I have Windows Server 2016 with basic Active Directory and I am trying to log in and check the user group using C++ via WinApi (Wldap32, Winldap.h).
The authentication seems to work but I get LDAP_OPERATIONS_ERROR after ldap_search_s (ldap_search_sW).
const std::wstring addressStr = L"192.168.78.3";
const std::wstring usernameStr = L"myuser"; // the same as in the filter below
const std::wstring passwordStr = L"";
ULONG version = LDAP_VERSION3;
LDAP *pLdapConnection = ldap_init(const_cast<wchar_t *>(addressStr.c_str()), static_cast<ULONG>(config_.adPort()));
if (pLdapConnection == nullptr) {
throw ...;
}
ULONG ret = ldap_set_option(pLdapConnection, LDAP_OPT_PROTOCOL_VERSION, static_cast<void *>(&version));
if (ret != LDAP_SUCCESS) {
throw ...;
}
ret = ldap_connect(pLdapConnection, nullptr);
if (ret != LDAP_SUCCESS) {
throw ...;
}
ret = ldap_bind_s(pLdapConnection, const_cast<wchar_t *>(usernameStr.c_str()), const_cast<wchar_t *>(passwordStr.c_str()),
LDAP_AUTH_SIMPLE);
if (ret != LDAP_SUCCESS) {
if (ret == 0x31) {
throw ...;
}
throw ...;
}
LDAPMessage *pSearchResult = nullptr;
std::wstring filter = L"(&(sAMAccountName=myuser)(memberof=CN=Administrators))";
std::wstring dn = L"dc=whatever,dc=net";
ret = ldap_search_s(pLdapConnection, const_cast<wchar_t *>(dn.c_str()), LDAP_SCOPE_SUBTREE, const_cast<wchar_t *>(filter.c_str()),
nullptr, 0, &pSearchResult);
// ret == 1 == LDAP_OPERATIONS_ERROR;
The issue actually turned out to be related to auth, not to the search query.
I used empty password and ldap_bind_s did not report any errors because apparently it binds anonymously in this case (looks like it's not mentioned in MSDN) https://stackoverflow.com/a/27873735/964478. (it was a test VM and I didn't remember the password but remembered that earlier I tried to set empty password for this user, though probably not successfully)