LDAP GROUPS 1

[gethbyron]

How do I use LDAP to find out what group(s) a user belongs to.

 

[brushenas]

First of all, you need to get the user's DN (Distinguished name) based on a selection criteria. For instance if your user Id (login name) is called "jdoe" and stored in an attribute called "UID", you have to query the LDAP directory based on the selection criteria such as "(&(objectclass=Person)(uid=jdoe))" and return the users'DN.
Once you have the user's DN, you can run a second query to retrieve all the groups the user is a member of. For that you need to know what Group objectclass you are using. If you use "GroupOfNames" object class your filter would be something like "(objectclass=GroupOfNames)(member=%USerDN%))" the %USerDN% variable is what you retrieved in the previous step. But if your group objectclass is "GroupOfUniqueNames", you need to replace the previous filter by "(objectclass=GroupOfUniqueNames)(Uniquemember=%USerDN%))".
Note that with Active Directory, you can directly retrieved the list of the groups at the user entry level. The group names (Their DNs) are stored in the multi-attribute called "MemberOf"
I hope that can help.
Behruz

 

[zcolton]

<%@ Language=VBScript %>
<html>
<head>
</head>
<body>
<%
strUsername = request.queryString("user")
strUserName = Right(strUserName, Len(strUserName) - InStrRev(strUserName, "\"))
Set objDomain = GetObject ("GC://rootDSE")
objADsPath = objDomain.Get("defaultNamingContext")
Set objDomain = Nothing
Set con = Server.CreateObject("ADODB.Connection")
con.provider ="ADsDSOObject"
con.open "Active Directory Provider"
Set Com = CreateObject("ADODB.Command")
Set Com.ActiveConnection = con
Com.CommandText ="select memberof FROM 'GC://"+objADsPath+"' where sAMAccountname='"+strUsername+"'"
Set rs = Com.Execute
membership=rs("memberof")
rs.Close
con.Close
Set rs = Nothing
Set con = Nothing
For each group in membership
 newgroup=split(group,"=")
 response.write left(newgroup(1), len(newgroup(1))-3)&"<br>"
Next
%>
</body>
</html>

zcolton