Thanks to Tim Heidinger for providing this code sample -- this document is a reproduction of Tim's original
CalNet Directory Services and Microsoft Active Directory Service Interfaces (ADSI)
Aron Roberts' excellent article in Winter 2000 BC&C foretold of innovative applications that would soon exploit a new single, reliable source of information about campus people and certain campus resources. Now that the CalNet Directory Service is a reality, this article gives the Windows developer on campus basic information about how to develop CalNet Directory Service enabled applications.
Accessing CalNet Directory Service from Windows
The CalNet Directory Service is based on the Lightweight Directory Access Protocol (LDAP), an Internet standard, so your favorite Windows programming/scripting language must become LDAP aware. One option is to use Microsoft's Active Directory Service Interfaces (ADSI) . This article describes the use of ADSI 2.5 which is available for all versions of Windows and compatible with CalNet Directory Services. (Note: Microsoft recently released an upgrade to ADSI 2.5 called Active Directory Client Extension. It solved problems for me, especially after I upgraded MDAC and started getting "Class not registered" errors. Everything in this article uses ADSI 2.5). According to Microsoft:
Active Directory Service Interfaces abstract the capabilities of different directory services from different network vendors to enable developers of scripts or C/C++ applications to easily query for and manipulate directory service objects. The standard Active Directory Service Interfaces objects, or providers, are found within multiple namespaces, typically directory services for various network operating systems. Providers enable communication between the server or client. ADSI 2.5 includes providers for Lightweight Directory Access Protocol (LDAP).
In other words, you can use ADSI to get your Windows machine to talk with the CalNet Directory Service. The following Microsoft resources provide the basics of how it works:
Using an ActiveX Data Object (ADO) to Bind to ADSI Providers
Note, the "ADSI Flag" property described is not available when using ADO/ADSI 2.5 (it might be different with the Active Directory Client Extension but I haven't tried it). As a result most of the detail about using the ADS_AUTHENTICATION_ENUM enumeration to specify different authentication options like ADS_USE_SSL is not available. However, it appears that specifying the LDAP ssl port number in the bind is all that is needed to communicate with CalNet Directory Services via SSL. Make sure to set the "Encrypt Password" property to False as detailed in How to Use ADSI to Query a Third-Party LDAP Server.
Use ADO to Access Objects Through an ADSI LDAP Provider
By default ADO can not process multiple values (variant) LDAP fields which are some of the most useful fields in the CalNet Directory Service, see ARRAYCONVERT.EXE Variant Conversion Functions to fix the problem. See Searching Active Directory with ADO for more detailed information about searching syntax. Note: I had problems with ADSI once I upgraded to MDAC 2.6, it now appears there is a fix although I haven't tried it, see ADSI 2.5 and MDAC 2.6 Compatibility Issues.
The following example uses Visual Basic Script contained within Active Server Pages(ASP) hosted by Internet Information Server (IIS) 4.0 on Windows NT Server 4.0. However, developers using any version of Windows with a COM compliant language such as Visual Basic, Java, and Visual C++ or even Visual FoxPro can benefit.