How to Get Multiple Connections to NDS on a Single Computer
Articles and Tips: tip
Software Engineer
Novell, Inc
01 Nov 2001
NW client for NT/2000 handles all incoming requests from upper layers (applications) by using security context of the user running application/thread belongs to. This way only one NW identity is allowed per one security context. Logged-on user on Windows NT or Windows 2000 system can use only one NW identity to a given DS tree.
In case the user or the application the user is running requires different NW identity to the same Directory Services tree, the user has to logout first and so loses current NW identity as well as the current connection in order to get a new one.
There is a way (work-around) that will allow you to get multiple connections to one DS tree at the same time from one application. It can be achieved by using a so-called "impersonation" technique.
The idea is quite simple. Using several Win32 APIs, an application creates a new NT security context, impersonates itself, and accesses NetWare client services. This way, the NetWare client is informed about the new security context, which is different from the default one, so that NetWare client is allowed to create new, but different NW identity.
After finishing the task under the new NetWare identity, application logs out, cleans the connection, and reverts the impersonated identity back to the original one. Below lists the needed APIs and their order:
RevertToSelf()
LogonUser()
ImpersonateLoggedOnUser()
NWCallsInit()
NWDSCreateContextHandle()
NWDSLogin()
...
NWDSLogout()
NWDSFreeContext()
CloseHandle()
RevertToSelf()
User issuing LogonUser() Win32 API should have following right set in the system:
"Act As Part Of The Operating System"
Otherwise this API fails.
* Originally published in Novell AppNotes
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.