EldoS | Feel safer!

Software components for data protection, secure storage and transfer

WinCertStorage and active directory ?

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
#13008
Posted: 04/15/2010 03:40:07
by Kvetoslav Jansta (Standard support level)
Joined: 05/06/2008
Posts: 56

Hi, I need to encrypt pdf using certificate stored in active directory.
What to set up please ?

my other code using capicom is ok :
xStore := _CreateOLEObject(oleCAPICOM_Store..)
xStore.Open( CAPICOM_ACTIVE_DIRECTORY_USER_STORE {=3}, '*',....)
=> xStore.Certificates.Count = 176

trying using TElWinCertStorage will display error : "Failed to open storage" :(
xWinCertStorage.SystemStores.Clear;
xWinCertStorage.SystemStores.Add('*');
xWinCertStorage.Provider := ptDefault;
xWinCertStorage.AccessType := atCurrentUser;
xWinCertStorage.StorageType := stLDAP;

thank you, slava jansta
#13012
Posted: 04/15/2010 09:03:49
by Ken Ivanov (EldoS Corp.)

Thank you for contacting us.

You should provide the exact LDAP query as the system store name, such as the following:
ldap://192.168.100.101:389/?userCertificate
#13055
Posted: 04/21/2010 05:37:02
by Kvetoslav Jansta (Standard support level)
Joined: 05/06/2008
Posts: 56

Quote
Innokentiy Ivanov wrote:
Thank you for contacting us.

You should provide the exact LDAP query as the system store name, such as the following:
ldap://192.168.100.101:389/?userCertificate


Hello,
I still can not get the certificate, or open the store in LDAP :(

if I try this VBA script :
Set conn = CreateObject("ADODB.Connection")
conn.Provider = "ADSDSOObject"
conn.Open "ADs Provider"
Set rs = conn.Execute("<LDAP://ou=Praha,dc=lcs,dc=cz>;(objectClass=*);name,ADsPath,CN;subtree")
MsgBox(rs.RecordCount)

then is number 605 displayed = count ok. : domain/ldap is active.

but how to build systemstores in your component ?

xWinCertStorage.SystemStores.Add(
trying :
'LDAP://stag.lcs.cz/dc=lcs,dc=cz?userCertificate'
or 'LDAP://dc=lcs,dc=cz?userCertificate'

still error : "Failed to open storage"
#13083
Posted: 04/22/2010 09:57:40
by Kvetoslav Jansta (Standard support level)
Joined: 05/06/2008
Posts: 56

Quote
Kvetoslav Jansta wrote:
still error : "Failed to open storage"


ou,... found, the problem was in not specified Readonly property to store [TElWinCertStorage].
getlast error give me access denied

unit SBWinCertStorage;
TElWinCertStorage.Add(
...
if FReadOnly then
Rights := Rights or CERT_STORE_READONLY_FLAG;
...


think is ok now. best regards, slava
#13084
Posted: 04/22/2010 10:06:07
by Kvetoslav Jansta (Standard support level)
Joined: 05/06/2008
Posts: 56

Quote
Kvetoslav Jansta wrote:
think is ok now. best regards, slava


maybe one more question please :

Am I right if I think, that I can not retrieve more certificates of a few users from AD in one store ?

As I can see, I have to specify concretely the ldap query path to concrete user, no group :(

ldap://server:389/CN=UserName_1,OU=TO,OU=Users,OU=Praha,DC=lcs,DC=cz?userCertificate

but, if I want to have all certificates of group OU=TO, I get empty store :(
ldap://server:389/OU=TO,OU=Users,OU=Praha,DC=lcs,DC=cz?userCertificate


CN=* does not help.
Yes, I know, it is not so much to do with your pdf komponent, because you use CertOpenStore WinAPI, but maybe you can say me the answer.

thank you, slava jansta
#13086
Posted: 04/23/2010 04:37:22
by Ken Ivanov (EldoS Corp.)

Unfortunately, this is not something we can help you with. I can only refer you to the MSDN article describing the LDAP search filter syntax.

Maybe, some customers reading the forum will be able to give a more detailed answer.
Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages

Reply

Statistics

Topic viewed 1466 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!