I need to authenticate users against Active Directory in my C++ application. I know I need to bind to something and authenticate using the user's distinguished name and password. This distinguished name is often long with commas and contains the username.
Say the user enters something in my application's username and password box. How do I find the distinguished name to bind to? Do I have to write a search query for it?
You need to:
Search the AD for the user's DN based on what he entered into your form, typically an email address or a user ID or something else that is unique. Unless the AD supports anonymous searching you will need to bind to it using an adminstrative account/password that has permission to do this search. THis is done via an LDAP filter expression, a topic which you need to look up.
When/if you've found it, rebind to AD using the DN of that entry and the password from the form.
If either step fails, the login fails, and don't tell the user which step it was, i.e. don't tell him 'no such user' or 'wrong password', just tell him 'bad credentials' or similar in both cases. Otherwise you are leaking information to the attacker.