What do BTW, FAQ, FYI, IMHO, RTFM, and other acronyms mean?

These are all abbreviations for specific phrases commonly used in informal written computer correspondence, online forums and boards, and online gaming. Following are some common acronyms and their meanings:

AFAIC	As far as I'm concerned
AFAIK	As far as I know
AFK	Away from keyboard
BRB	Be right back
BTDT	Been there, done that
BTW	By the way
BUAG	Butt-ugly ASCII graphic
C/C	Comments and criticism
EOM	End of message
FAQ	Frequently Asked Question. When people say "the FAQ", they are generally referring to a list of answers to Frequently Asked Questions. These are posted monthly on many newsgroups or mailing lists to reduce discussion of topics that have already been thoroughly covered. It's a good idea to look at a FAQ file for a newsgroup or mailing list before participating in it. For help in finding FAQ files, see Where can I find a repository of Usenet FAQ files? A large list of all known FAQ postings in newsgroups is also posted periodically in the Usenet newsgroup news.admin.
FTW	For the win
FWIW	For what it's worth
FYI	For your information
HTH	Hope this helps
IANAL	I am not a lawyer
IIRC	If I recall correctly
IMHO	In my humble opinion
IMNSHO	In my not so humble opinion
IMO	In my opinion
IOW	In other words
l33t or 1337	From "elite". This has become a term used to describe the informal communication of Internet gaming. L33t speak is easily identified by the substitution of number and other characters for regular letters; e.g., hackers becomes h4XX0rz.
LFG	Looking for group, usually used in MMORPGs
LMAO	Laughing my butt off
LOL	Laughing out loud
MMORPG	Massive, multiplayer, online role-playing game, such as World of Warcraft or Star Wars Galaxies
MOTAS	Member of the appropriate sex
MOTOS	Member of the opposite sex
MOTSS	Member of the same sex
NG	Newsgroup
n00b	From "newbie", meaning a newcomer not yet familiar with the rules
OMG	Oh my God
OTOH	On the other hand
PWN	Usage of the term "own", as in "I PWNed you!"
QQ	Cry more, noob (representation of eyes crying, often found in MMORPGs)
RL	Real Life, as opposed to the Internet
ROFL	Rolling on the floor laughing
ROFLMAO	Rolling on the floor laughing my butt off
RTFM	Read The Fine Manual. This may be interpreted as: "You have asked a question which would best be answered by consulting the manual (or FAQ, or other help files), a copy of which should be in your possession. The question you have asked is clearly answered in the manual and you are wasting time asking people to read it to you." It's good netiquette to mail this type of answer to another user rather than post it in public messages.
SO	Significant other, used to refer to someone's romantic partner without making any assumptions about gender or legal status
TLA	Three letter acronym
TTFN	Ta ta for now
TTYL	Talk to you later
W/E	Whatever
w00t	An expression of joy
WFN	Wrong forum, noob
WTF	What the heck
YMMH	You might mean here
YMMV	Your mileage may vary
{g}	Grin
{BG}	Big grin

Simple binds aren't always so simple

Simple binds aren't always so simple

Posted Sunday, January 08, 2006 10:00 AM by jpelak

In my last posting, I showed how to call the low-level API exposed by WLDAP32.DLL to authenticate via an LDAP bind. The authentication function - ldap_simple_bind_s() - returns a 0 when the credentials supplied were successfully authenticated. I left out what happens when the authentication function returns an error code. It turns out that determining what caused your authentication call to fail can be a bit subtle – at least when the directory you’re binding is Active Directory.

PLEASE NOTE: I’m sharing this information because I don’t want any to have to figure this out by the means I did (quality time with ADSIEdit, a test domain controller loaded in a Virtual PC, and lots of VBScript fragments pulled from around the Internet.)

First, here’s what can go wrong when calling ldap_simple_bind_s() using a connection to an Active Directory LDAP server:

• All the errors listed on http://windowssdk.msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/return_values.asp (other than LDAP_SUCCESS)
• bad DN
• bad password
• disabled account
• expired account
• locked out account
• user must change password at next login (and thus can’t just bind and continue)
• password expired (as set by a policy applied to that user object)
• probably something else that I’ve missed

And here’s how to tell them apart:

• Any error other than LDAP_INVALID_CREDENTIALS implies that it’s not any of the other cases I’ve listed
• If ldap_simple_bind_s() returns LDAP_INVALID_CREDENTIALS
  • Test for the disabled account condition by checking if the userAccountControl attribute for that user has ACCOUNTDISABLE (0x0000002) bit set. If it’s set, the account is disabled.
  • Test for the expired account condition by checking if the accountExpires attribute has an invalid value – this is a little bit tricky, as it’s a 64 bit integer field that may or may not be present (because account may or may not have an expiration date.) If it’s present, you’ll need to convert it to a date/time value and compare it to the current system date/time. It gets even more subtle than that, but that’s the subject of a future posting…
  • Test for the locked out account condition by checking the lockoutTime attribute. If it comes back with a non-zero value, the account is locked out.
  • Test for the must change password condition by checking the pwdLastSet attribute. If it comes back with a 0 value, the password must be reset at next login. There’s a flag in the userAccountControl attribute that looks like it corresponds to this condition, but in my experience, I’ve found that this is the only reliable way to tell.
  • Test for the expired password condition by checking the pwdLastSet attribute against domain policy. This also involves date arithmetic with 64 bit integer attributes, which I’ll cover in a future posting.
  • If all those tests fail, you can safely presume that you’ve been given a bad password.

As you’ve probably surmised, I had write an application that had a critical need to tell the difference between all this conditions and was surprised at how hard it was to do so. Hopefully, this will help someone else charged with the same task (or hopefully, no one else will ever have to do this.) At any rate, that’s how to tell why your LDAP bind to Active Directory didn’t work.

Somewhere, the system administrators of the world are laughing at me. J

jmp