error when selecting department ldap/asp

[jcaulder]

Anyone know of any reason I would not be able to select the 'department' from within asp? My code is included below. I am completely new to ldap and things just aren't making sense to me. I can write the query and reference the 'department' in the 'where' clause but cannot select it. What am I missing plz?

Set objDomain = GetObject ("GC://RootDSE&quot

objADsPath = objDomain.Get("defaultNamingContext&quot

Set objDomain = Nothing
Set con = Server.CreateObject("ADODB.Connection&quot
con.provider ="ADsDSOObject"
con.open "Active Directory Provider"
Set Com = CreateObject("ADODB.Command&quot
Set Com.ActiveConnection = con
Com.CommandText ="select department from 'GC://"+objADsPath+"' where department='Info*' and CN='R*' order by sn"
Set rs = Com.Execute



If I change the select to be 'select cn. . .' it works. It seems like some fields just won't select. The error returned is simply 'Unspecified error'.

TIA!!

J

 

[pReverend]

Ever find anything out?

 

[robodada]

I'm having a similar problem. I can select all sorts of fields from the AD Schema relating to a person, but can't select department or sAMAccountName, two of the fields I need most critically.

Is there an answer to this?

Rob Schripsema

http://www.integrasoft.com

 

[zcolton]

The problem may be that the feilds are not availible on the Global Catalog. Try changeing GC: to LDAP:

If that doesn't work it might be a security issue.
I have been helping quite a few people in "Example of ASP LDAP query string?"

zcolton

 

[robodada]

In my case, I AM querying against LDAP and not the GC. It may be a security issue, but I'm skeptical because I can get to most other fields in the schema (e.g., sn, givenName, telephoneNumber, l, st, etc.), but not department and not sAMAccountName (and maybe a few others I haven't tried.

The code posted in the other forum is great -- but it doesn't work on my system for some reason. So far the best I can come up with is that it has to do with a schema cache that ASP/IIS use when querying AD on a different server.

Do you have any experience with or knowledge of that possibility?

 

[cinoh]

robodada,
I've been coming up with the same conclusions about the schema cache. AARGH!!!

I'm trying to use these techniques to query a Novell LDAP server that has no security integration with the IIS server running the ASP. "Ordinary" attributes such as cn, sn, description, etc. work fine (whether they actually exist in the target data or not), while "unusual" attribute names won't work. The provider doesn't even send the query to LDAP. (Ethereal network sniffer confirms that.) The ADSO provider thinks it's smarter than I am (well, maybe...) and throws that 80004005 "Unspecified error" if the query WOULD contain an attribute it doesn't like. Contributing to the weirdness: the sniffer shows me that on the first query to an LDAP server, ADSO retrieves the server's schema. That would confirm the schema cache theory, except that the attributes I'm asking for that are causing the errors clearly ARE in the schema (and have no security difference from any other attribs...)

By the way, I get exactly the same symptoms whether using the SQL form or the LDAP form of the query string.