LDAP Login and get back extended errormessage

[card]

I would like to register myself from a computer place, out of range of my AD-DOMAIN on LDAP with user name and keyword. Therefore I need extended feedback, for example:

525 - user not found

52e - invalid credentials

530 - not permitted to logon at this time

532 - password expired

533 - account disabled

701 - account expired

773 - user must reset password

To get access to LDAP-CONNECT, I have 3 solutions to offer:

1. via ADSDSOObject – disadvantage: I don`t get feedback in case of failure

2. via $SobjiDSO.OpenDSObject – but: there is any feedback concerning RETURN missing

3. via DLLCALL on WLAPD32.DLL.

For this I have tried with the following source code:

expandcollapse popup

#include <array.au3>
#include <WinAPIError.au3>
#include <WINAPI.au3>
$oMyError    = ObjEvent("AutoIt.Error", "ComError")
Global $objDSO = ObjGet ("LDAP:")
Global $Host = "xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx"
Global $Port = "389"

Global $fkt
Const $ADS_SECURE_AUTHENTICATION = 1
Const $ADS_USE_SEALING = 64 ;'0x40
Const $ADS_USE_SIGNING = 128 ;'0x80
Const $ADS_SERVER_BIND= 512 ;0x200

Const $LDAP_OPT_ERROR_NUMBER = 0x31
Const $LDAP_OPT_ERROR_STRING = 0x32
Const $LDAP_OPT_SERVER_ERROR = 0x33
Const $LDAP_OPT_SERVER_EXT_ERROR = 0x34
Const $LDAP_OPT_PROTOCOL_VERSION = 0x11

Const $LDAP_AUTH_NEGOTIATE  = 0x0400
Const $LDAP_AUTH_DIGEST     = 0x4000
Const $LDAP_AUTH_OTHERKIND  = 0x86
Const $LDAP_AUTH_SIMPLE                  = 0x80
Const $LDAP_AUTH_NTLM   = 0x01000

Const $SEC_WINNT_AUTH_IDENTITY_UNICODE = 0x2
Const $SEC_WINNT_AUTH_IDENTITY_ANSI = 0x1

Global $username = "username"
Global $Passwort = "secret"
Global $domain = "DOMAIN"

Global $ldapldll = DllOpen("WLDAP32.DLL")

$ldapinit = ldapinit()
;errorpruefung($ldapinit, $fkt)
$ldapsetOption = ldap_set_option()
;errorpruefung($ldapsetOption, $fkt)
$ldapcon = ldap_simple_bind_s()
errorpruefung($ldapcon, $fkt)
$ldapgetoption = ldap_get_option()
errorpruefung($ldapcon, $fkt)

ldap_unbind()
DllClose("WLDAP32.DLL")
ConsoleWrite(@CRLF)
exit

Func ldapinit()
    $Hostptr = DllStructCreate("char[" & (StringLen($Host) + 1) & "]")
    DllStructSetData($Hostptr,1,$Host)
    $fkt = "ldap_open"
    Return DllCall($ldapldll, "ptr", $fkt, "ptr",DllStructGetPtr($Hostptr), "ULONG", "")
EndFunc

Func ldap_simple_bind_s()
    $fkt = "ldap_simple_bind_s"
    $dn = DllStructCreate("char[" & (StringLen($domain & "\" & $username) + 1) & "]")
    DllStructSetData($dn,1, $domain & "\" & $username)
    $passwd = DllStructCreate("char[" & (StringLen($Passwort) + 1) & "]")
    DllStructSetData($passwd,1, $Passwort)
    Return DllCall($ldapldll, "ULONG", $fkt, "ptr", $ldapinit[0], "ptr",DllStructGetPtr($dn), "ptr",DllStructGetPtr($passwd), "ULONG", $LDAP_AUTH_SIMPLE)
     ;_WinAPI_ShowError(Hex(_WinAPI_GetLastError()) & ": " & _WinAPI_GetLastErrorMessage())
    ;Return $ldapcon
EndFunc

Func ldap_get_option()
;If $ldapcon[0] <> 0 Then
    $ldaperr = DllStructCreate("char[255]")
    DllStructSetData($ldaperr,1, 0)
    $fkt = "ldap_get_option"
    $ergebnis = DllCall($ldapldll, "ULONG", $fkt, "ptr", $ldapinit[0], "int", $LDAP_OPT_SERVER_ERROR, "ptr", DllStructGetPtr($ldaperr))
    ;$fkt = "LdapGetLastError"
    ;$lasterror = DllCall($ldapldll, "ULONG", $fkt)
    ;errorpruefung($lasterror, $fkt)
    ;ConsoleWrite(Hex(_WinAPI_GetLastError()) & ": " & _WinAPI_GetLastErrorMessage())
    $b  = DllStructCreate("DWORD",DllStructGetPtr($ldaperr,1))
    errorpruefung($ldaperr, $fkt)
    errorpruefung($b, $fkt)
    Return $ergebnis
    ;_ArrayDisplay($ergebnis)
;EndIf
EndFunc

Func ldap_set_option()
;If $ldapcon[0] <> 0 Then
    $ldaperr = DllStructCreate("ULONG")
    DllStructSetData($ldaperr,1, 3)
    $fkt = "ldap_set_option"
    ;$ldaperr = 0
    $ergebnis = DllCall($ldapldll, "ULONG", $fkt, "ptr", $ldapinit[0], "int", $LDAP_OPT_PROTOCOL_VERSION, "ptr", DllStructGetPtr($ldaperr))
    If @error <> 0 Then ConsoleWrite(Hex(_WinAPI_GetLastError()) & ": " & _WinAPI_GetLastErrorMessage())
    errorpruefung($ldaperr, $fkt)
    Return $ergebnis
    ;_ArrayDisplay($ergebnis)
;EndIf
EndFunc

Func ldap_unbind()
    $fkt = "ldap_unbind"
    $ldapunbind = DllCall($ldapldll, "ULONG", $fkt, "ptr", $ldapinit[0])
EndFunc

;$ldapfree = DllStructCreate("char[" & (StringLen($LDAP_OPT_SERVER_ERROR) + 1) & "]")
;DllStructSetData($ldapfree,1, $LDAP_OPT_SERVER_ERROR)
;$fkt = "ldap_memfree"
;DllCall($ldapldll, "ptr", $fkt, "ptr", DllStructGetPtr($ldapfree))

;$fkt = "LdapGetLastError"
;$lasterror = DllCall($ldapldll, "ULONG", $fkt)
;errorpruefung($lasterror, $fkt)

Func errorpruefung($ID, $Name = "")
    If IsArray($ID) THEN
        ConsoleWrite(@CRLF & $Name & " ")
        For $I = 0 To UBound($ID)-1
            ConsoleWrite(@CRLF & $I & ": " & $ID[$I] & " - " & hex($ID[$I],8) & " - " & dec(hex($ID[$I],8)) & " " & DllStructGetData($ID, $I))
        Next
        ConsoleWrite(@CRLF)
        ;_ArrayDisplay($ID)
    Else
        ConsoleWrite(@CRLF & $Name & " " & DllStructGetData($ID, 1) & " - " & hex(DllStructGetData($ID, 1),8) & " " & DllStructGetData($ID, 2) & " - " & hex(DllStructGetData($ID, 2),8) & @CRLF)
    EndIf
EndFunc

Func ComError()
  if IsObj($oMyError) then
    $Fehlertext =   ("Name: "    & @TAB & $oMyError.description    & @CRLF & _
                    "Beschreibung: "     & @TAB & $oMyError.windescription & @CRLF & _
                    "Fehlernummer: "         & @TAB & hex($oMyError.number,8)  & @CRLF & _
                    "Fehlernummer1: "         & @TAB & $oMyError.number  & @CRLF & _
                    "Letzter Fehler: "   & @TAB & $oMyError.lastdllerror   & @CRLF & _
                    "Zeile: "     & @TAB & $oMyError.scriptline     & @CRLF & _
                    "Quelle: "         & @TAB & $oMyError.source         & @CRLF & _
                    "err.helpfile is: "       & @TAB & $oMyError.helpfile       & @CRLF & _
                    "err.helpcontext is: "    & @TAB & $oMyError.helpcontext )
        SetError($Fehlertext)
        ConsoleWrite(@CRLF & $Fehlertext & @CRLF)
    ;SetError(Hex($oError.Number))
  else
    SetError(1)
  endif
EndFunc

- during input of the right username and keyword, I get back the text “ERROR 0x0” – this means everything is fine.

- in case of a wrong input of username and keyword, I get back the text “ERROR 0x31” – LDAP_INVALID_CREDENTIALS – which means everything is fine.

If I type in the question for LDAP_OPT_SERVER_ERROR, unfortunately, I didn’t get any good answer to follow – last 4 HEX-values are always 1828 ending, no matter, if: 1. the user is not existent or a wrong keyword is typed in 2. or the user profile is deactivated and so on…. I have no chance to get back any string, only a HEX-value.

My question for you is: How do I reach an extended return string, which looks for example at Java or PHP as follows:

javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893

At right is error data 525 - in this case: User not found

Microsoftreferences at ldap_get_option and LDAP_OPT_SERVER_ERROR

For your understanding: I don’t have to work with the programme DLL-CALL, the only thing I need is an extended return string in AUTOIT. Could you please inform me about alternative methods of getting access with AUTOIT on LDAP?

Thank you very much in advance for your help. Please find my source code for DLL-CALL

[card]

with network-sniffer i get the message

ErrorMessage: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece

how i get the message in autoit?