Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Example of ASP LDAP query string? 14

Status
Not open for further replies.

MikeBronner

Programmer
May 9, 2001
756
US
Could someone post an example of ASP code used to query LDAP without any proprietary components?

Thanks! Take Care,
Mike
 
His,
Try this first:
Code:
<%@ Language=VBScript %>
<%
Option Explicit
Dim objADsPath,objDomain
%>
<html>
<head>
</head>
<body>
<%
Set objDomain = GetObject ("GC://RootDSE")
objADsPath = objDomain.Get("defaultNamingContext")
Set objDomain = Nothing
Response.Write objADsPath & "<BR>"
%>
</body>
</html>

This should display your root adspath. This will first verify that you are connecting to the global catalog.
 
zcolton,

It gave me the two DC values. Do you want me to try plugging them in to your code?
 
So you can see the active directory. Next step is to query it.

Code:
<%@ Language=VBScript %>
<%
Option Explicit
Dim con,rs,Com,objADsPath,objDomain
%>
<html>
<head>
</head>
<body bgcolor="#CCCCCC">
<%
Set objDomain = GetObject ("GC://RootDSE")
objADsPath = objDomain.Get("defaultNamingContext")
Set objDomain = Nothing
Set con = Server.CreateObject("ADODB.Connection")
con.provider ="ADsDSOObject"
con.open "Active Directory Provider"
Set Com = CreateObject("ADODB.Command")
Set Com.ActiveConnection = con
Com.CommandText ="select department from 'GC://"+objADsPath+"' WHERE department ='*'"
Set rs = Com.Execute

Do While Not rs.EOF Or rs.BOF

Response.Write rs("department") & "<BR>"

rs.MoveNext
Loop
rs.Close

con.Close
Set rs = Nothing
Set con = Nothing
%>
</body>
</html>

This should give you a list of every department value you have configured in your user accounts.
 
Wow! zcolton, it is working now! You're a genius! Thanks a lot. I think I got it from here now... I appreciate your generosity and help.
 
Hi Zcolton!

I'm pretty new with doing web development. I have a main website with a link to the intranet. My boss want me to make that link authenticate through LDAP before letting them anyone in. I have no idea how to start this process. Could you tell me what are the steps that I must do first?
What are the infomation that you need to help me out?

Basically I just want my link to authenticate with LDAP and let the user in.

I currently using ASP and IIS.

Thank for the help in advance.
-Dave
 
Tangoblue,
The answer to your question is simpler than you think. It will take NO special coding on your part. You have only two steps:
1)Configure the security in IIS of the site you wish to protect to basic authentication only. Remove ALL other selections
2) Motify the NTFS security permisions of those folders to allow only the users and/or groups to read/execute those pages
That's all..
If you are looking for high security, I recommned doing some research of SSL
-zcolton
 
Hi Zcolton,

I hope you are still here. I was assigned onto another project, but now I'm back on this one. To refresh, I'm still trying to do the above posting. To authenticate a webpage through LDAP. In my last posting, I forgot to mentioned that I want it to authenticate it with Netscape LDAP server. Could you show me the code on how to connect to the server and authenticate it with the username and password. I'm currently using ASP and IIS.
 
I cant see the employeeID field. What can be? Please help me!!
My code:

<%@ Language=VBScript %>
<%
Option Explicit
Dim con,rs,Com,objADsPath,objDomain
%>
<html>
<head>
</head>
<body bgcolor="#CCCCCC">
<%
Set objDomain = GetObject ("GC://RootDSE")
objADsPath = objDomain.Get("defaultNamingContext")
Set objDomain = Nothing
Set con = Server.CreateObject("ADODB.Connection")
con.provider ="ADsDSOObject"
con.open "Active Directory Provider"
Set Com = CreateObject("ADODB.Command")
Set Com.ActiveConnection = con
Com.CommandText ="select employeeID from 'GC://"+objADsPath+"' WHERE sAMAccountname = 'fandrad'"
Set rs = Com.Execute

Do While Not rs.EOF Or rs.BOF

Response.Write rs("employeeID") & "<BR>"

rs.MoveNext
Loop
rs.Close

con.Close
Set rs = Nothing
Set con = Nothing
%>
</body>
</html>
 
Tangoblue:
Unfortunatly, I am not familiar with Netscape LDAP.

fandrad,
Try throwing the query at LDAP instead of GC
The global catalog does not have all fields replicated to it. If it turns out that you can get to through LDAP, you can add that field to the GC replication. M$ has a knowledgebase article explaining how to to that. I do not know which one off hand. You should still do a GC search when you put this code into production. GC searches are always faster (assuming the field is available.)

-zcolton
 
I try with ldap but show a error "Unspecified error" the employeeId field has a value.
I have the following schema:
controller domain : Windows 2003 standar edition
Web server: Windows 2000

I try all and i dont know what could be ...1
 
Z,

They got me at it again... Im sorry to bother you yet again... If im asking here its that I have already exhausted all my books and google searches.

Anyways, what I need to do is enumerate a specific distribution list from exchange, any samples/help you may have, I would greatly appreciate.

Thanks again
CN
 
CoolNutz,
What kind of distribution list? Is it a personal or system list? If it is a system list:
Code:
<%@ Language=VBScript %>
<%
Option Explicit
Dim objGroup,objMember,groupldap
%>
<html>
<head>
</head>
<body bgcolor="#CCCCCC">
<%
groupldap="[b]cn=groupname,dc=domain,dc=com[/b]"
Set objGroup = GetObject ("LDAP://"&groupldap&"")%>
<table border="0" cellpadding="0" bgcolor="#CCCCCC">
<%For each objMember in objGroup.Members%>
<tr><td><b><font face='Tahoma' size='2'><% response.write objMember.Name%></b></td></tr>
<%Next
Set objGroup=nothing%>
</table>
</body>
</html>

Replace the textstring for groupldap to match the distribution list.

Zac
 
Zac,

thanks for the quick response. I just get an error.
It is a System list, actually an exchange 2k3 distribution list.

error '80072032'
/tests/distlist.asp, line 14

Line 14 is the GetObject action.

Here's the code as I have it.

<%@ Language=VBScript %>
<%
Option Explicit
Dim objGroup,objMember,groupldap
%>
<html>
<head>
</head>
<body bgcolor="#CCCCCC">
<%
groupldap="cn=#all_managers,dc=<my domain>,dc=com"
Set objGroup = GetObject ("LDAP://"&groupldap&"")%>
<table border="0" cellpadding="0" bgcolor="#CCCCCC">
<%For each objMember in objGroup.Members%>
<tr><td><b><font face='Tahoma' size='2'><% response.write objMember.Name%></b></td></tr>
<%Next
Set objGroup=nothing%>
</table>
</body>
</html>

And for whatever reason I have never been able to use the Option Explicit

I always get an error with it.

I really appreciate the help!

CN
 
CN,
Verify the group. Is there really a '#' in the name? And is the group located in the root? I've tested this page with one of my lists:
cn=staff,cn=users,dc=<domain name>,dc=org

Option Explicit is really a good thing to have. It is quite usefull while debuging. It requires that variables be declared. If you mistype something, an option explicit is not set, it will identify items as variables if it is not recognized.
 
Z,

Unfortunately all of our dist lists have #s in front of them, I can only assume its to keep them at the top of the contact lists, not really my dept so i have no say in it. anyways, no I realized it wasnt in the group and i made the change and heres what i got

groupldap="OU=DISTLIST,CN=testlist,DC=<mydomain>,DC=ORG"

I verified it with one of our M$ specialist back there and it is correct, but im still getting the error. So to test the # theory he made a testlist for me and see how that goes.

As for the Option Explicit command, I would like to use it, but it gives me an error when I hit the page.

Microsoft VBScript compilation error '800a0400'

Expected statement

/tests/distlist.asp, line 5

Option Explicit
^


Ill post another msg in a few mins, when Exchange has had time to process the new list.

Thanks
CN
 
Z,

No luck, still geting the error...

Actually the number changed this time.

error '80072030'
/tests/distlist.asp, line 14


Any thoughts?

 
Z,

Got it, the problem was in the order of "cn=,dn=,"

Went from

groupldap="OU=DISTLIST,CN=testlist,DC=<mydomain>,DC=ORG"

to

groupldap="CN=testlist,OU=DISTLIST,DC=<mydomain>,DC=ORG"

And that seemed to work.

no for each member it displays

CN=<member name>
CN=<Member name>

...etc


How can i get rid of the CN= for each one?

Thanks
Mike

And the # still doesnt work, but ill find a workaround i guess.


 
CN,
Code:
<%@ Language=VBScript %>
<%
Option Explicit
Dim objGroup,objMember,groupldap
%>
<html>
<head>
</head>
<body>
<%
groupldap="[b]cn=groupname,dc=domain,dc=com[/b]"
Set objGroup = GetObject ("LDAP://"&groupldap&"")%>
<%For each objMember in objGroup.Members%>
<font face='Tahoma' size='2'><% response.write objMember.[COLOR=red]cn[/color]%><br>
<%Next
Set objGroup=nothing%>
</body>
</html>

To change what is displayed change the .cn to whatever field you want.

Z
 
I dont know what to say, youve come through again!

You should be working for M$, they need someone that knows what they are doing.

Thanks again Z!
 
CN,

If I worked for M$, I'ld have to include 300 lines of useless code, charge you lots of money for something that doesn't work and blame it on your system. But then I'll release a sevice pack that fixes the app and breaks everything else you have running.

Z
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top