Example of ASP LDAP query string? 14

MikeBronner · Sep 10, 2002

Could someone post an example of ASP code used to query LDAP without any proprietary components?

Thanks! Take Care,
Mike

zcolton · Oct 16, 2003

Please post the asp that you do have that does display the username.

LordBass · Oct 16, 2003

The code that displays the username is:

<%
Dim strNTUser, iPos
strNTUser = RTrim(Request.ServerVariables("LOGON_USER&quot

)
iPos = Len(strNTUser) - InStr(1, strNTUser,"\",1)
strNTUser = Right(strNTUser, iPos)
Response.Write(strNTUSer)
%>

(To function, this requires turning off anonymous access in IIS for the folder this ASP is in. A design feature, according to MS. This particular code example above parses out the domain name of the username.)

And the ASP code is:

<html>

<head>
<meta http-equiv="Content-Language" content="en-us">
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Add Change</title>

<script language="JavaScript" src="../scripts/calendar.js"></script>

</head>

<body topmargin="0" leftmargin="0">

<table border="0" cellspacing="0" width="100%" height="4%" id="AutoNumber3" bgcolor="#000080" cellpadding="0" style="border-collapse: collapse" bordercolor="#111111">
<tr>
<td width="100%" height="25">
<p align="center"><font face="Arial Unicode MS" size="5" color="#FFFFFF">
Change Management</font></td>
</tr>
</table>
<div align="center">
<center>
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="593" height="90%" id="AutoNumber5">
<tr>
<td width="593" height="9" colspan="4">
<p align="center">
<font face="Arial Unicode MS" size="4">Enter New Change</font></td>
</tr>
<tr>
<td width="120" height="9" align="left">
<font face="Arial Unicode MS" size="2"><b>
Request Number:</b></font></td>
<td width="473" height="9" colspan="3">
<font size="1" face="Arial Unicode MS">(chosen from db, displayed automatically)</font></td>
</tr>
<tr>
<td width="120" height="9" align="left"><b>
<font face="Arial Unicode MS" size="2">
Requestor:</font></b></td>
<td width="473" height="9" colspan="3">
<span style="vertical-align: middle"><font face="Arial Unicode MS" size=3>
<!-- solution from

http://www.4guysfromrolla.com/webtech/020201-1.shtml

-->

<!-- <%Response.Write(Request.ServerVariables("auth_user&quot

)%> -->

<%
Dim strNTUser, iPos
strNTUser = RTrim(Request.ServerVariables("LOGON_USER&quot

)
iPos = Len(strNTUser) - InStr(1, strNTUser,"\",1)
strNTUser = Right(strNTUser, iPos)
Response.Write(strNTUSer)
%>

</font></span>
</td>
</tr>
<tr>
<td width="120" height="9" align="left"><b>
<font face="Arial Unicode MS" size="2">
E-mail:</font></b></td>
<td width="473" height="9" colspan="3">
<font size="1" face="Arial Unicode MS">(autofill based on login)</font></td>
</tr>
<tr>
<td width="120" height="9" align="left"><b>
<font face="Arial Unicode MS" size="2">
Status:</font></b></td>
<td width="473" height="9" colspan="3">
<input type="text" name="enterStatus" size="20" style="float: left"></td>
</tr>
<tr>
<td width="593" height="9" colspan="4"></td>
</tr>
<tr>
<td width="120" height="8"><b><font face="Arial Unicode MS" size="2">Server Name:</font></b></td>
<td width="473" height="8" colspan="3">
<form method="POST" action="--WEBBOT-SELF--" onSubmit="">
<input TYPE="hidden" NAME="VTI-GROUP" VALUE="0"><p>
<input type="text" name="enterServer" size="20" style="float: left"></p>
</form>
</td>
</tr>
<tr>
<td width="120" height="8"><b><font face="Arial Unicode MS" size="2">Production?
(Y/N):</font></b></td>
<td width="473" height="8" colspan="3">
<form method="POST" action="--WEBBOT-SELF--" onSubmit="return FrontPage_Form2_Validator(this)" language="JavaScript" name="FrontPage_Form2">
<input TYPE="hidden" NAME="VTI-GROUP" VALUE="1"><p>
<select size="1" name="D1" style="float: left">
<option>Yes</option>
<option>No</option>
</select></p>
</form>
</td>
</tr>
<tr>
<td width="163" height="4" colspan="3"><b>
<font face="Arial Unicode MS" size="2">
Description Of Change:</font></b></td>
<td width="430" height="8" rowspan="2">
<textarea rows="5" name="enterDesc" cols="40" style="float: left"></textarea></td>
</tr>
<tr>
<td width="120" height="4" colspan="2"> </td>
<td width="43" height="4"></td>
</tr>
<tr>
<td width="120" height="8">
<p align="left"><b><font face="Arial Unicode MS" size="2">Completion
Date:</font></b></td>
<td width="473" height="8" colspan="3" style="float: left; position: relative">

<!--solution for the following calendar form found at

http://javascript.internet.com/calendars/popup-date-picker.html-->

<form name=FrontPage_Form3 style="float: left" onsubmit="return FrontPage_Form3_Validator(this)" language="JavaScript">
<input type=text name="datebox" size=15 value="">
<a href="javascript:show_calendar('calform.datebox');" onmouseover="window.status='Date Picker';return true;" onmouseout="window.status='';return true;">
<img src="show-calendar.gif" width=24 height=22 border=0></a>
</form>

</td>
</tr>
<tr>
<td width="163" height="4" colspan="3"><b>
<font face="Arial Unicode MS" size="2">Additional
Comments:</font></b></td>
<td width="430" height="8" rowspan="2">
<textarea rows="3" name="enterComment" cols="40"></textarea></td>
</tr>
<tr>
<td width="120" height="4" colspan="2"><b><font face="Arial Unicode MS"> </font></b></td>
<td width="43" height="4"></td>
</tr>
<tr>
<td width="593" height="16" colspan="4">
<p align="center"><input type="submit" value="Submit" name="B1">
<input type="button" value="Cancel" name="B2" onClick="location.href='../change/home.htm'"></td>
</tr>
</table>
</center>
</div>

</body>

</html>

zcolton · Oct 16, 2003

I have two sets of code that will spit out the email address of the currently logged in user:

1) Requires Integrated Windows Authentication only
- Must be enabled on client (IE advanced properties)
- A username and password of an AD account that has the rights to search the AD needs to be hardcoded

Code:

<%@ Language=VBScript %>
<%
Option Explicit
Dim strUsername,con,rs,Com,objADsPath,objDomain
%>
<html>
<head>
</head>
<body>
<%
strUsername = Request.ServerVariables(&quot;auth_user&quot;)
strUserName = Right(strUserName, Len(strUserName) - InStrRev(strUserName, &quot;\&quot;))
Set objDomain = GetObject (&quot;GC://rootDSE&quot;)
objADsPath = objDomain.Get(&quot;defaultNamingContext&quot;)
Set objDomain = Nothing
Set con = Server.CreateObject(&quot;ADODB.Connection&quot;)
con.provider =&quot;ADsDSOObject&quot;
con.Properties(&quot;User ID&quot;) = &quot;BURLINGTON\adsearch&quot;
con.Properties(&quot;Password&quot;) = &quot;adsearch&quot;
con.open &quot;Active Directory Provider&quot;
Set Com = CreateObject(&quot;ADODB.Command&quot;)
Set Com.ActiveConnection = con
Com.CommandText =&quot;select mail FROM 'GC://&quot;+objADsPath+&quot;' where sAMAccountname='&quot;+strUsername+&quot;'&quot;
Set rs = Com.Execute
response.write rs(&quot;mail&quot;)
rs.Close
con.Close
Set rs = Nothing
Set con = Nothing
%>
</body>
</html>

2) Requires Basic Authentication
- Prompts for username and password]
- Domain name needs to hardcoded in line "con.Properties("User ID&quot

=

Code:

<%@ Language=VBScript %>
<%
Option Explicit
Dim strUsername,strUsernamea,strpassword,con,rs,Com,objADsPath,objDomain
%>
<html>
<head>
</head>
<body>
<%
strUsername = Request.ServerVariables(&quot;auth_user&quot;)
strpassword = Request.ServerVariables(&quot;AUTH_PASSWORD&quot;)
strUserNamea = Right(strUserName, Len(strUserName) - InStrRev(strUserName, &quot;\&quot;))
Set objDomain = GetObject (&quot;GC://rootDSE&quot;)
objADsPath = objDomain.Get(&quot;defaultNamingContext&quot;)
Set objDomain = Nothing
Set con = Server.CreateObject(&quot;ADODB.Connection&quot;)
con.provider =&quot;ADsDSOObject&quot;
con.Properties(&quot;User ID&quot;) = &quot;BURLINGTON\&quot;+strUsername
con.Properties(&quot;Password&quot;) = strpassword
con.open &quot;Active Directory Provider&quot;
Set Com = CreateObject(&quot;ADODB.Command&quot;)
Set Com.ActiveConnection = con
Com.CommandText =&quot;select mail FROM 'GC://&quot;+objADsPath+&quot;' where sAMAccountname='&quot;+strUsernamea+&quot;'&quot;
Set rs = Com.Execute
response.write rs(&quot;mail&quot;)
rs.Close
con.Close
Set rs = Nothing
Set con = Nothing
%>
</body>
</html>

LordBass · Oct 16, 2003

Wow. I got it working! For reference, here's how it's working for me:

1. Code is running on an ASP in a folder with 'anonymous access' turned off in IIS, as described above to allow the 'display username' javascript to work. (As a note, I have it working without requiring 'basic authentication' and also without checking the 'integrated windows authentication' box in IE - the latter of these is not an option for us as nearly all user's desktops are locked down and cannot be changed).

2. I used the code from the second example above, and removed the following three lines of code:

strpassword = Request.ServerVariables("AUTH_PASSWORD&quot

con.Properties("User ID&quot

= "BURLINGTON\"+strUsername
con.Properties("Password&quot

= strpassword

I was able to paste in the bits about 'VBScript' and have this successfully run along with the existing javascript. May not be groundbreaking stuff, but I'm impressed at least.

Since the ASP in question is already successfully obtaining the username of the logged-on user, I guessed it should be able to query AD without extra authentication. These may not be related, but it works.

zcolton - Thank you *so much* for your direction on this. Great to see the code in action. Piece by piece I'll pick this up.

Cheers,
Chris

zcolton · Oct 16, 2003

Post what you ended up with. I'ld like to see the changes you made.

LordBass · Oct 17, 2003

I'm pleased that this was possible to implement without hardcoding a LDAP server or any company information.. I'm reviewing the code to figure out how this works.

Here's my code. The section in question is bold:

<%@ Language=VBScript %>
<%
Option Explicit
Dim strUsername,strUsernamea,strpassword,con,rs,Com,objADsPath,objDomain
%>

<html>

<head>
<meta http-equiv="Content-Language" content="en-us">
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Add Change</title>

<script language="JavaScript" src="../scripts/calendar.js"></script>

</head>

<body topmargin="0" leftmargin="0">

<table border="0" cellspacing="0" width="100%" height="4%" id="AutoNumber3" bgcolor="#000080" cellpadding="0" style="border-collapse: collapse" bordercolor="#111111">
<tr>
<td width="100%" height="25">
<p align="center"><font face="Arial Unicode MS" size="5" color="#FFFFFF">
Change Management</font></td>
</tr>
</table>
<div align="center">
<center>
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="593" height="90%" id="AutoNumber5">
<tr>
<td width="593" height="9" colspan="4">
<p align="center">
<font face="Arial Unicode MS" size="4">Enter New Change</font></td>
</tr>
<tr>
<td width="120" height="9" align="left">
<font face="Arial Unicode MS" size="2"><b>
Request Number:</b></font></td>
<td width="473" height="9" colspan="3">
<font size="1" face="Arial Unicode MS">(chosen from db, displayed automatically)</font></td>
</tr>
<tr>
<td width="120" height="9" align="left"><b>
<font face="Arial Unicode MS" size="2">
Requestor:</font></b></td>
<td width="473" height="9" colspan="3">
<span style="vertical-align: middle"><font face="Arial Unicode MS" size=3>
<!-- solution from

http://www.4guysfromrolla.com/webtech/020201-1.shtml

-->

<!-- <%Response.Write(Request.ServerVariables("auth_user&quot

)%> -->

<%
Dim strNTUser, iPos
strNTUser = RTrim(Request.ServerVariables("LOGON_USER&quot

)
iPos = Len(strNTUser) - InStr(1, strNTUser,"\",1)
strNTUser = Right(strNTUser, iPos)
Response.Write(strNTUSer)
%>

</font></span>
</td>
</tr>
<tr>
<td width="120" height="9" align="left"><b>
<font face="Arial Unicode MS" size="2">
E-mail:</font></b></td>
<td width="473" height="9" colspan="3">
<font size="3" face="Arial Unicode MS">

<%
strUsername = Request.ServerVariables("auth_user&quot
strUserNamea = Right(strUserName, Len(strUserName) - InStrRev(strUserName, "\&quot)
Set objDomain = GetObject ("GC://rootDSE&quot
objADsPath = objDomain.Get("defaultNamingContext&quot
Set objDomain = Nothing
Set con = Server.CreateObject("ADODB.Connection&quot
con.provider ="ADsDSOObject"
con.open "Active Directory Provider"
Set Com = CreateObject("ADODB.Command&quot
Set Com.ActiveConnection = con
Com.CommandText ="select mail FROM 'GC://"+objADsPath+"' where sAMAccountname='"+strUsernamea+"'"
Set rs = Com.Execute
response.write rs("mail&quot
rs.Close
con.Close
Set rs = Nothing
Set con = Nothing
%>

</font>
</td>
</tr>
<tr>
<td width="120" height="9" align="left"><b>
<font face="Arial Unicode MS" size="2">
Status:</font></b></td>
<td width="473" height="9" colspan="3">
<input type="text" name="enterStatus" size="20" style="float: left"></td>
</tr>
<tr>
<td width="593" height="9" colspan="4"></td>
</tr>
<tr>
<td width="120" height="8"><b><font face="Arial Unicode MS" size="2">Server Name:</font></b></td>
<td width="473" height="8" colspan="3">
<form method="POST" action="--WEBBOT-SELF--" onSubmit="">
<input TYPE="hidden" NAME="VTI-GROUP" VALUE="0"><p>
<input type="text" name="enterServer" size="20" style="float: left"></p>
</form>
</td>
</tr>
<tr>
<td width="120" height="8"><b><font face="Arial Unicode MS" size="2">Production?
(Y/N):</font></b></td>
<td width="473" height="8" colspan="3">
<form method="POST" action="--WEBBOT-SELF--" onSubmit="return FrontPage_Form2_Validator(this)" language="JavaScript" name="FrontPage_Form2">
<input TYPE="hidden" NAME="VTI-GROUP" VALUE="1"><p>
<select size="1" name="D1" style="float: left">
<option>Yes</option>
<option>No</option>
</select></p>
</form>
</td>
</tr>
<tr>
<td width="163" height="4" colspan="3"><b>
<font face="Arial Unicode MS" size="2">
Description Of Change:</font></b></td>
<td width="430" height="8" rowspan="2">
<textarea rows="5" name="enterDesc" cols="40" style="float: left"></textarea></td>
</tr>
<tr>
<td width="120" height="4" colspan="2"> </td>
<td width="43" height="4"></td>
</tr>
<tr>
<td width="120" height="8">
<p align="left"><b><font face="Arial Unicode MS" size="2">Completion
Date:</font></b></td>
<td width="473" height="8" colspan="3" style="float: left; position: relative">

<!--solution for the following calendar form found at

http://javascript.internet.com/calendars/popup-date-picker.html-->

<form name=FrontPage_Form3 style="float: left" onsubmit="return FrontPage_Form3_Validator(this)" language="JavaScript">
<input type=text name="datebox" size=15 value="">
<a href="javascript:show_calendar('calform.datebox');" onmouseover="window.status='Date Picker';return true;" onmouseout="window.status='';return true;">
<img src="show-calendar.gif" width=24 height=22 border=0></a>
</form>

</td>
</tr>
<tr>
<td width="163" height="4" colspan="3"><b>
<font face="Arial Unicode MS" size="2">Additional
Comments:</font></b></td>
<td width="430" height="8" rowspan="2">
<textarea rows="3" name="enterComment" cols="40"></textarea></td>
</tr>
<tr>
<td width="120" height="4" colspan="2"><b><font face="Arial Unicode MS"> </font></b></td>
<td width="43" height="4"></td>
</tr>
<tr>
<td width="593" height="16" colspan="4">
<p align="center"><input type="submit" value="Submit" name="B1">
<input type="button" value="Cancel" name="B2" onClick="location.href='../change/home.htm'"></td>
</tr>
</table>
</center>
</div>

</body>

</html>

Thanks once again for the help!

jcaulder · Oct 23, 2003

Does anyone know what would prevent the 'department' from AD from displaying? Any time I reference the 'department' in the select clause, I get an 'unspecified error' returned from the asp page. I can reference it in the where clause with no error. So:

select name from 'GC://"+objADsPath+"' WHERE department ='Info*'"

works with no errors whereas

select department from 'GC://"+objADsPath+"' WHERE department ='Info*'"

returns the 'unspecified error'.

What could cause this? Are there 'view' rights set up within AD that would prevent displaying them?

Seems very unusual that it works in the 'where' but not in the 'select'.

Thanks

jbigham · Oct 23, 2003

You may have to take into account what happens when the value is NULL. I remember adding code for this, though I don't remember if it was for department or another object.

jcaulder · Oct 23, 2003

I thought that too initially. But in my 'where' clause in the example, you can see that I'm specifying the department='Info*' so any record returned must have a deparment like 'Info*'. It can't have a NULL value and still be returned from the query. The 'where' clause works correctly in referencing the 'department'. My query as written earlier returns 8 records from AD each associated with the Information Systems department. If I remove that part of the 'where' clause, all records are returned from AD. So the 'where department=' works, but the 'select department' does not.

Any other ideas on what might cause it? It sure has me stumped!

Thanks for the reply!

jbigham · Oct 23, 2003

Well, I'm no SQL guru...

but if a select works anything like a loop, you may not be able to do a check of:

Info* = NULL
Info* <> NULL
etc...

The reason I think this is we know, well almost know, that everyone probably has a name populated. Thus, this works fine. But we may not have gotten around to populating dept for everyone.

Don't know for sure though, sorry. You're welcome to have a copy of my endeavor if you wish, it's somewhat different and may/may not help. Just shoot me an email.

jcaulder · Oct 23, 2003

The thing is, I can select other NULL values such as 'telephonenumber' and I get no errors. As soon as I reference the 'department'in the 'select', even when I know it isn't NULL, I immediately get the error. I'm not even trying to write the recordset to html at this point. I'm just executing the query and still get the error. So it isn't related to displaying the results, it is related to the query itself. It almost appears that I don't have rights to 'select' the department. That is the only thing I can think of that would cause this.

Does AD allow you to limit/restrict viewing rights of fields? Can fields be blocked from running 'select' statements on them?

pReverend · Nov 14, 2003

I have the same problem...can't find any info on it and my Network Admin doesn't know. It has nothing to do with the field being empty as I can run a query with "Description" in the select portion and I get no error when there are records with no value for that attribute.

Anyone figure this one out???

digatle · Dec 19, 2003

I keep getting the following error when looking at some of these code:

Provider error '80004005'
Unspecified error
/test.asp, line 45

Line 45 is:
Set rs = Com.Execute

Is something not installed on my server correctly?

Digatle

pReverend · Dec 19, 2003

From what I've researched you have to enable "Trusted for Delegation" on the web server account and your domain must be native. Our domain is not native...so we'll see.

digatle · Dec 19, 2003

What do I need to do then to be able to use these scripts?

Digatle

pReverend · Dec 19, 2003

First thing is make sure you are on a native domain. If you have any W98 machines on the domain then more than likely you are not.
Enabling "Trusted for Delegation" is done under the Active Directory computer account for the web server. I can't remember what tab it's under.
If you are not the Net Admin pass this on to him and he should know.
I'm not 100% that this will allow your scripts to run but from what I've researched this is the starting point.

digatle · Dec 23, 2003

We are still struggling with this issue pReverend. Any other suggestions?

Digatle

zcolton · Dec 23, 2003

To all who are having problems:

Most issues are do to security. A few things to keep in mind. The account used to run the scripts needs to have the ability to search/read active directory. I configured a domain account that has those rights and configured that account for the anonymous account on the directory that contains the phonebook pages. That account also needs to have read rights on that directory and the files contain within. There other ways if you cannot make or do not want to make these changes in the server, but it would require you to hard code a username and password in the asp pages.

pReverend · Dec 23, 2003

zcolton,
I assume you can assign groups to read from this as well...that's what we did but no success. This is on an intranet where I get the client's username from iis so I cannot use anon logon. I compare the username with the sAMAccountName and collect info about the user that way. This prevents them from having to logon (again) which irritates most of our users under the current process.
The only time it worked reliably was when the web server was promoted to dc.
In your experience is it true you have to be on a native domain for these queries to work through trusted delegation?

zcolton · Dec 23, 2003

I am on a native domain, but I think I had this up and running before I switched to a native domain. My IIS server isn't a DC. It is a domain member. The lasted phonebook.zip I put up queries the global catalog (GC://) instead of LDAP. GC searches are faster than LDAP. There are this you can do to test connection. First start with the basics:

<%@ Language=VBScript %>
<%
Option Explicit
Dim objADsPath,objDomain
%>
<html>
<head>
</head>
<body>
<%
Set objDomain = GetObject ("GC://RootDSE&quot

objADsPath = objDomain.Get("defaultNamingContext&quot

Set objDomain = Nothing
Response.Write objADsPath & "<BR>"
%>
</body>
</html>

This should spit out your domain info.

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Example of ASP LDAP query string? 14

Programmer

IS-IT--Management

MIS

IS-IT--Management

MIS

IS-IT--Management

MIS

Programmer

IS-IT--Management

Programmer

IS-IT--Management

Programmer

Programmer

Technical User

Programmer

Technical User

Programmer

Technical User

IS-IT--Management

Programmer

IS-IT--Management

Similar threads

Log in

Part and Inventory Search

Sponsor