01 08:29:14

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,934
Website

Re: LDAP test to ldap.forumsys.com issues

I have fixed the exception with
https://github.com/synopse/mORMot2/commit/a0e1c8e0c

But there is clearly something weird with this server.
It can't return its own root objects, whereas any real server we tested actually do (perhaps hundredths of production servers).
I am currently on holydays, so I can't debug more but I guess this server need some adaptation in our code (perhaps retrieve the root objects one by one?).

Try with a real LDAP server.
Just the fact that you can connect to this server with plain Bind and without TLS is clearly a sign that it is not a production-like server.

Offline

#5 2025-04-01 16:22:22

jdredd
Member
Registered: 2024-12-02
Posts: 13

Re: LDAP test to ldap.forumsys.com issues

Thanks! I will check it out. I only stumbled across this due to trying to test against NON ADFS LDAP servers. All I have at my disposal is AD LDAP servers, so wanted to try something different.

Is there other "free" test servers you know of and can recommend to hit up?

Offline

#6 2025-04-01 20:29:13

jdredd
Member
Registered: 2024-12-02
Posts: 13

Re: LDAP test to ldap.forumsys.com issues

Well.. it doesn't blow up now.

But I have no user info either.

Not sure what I can do to get that.

I have a user out in the wild having the same problem. 

But fighting on getting what kind of LDAP server setup they even have.

Expanding base 'uid=einstein,dc=example,dc=com'...
Getting 1 entries:
Dn: uid=einstein,dc=example,dc=com
cn: Albert Einstein;
mail: einstein@ldap.forumsys.com;
objectClass (4): inetOrgPerson; organizationalPerson; person; top;
sn: Einstein;
telephoneNumber: 314-159-2653;
uid: einstein;


Not 100% sure what LDP.exe is doing to pull that, but would need to do the same I think.

Offline

#7 2025-04-01 21:28:01

jdredd
Member
Registered: 2024-12-02
Posts: 13

Re: LDAP test to ldap.forumsys.com issues

ldap.Search('uid=einstein,dc=example,dc=com', False, '(objectclass=*)', ['*']);

Then using LDAP.SearchResult.Dump

results: 1 in 15.96ms
0:
  objectName : uid=einstein,dc=example,dc=com
  objectClass :
    - inetOrgPerson
    - organizationalPerson
    - person
    - top
  userPassword : {sha}W6ph5Mm5Pz8GgiULbPgzG37mj9g=
  cn : Albert Einstein
  sn : Einstein
  uid : einstein
  mail : einstein@ldap.forumsys.com
  telephoneNumber : 314-159-2653


Also using LDAP.SearchResult.GetJson

{
  "uid=einstein,dc=example,dc=com": {
    "objectName": "uid=einstein,dc=example,dc=com",
    "objectClass": [
      "inetOrgPerson",
      "organizationalPerson",
      "person",
      "top"
    ],
    "userPassword": "{sha}W6ph5Mm5Pz8GgiULbPgzG37mj9g=",
    "cn": "Albert Einstein",
    "sn": "Einstein",
    "uid": "einstein",
    "mail": "einstein@ldap.forumsys.com",
    "telephoneNumber": "314-159-2653"
  }
}


This might get me by maybe.. if GetUserInfo fails... ?

Offline

#8 Yesterday 07:37:28

jdredd
Member
Registered: 2024-12-02
Posts: 13

Re: LDAP test to ldap.forumsys.com issues

Well after a bunch of work, I have some stuff I did to give to a user to see how things react.

Crossing fingers smile

Offline

Pages: 1

Board footer

Powered by FluxBB