Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Example of ASP LDAP query string? 14

Status
Not open for further replies.

MikeBronner

Programmer
May 9, 2001
756
US
Could someone post an example of ASP code used to query LDAP without any proprietary components?

Thanks! Take Care,
Mike
 
no chance! it supports standard ldap queries, i'm sure its not a problem. Anyway you did not answer my original question, can the ADODB object be used to connecting to any other directory apart from Active Directory?
 
Sorry,
The ADODB object can be used.
I have no examples for the cisco ldap server though.
 
No problem! Ok thats a start, to know it can be used, i can troubleshoot more. I still have another doubt, I was reading around that to run the script with the ADODB object you need to run the ADSI in the machine, is this true?
 
I thought this was the problem, ADSI is not installed on my server :-[ If somebody that reads this and knows for sure that ADSI DOESN'T need to be installed, I would appreciate a post.
 
Hey Z, hope all is well, I see almoes is keeping you on your toes... quick question, trying to figure out if a user is a member of a dist list, this is what I got so far, no errors, but its not giving me the correct results, am i doing it right?

SET mgrVerify = con.Execute("SELECT displayName from 'LDAP://CN=\#ALL_MANAGEMENT,OU=DISTLIST,DC=<mydomain>,DC=ORG' WHERE displayName = '" & formuser & "'")
If mgrVerify.EOF Then
Response.write("Not a Manager")
Else
Response.write ("Manager")
End If

formuser is "displayName" and pulled earlier in the app from and made from a session variable, and if i do a response.write(formuser) it is correct.

Any thoughts?

Thanks
CN
 
Would it be possible to use the Insert SQL statement to create Actice Directory objects?
I'd like to do this from an asp page.
thanks!
 
CN

This code will list all groups a user is a member of:
Code:
<%@ Language=VBScript %>
<%
Option Explicit
Dim strUsername,con,rs,Com,objADsPath,objDomain,membership,group
%>
<html>
<head>
</head>
<body>
<%
strUsername = "<put the user name in here>"
strUserName = Right(strUserName, Len(strUserName) - InStrRev(strUserName, "\"))
Set objDomain = GetObject ("GC://rootDSE")
objADsPath = objDomain.Get("defaultNamingContext")
Set objDomain = Nothing
Set con = Server.CreateObject("ADODB.Connection")
con.provider ="ADsDSOObject"
con.open "Active Directory Provider"
Set Com = CreateObject("ADODB.Command")
Set Com.ActiveConnection = con
Com.CommandText ="select memberof FROM 'GC://"+objADsPath+"' where sAMAccountname='"+strUsername+"'"
Set rs = Com.Execute
membership=rs("memberof")
rs.Close
con.Close
Set rs = Nothing
Set con = Nothing
For each group in membership
 response.write group&"<br>"
Next
%>
</body>
</html>

When you get the array of groups you can just search the array for the membership you are looking for.
Sorry It took so long to respond. I've been quite busy this summer. I run a network for a k-12 school district. My summer consists of complete network/workstation/server overhauls.

Z
 
rescueswimmer,

Let me clarify before I get shot down:
LDAP quesries done with the methods of SQL statements are read only.

zcolton
 
Hey Z,

Thanks for the response. No problem with the delay. Wasnt a show stopper. I'll give that a shot and see what happens. Good luck with this school year!

CN
 
FYI - I have finally come up with a .Net version of your address book. However, it is not exactly the same. I can post or e-mail the source code if anyone needs it. It could at least be a starting point for you since I am quite a novice at accessing Active Directory via .Net.

Will
 
Please send me a copy. I would love to see what you have.

zcolton@burltwpsch.org
 
I am looking for the code from FREDB23. Here is his text.
---Hello people,
I've done a simple asp identification form that check if a user exist against Active directory.
It takes username and password from the form then submit an sql query like this :
strSQL = "SELECT cn FROM 'GC://"+domainName+"' WHERE objectCategory='person' AND sAMAccountname ='"+userName+"' "
It works fine and return the complete name of the user.
Question: how can I know what group this user is a member of ?? (wich directory in the domain is he in)
What should be the sql ??
Thanks a lot for your time.---
I have the user form, I am looking for the asp script.
 
List groups user is member of:

Code:
strSQL="select memberof FROM 'GC://"+objADsPath+"' where sAMAccountname='"+strUsername+"'"
memberof retruns an array, so you will need to grab each item in the array
Code:
membership=recordset("memberof")
For each group in membership
 response.write group&"<br>"
Next

To get Active Directory Path of user:
Code:
strSQL="select AdsPath from 'GC://"+domainName+"' WHERE sAMAccountname ='"+userName+"'"


zcolton
 
Correction

Code:
strSQL="select memberof FROM 'GC://"+domainName+"' where sAMAccountname='"+strUsername+"'"

Just want to keep the code consistant to yours..

z
 
Used the following code and looks like I have to correct a security setting in IIS to finish testing. I get the 'table does not exist' error message. To recap what I am trying to accomplish. I want to have a page on our intranet that a user can access based on their active directory group status. I don't want them to have to enter in their user information all over again. Am I heading in the right direction with the following code?

<%@ Language=VBScript %>
<%
Option Explicit
Dim strUsername,con,rs,Com,objADsPath,objDomain,membership,group
%>
<html>
<head>
</head>
<body>
<%
strUsername = Request.ServerVariables("auth_user")
strUserName = Right(strUserName, Len(strUserName) - InStrRev(strUserName, "\"))
Set objDomain = GetObject ("GC://rootDSE")
objADsPath = objDomain.Get("defaultNamingContext")
Set objDomain = Nothing
Set con = Server.CreateObject("ADODB.Connection")
con.provider ="ADsDSOObject"
con.open "Active Directory Provider"
Set Com = CreateObject("ADODB.Command")
Set Com.ActiveConnection = con
Com.CommandText ="select memberof FROM 'GC://"+objADsPath+"' where sAMAccountname='"+strUsername+"'"
Set rs = Com.Execute
membership=rs("memberof")
rs.Close
con.Close
Set rs = Nothing
Set con = Nothing
For each group in membership
response.write group&"<br>"
Next
%>
</body>
</html>
 
Let me see if I understand:
You want to restrict access based on the security group they are in?
You don't need to code anything in the pages. Set the NTFS file security permissions on the folders/files just like you would on any other network resource. Set the IIS authentication method for the folder to be Windows Integrated (disable all others). When you do this, you will need to make sure that the client's browser can support it and it is enabled.

zcolton
 
Z,

Not restrict access, I want to redirect them to certain pages based on the group they are in.

Here is the rough case statement. I would replace admin with different groups.

<%If group="" then
Response.Redirect("invalid.asp")
%>

<%end if
select case lcase(group)
case "admin","admin"
response.Redirect("admin.asp")
case "admin"
response.Redirect("page1.asp")
case "admin"
response.Redirect("page2.asp")
end select%>
 
OK Now I understand. I have a few pages that does that:
Here is some of my code:

Code:
username=Request.ServerVariables("AUTH_USER")
username=lcase(Right(username, Len(username) - InStrRev(username, "\")))
set ADSysInfo = CreateObject("ADSystemInfo")
set CurrentUser = GetObject("LDAP://" & ADSysInfo.UserName)
if IsArray(CurrentUser.MemberOf) then
 strGroups = LCase(Join(CurrentUser.MemberOf))
 else
  strGroups = LCase(CurrentUser.MemberOf)
end if
set ADSysInfo = nothing
set CurrentUser = nothing

if instr(strGroups, "cn=cst") then
 cstcheck=1
end if
A few things to keep in mind. This is for security group membership, NOT the AD OU they are in. That is two different things all together. Also, you will need to take a look at the names of the security group. For what I have the complete list of groups a user is a member of is join into a string. I then search that string for the name of the security group. You'll need to do some testing to see what this gives you in your environment. But this should get you pointed in the right direction.

zcolton
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top