EldoS | Feel safer!

Software components for data protection, secure storage and transfer

WinCertStorage and active directory ?

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#13008
Posted: 04/15/2010 03:40:07
by Kvetoslav Jansta (Standard support level)
Joined: 05/06/2008
Posts: 56

Hi, I need to encrypt pdf using certificate stored in active directory.
What to set up please ?

my other code using capicom is ok :
xStore := _CreateOLEObject(oleCAPICOM_Store..)
xStore.Open( CAPICOM_ACTIVE_DIRECTORY_USER_STORE {=3}, '*',....)
=> xStore.Certificates.Count = 176

trying using TElWinCertStorage will display error : "Failed to open storage" :(
xWinCertStorage.SystemStores.Clear;
xWinCertStorage.SystemStores.Add('*');
xWinCertStorage.Provider := ptDefault;
xWinCertStorage.AccessType := atCurrentUser;
xWinCertStorage.StorageType := stLDAP;

thank you, slava jansta
#13012
Posted: 04/15/2010 09:03:49
by Ken Ivanov (EldoS Corp.)

Thank you for contacting us.

You should provide the exact LDAP query as the system store name, such as the following:
ldap://192.168.100.101:389/?userCertificate
#13055
Posted: 04/21/2010 05:37:02
by Kvetoslav Jansta (Standard support level)
Joined: 05/06/2008
Posts: 56

Quote
Innokentiy Ivanov wrote:
Thank you for contacting us.

You should provide the exact LDAP query as the system store name, such as the following:
ldap://192.168.100.101:389/?userCertificate


Hello,
I still can not get the certificate, or open the store in LDAP :(

if I try this VBA script :
Set conn = CreateObject("ADODB.Connection")
conn.Provider = "ADSDSOObject"
conn.Open "ADs Provider"
Set rs = conn.Execute("<LDAP://ou=Praha,dc=lcs,dc=cz>;(objectClass=*);name,ADsPath,CN;subtree")
MsgBox(rs.RecordCount)

then is number 605 displayed = count ok. : domain/ldap is active.

but how to build systemstores in your component ?

xWinCertStorage.SystemStores.Add(
trying :
'LDAP://stag.lcs.cz/dc=lcs,dc=cz?userCertificate'
or 'LDAP://dc=lcs,dc=cz?userCertificate'

still error : "Failed to open storage"
#13083
Posted: 04/22/2010 09:57:40
by Kvetoslav Jansta (Standard support level)
Joined: 05/06/2008
Posts: 56

Quote
Kvetoslav Jansta wrote:
still error : "Failed to open storage"


ou,... found, the problem was in not specified Readonly property to store [TElWinCertStorage].
getlast error give me access denied

unit SBWinCertStorage;
TElWinCertStorage.Add(
...
if FReadOnly then
Rights := Rights or CERT_STORE_READONLY_FLAG;
...


think is ok now. best regards, slava
#13084
Posted: 04/22/2010 10:06:07
by Kvetoslav Jansta (Standard support level)
Joined: 05/06/2008
Posts: 56

Quote
Kvetoslav Jansta wrote:
think is ok now. best regards, slava


maybe one more question please :

Am I right if I think, that I can not retrieve more certificates of a few users from AD in one store ?

As I can see, I have to specify concretely the ldap query path to concrete user, no group :(

ldap://server:389/CN=UserName_1,OU=TO,OU=Users,OU=Praha,DC=lcs,DC=cz?userCertificate

but, if I want to have all certificates of group OU=TO, I get empty store :(
ldap://server:389/OU=TO,OU=Users,OU=Praha,DC=lcs,DC=cz?userCertificate


CN=* does not help.
Yes, I know, it is not so much to do with your pdf komponent, because you use CertOpenStore WinAPI, but maybe you can say me the answer.

thank you, slava jansta
#13086
Posted: 04/23/2010 04:37:22
by Ken Ivanov (EldoS Corp.)

Unfortunately, this is not something we can help you with. I can only refer you to the MSDN article describing the LDAP search filter syntax.

Maybe, some customers reading the forum will be able to give a more detailed answer.
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.

Reply

Statistics

Topic viewed 1518 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!