EldoS | Feel safer!

Software components for data protection, secure storage and transfer

WinCertStorage and active directory ?

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
#13008
Posted: 04/15/2010 03:40:07
by Kvetoslav Jansta (Standard support level)
Joined: 05/06/2008
Posts: 56

Hi, I need to encrypt pdf using certificate stored in active directory.
What to set up please ?

my other code using capicom is ok :
xStore := _CreateOLEObject(oleCAPICOM_Store..)
xStore.Open( CAPICOM_ACTIVE_DIRECTORY_USER_STORE {=3}, '*',....)
=> xStore.Certificates.Count = 176

trying using TElWinCertStorage will display error : "Failed to open storage" :(
xWinCertStorage.SystemStores.Clear;
xWinCertStorage.SystemStores.Add('*');
xWinCertStorage.Provider := ptDefault;
xWinCertStorage.AccessType := atCurrentUser;
xWinCertStorage.StorageType := stLDAP;

thank you, slava jansta
#13012
Posted: 04/15/2010 09:03:49
by Ken Ivanov (Team)

Thank you for contacting us.

You should provide the exact LDAP query as the system store name, such as the following:
ldap://192.168.100.101:389/?userCertificate
#13055
Posted: 04/21/2010 05:37:02
by Kvetoslav Jansta (Standard support level)
Joined: 05/06/2008
Posts: 56

Quote
Innokentiy Ivanov wrote:
Thank you for contacting us.

You should provide the exact LDAP query as the system store name, such as the following:
ldap://192.168.100.101:389/?userCertificate


Hello,
I still can not get the certificate, or open the store in LDAP :(

if I try this VBA script :
Set conn = CreateObject("ADODB.Connection")
conn.Provider = "ADSDSOObject"
conn.Open "ADs Provider"
Set rs = conn.Execute("<LDAP://ou=Praha,dc=lcs,dc=cz>;(objectClass=*);name,ADsPath,CN;subtree")
MsgBox(rs.RecordCount)

then is number 605 displayed = count ok. : domain/ldap is active.

but how to build systemstores in your component ?

xWinCertStorage.SystemStores.Add(
trying :
'LDAP://stag.lcs.cz/dc=lcs,dc=cz?userCertificate'
or 'LDAP://dc=lcs,dc=cz?userCertificate'

still error : "Failed to open storage"
#13083
Posted: 04/22/2010 09:57:40
by Kvetoslav Jansta (Standard support level)
Joined: 05/06/2008
Posts: 56

Quote
Kvetoslav Jansta wrote:
still error : "Failed to open storage"


ou,... found, the problem was in not specified Readonly property to store [TElWinCertStorage].
getlast error give me access denied

unit SBWinCertStorage;
TElWinCertStorage.Add(
...
if FReadOnly then
Rights := Rights or CERT_STORE_READONLY_FLAG;
...


think is ok now. best regards, slava
#13084
Posted: 04/22/2010 10:06:07
by Kvetoslav Jansta (Standard support level)
Joined: 05/06/2008
Posts: 56

Quote
Kvetoslav Jansta wrote:
think is ok now. best regards, slava


maybe one more question please :

Am I right if I think, that I can not retrieve more certificates of a few users from AD in one store ?

As I can see, I have to specify concretely the ldap query path to concrete user, no group :(

ldap://server:389/CN=UserName_1,OU=TO,OU=Users,OU=Praha,DC=lcs,DC=cz?userCertificate

but, if I want to have all certificates of group OU=TO, I get empty store :(
ldap://server:389/OU=TO,OU=Users,OU=Praha,DC=lcs,DC=cz?userCertificate


CN=* does not help.
Yes, I know, it is not so much to do with your pdf komponent, because you use CertOpenStore WinAPI, but maybe you can say me the answer.

thank you, slava jansta
#13086
Posted: 04/23/2010 04:37:22
by Ken Ivanov (Team)

Unfortunately, this is not something we can help you with. I can only refer you to the MSDN article describing the LDAP search filter syntax.

Maybe, some customers reading the forum will be able to give a more detailed answer.
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 1554 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!