Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Query LDAP for Groups User is a member of

Status
Not open for further replies.
snowxcross

snowxcross

IS-IT--Management
Aug 24, 2011
1
0
0
US
Hi guys, i have a ASP page that grabs the user that is logged into the PC (username, fname, lname, email, and givenName) Once grabbed, it posts to a HTML form, from their i can pass the criteria to a web site that accepts these specific parameters(Single Sign-on). This all works fine at the moment, but now i need to pass the groups the user belongs to and unfortunately i don't know how to write the code for that.

The trick is, a user belongs to alot of different groups in Active Directory that i DO NOT want to pull (I do not need all of them), so i believe i might need an IF statement that only looks for the specific groups i need. For example, if a user belongs to a group called (Excel 2010 - Level 1), and a group called (Laserjet2035-IT), i only want to post the Excel group. Does someone know the code for this?

My Code is below, any help would be much appreciated

Thank you

<%Option Explicit%>
<%
'On Error Resume Next
'variables declared
dim formAction, logoutUrl, errorUrl, securityKey
dim email, firstName, lastName, userName, groups
Dim sDNSDomain, sFilter, sQuery, sDN
Dim oConnection, oCommand, oRS, oUser
Dim activeDirectoryUser, activeDirectoryPassword
Dim ldapIp
Dim activeDirectoryGroup1, Group2, Group3, Group4, Group5

'''''''''''''''''' FILL THESE OUT ''''''''''''''''''''''
formAction = " Sign-on Site"
logoutUrl = " errorUrl = " securityKey = "A701D3BAE6EE964245BE7794B6814DFD063036B4BED7028B"
activeDirectoryUser = "SUSINC\training" 'should be format domain\username (example: microsoft\bgates)
activeDirectoryPassword = "********"
ldapIp = "172.20.2.5:389" 'the IP address and port of your LDAP server
sDNSDomain = "DC=susinc,DC=ad" 'example: DC=microsoft,DC=com
'''''''''''''''''' END FILL THESE OUT ''''''''''''''''''''''

'acquire user information
userName=Request("AUTH_USER")


'set the ldap query string for ado
Set oConnection = CreateObject("ADODB.Connection")
Set oCommand = CreateObject("ADODB.Command")
oConnection.Provider = "ADsDSOOBject"

'The user to run the LDAP query as. Doesn't need any special privileges
oConnection.Properties("User ID") = activeDirectoryUser
oConnection.Properties("password")= activeDirectoryPassword
oConnection.Open "Active Directory Provider"
Set oCommand.ActiveConnection = oConnection

if InStr(1,userName, "\") then
userName = Mid(userName, InStr(1,userName, "\")+1)
end if

sFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" & userName & "));givenName,sn,mail,distinguishedName;subtree"
sQuery = "<LDAP://" & ldapIp & "/" & sDNSDomain & ">;" & sFilter & ";DistinguishedName;subtree"

oCommand.CommandText = sQuery
oCommand.Properties("Timeout") = 30

Set oRS = oCommand.Execute

if not oRS.EOF then
email = oRS.Fields("mail")
firstName = oRS.Fields("givenName")
lastName = oRS.Fields("sn")
Set oUser = nothing
end if

oRS.Close
Set oRS=Nothing
oConnection.Close
Set oCommand = Nothing
Set oConnection = Nothing
%>
</SCRIPT>
<html>
<head>
<META http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title><%Request.ServerVariables("SERVER_NAME") %></title>
<style type="text/css">
<!--
TD {
color: #000000;
background-color: #FFFFFF;
font-family: Verdana, Arial;
font-size: 12px;
}
HR {
height: 1px;
color: #A52A25;
}
.row {
font-size: 10px;
}
.header {
color: #555555;
background-color: #F4F4F4;
border:1px solid #555555;
}
.alert {9:47 AM 11/15/2005
padding:20px;
color: #000000;
font-family: Verdana, Arial;
font-size: 10px;
font-weight: bold;
}
.formbutton {
color: #000000;
background-color: #F4F4F4;
font-family: Verdana, Arial;
font-size: 10px;
text-transform: uppercase;
width: 120px;
height: 24px;
}
-->
</style>
</head>
<body>

<table>
<tr>
<td style="padding-bottom:10px">
<font size="4" color="#A52A25">Single Sign-on Test</font>
<td>
</tr>
<% if not IsEmpty(Request.QueryString("error")) then %>
<tr>
<td>
Response from the server:<br><br>
<span class="alert">
<%= Request.QueryString("error") %>
</span>
</td>
</tr>
<tr>
<td style="padding-top:10px;padding-bottom:20px">
<span class="alert">
<input class="formbutton" type="button" value="okay"
onclick="location.href='sso.asp'">
</span>
</td>
</tr>
<% end if %>
<tr>
<td>
The following form parameters will be POSTED to the server:
</td>
</tr>
</table>

<table border="0" cellpadding="5" cellspacing="2"
style="border:1px solid #A52A25;margin:20px">

<!-- FORM BEGINS HERE -->
<form action="<%= formAction %>" method="post">

<!-- TABLE HEADER -->
<tr>
<td width="200" class="row header">
request parameter
</td>
<td width="120" class="row header">
form value
</td>
<td class="row header">
req. (y/n)
</td>
</tr>
<!-- USER ID -->
<tr>
<td class="row">
user.id
</td>
<td class="row">
<%= userName %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- FIRST NAME -->
<tr>
<td class="row">
user.first.name
</td>
<td class="row">
<%= firstName %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- LAST NAME -->
<tr>
<td class="row">
user.last.name
</td>
<td class="row">
<%= lastName %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- EMAIL -->
<tr>
<td class="row">
user.email
</td>
<td class="row">
<%= email %>
</td>
<td align="center" class="row">
n
</td>
</tr>
<!-- GROUPS -->
<tr>
<td class="row">
user.group.name
</td>
<td class="row">
' This should add the group to the form
</td>
<td align="center" class="row">
n
</td>
</tr>
<!-- DIVIDER -->
<tr>
<td colspan="3" style="padding:0px">
<hr>
</td>
</tr>
<!-- SECURITY KEY -->
<tr>
<td class="row">
security.key
</td>
<td class="row">
<%= securityKey %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- ERROR URL -->
<tr>
<td class="row">
security.error.url
</td>
<td class="row">
<%= errorUrl %>
</td>
<td align="center" class="row">
n
</td>
</tr>
<!-- LOGOUT URL -->
<tr>
<td class="row" style="padding-bottom:15px">
security.logout.url
</td>
<td class="row" style="padding-bottom:15px">
<%= logoutUrl %>
</td>
<td align="center" class="row" style="padding-bottom:15px">
n
</td>
</tr>
<tr>
<td colspan="3" align="right">
<input class="formbutton" type="submit" value="login">
</td>
</tr>

<% if not IsEmpty(email) Then %>
<input name="user.email" type="hidden" value="<%= email %>">
<% end if %>
<input name="security.key" type="hidden" value="<%= securityKey %>">
<input name="security.error.url" type="hidden" value="<%= errorUrl %>">
<input name="security.logout.url" type="hidden" value="<%= logoutUrl %>">
<input name="user.id" type="hidden" value="<%= userName %>">
<input name="user.first.name" type="hidden" value="<%= firstName %>">
<% if not IsEmpty(lastName) Then %>
<input name="user.last.name" type="hidden" value="<%= lastName %>">
<% end if %>
</form>
<!-- FORM ENDS HERE -->
</table>

</body>
</html>
 
Status
Not open for further replies.

Similar threads

penguinspeaks
  • Locked
  • Question
Parse a database field that is comma delimited and input the results into another table
Replies
0
Views
76
penguinspeaks
penguinspeaks
leifoet
  • Locked
  • Question
How to check if a datatable is empty ?
Replies
0
Views
78
leifoet
leifoet
leifoet
  • Locked
  • Question
First execute an input command and only then proceed with displaying the next record of the table
Replies
0
Views
60
leifoet
leifoet
JScannell
  • Locked
  • Question
Border issue with Google Chrome on an Android phone
Replies
0
Views
76
JScannell
JScannell
leifoet
  • Locked
  • Question
Wrong code in a href ?
Replies
1
Views
78
leifoet
leifoet

Part and Inventory Search

Sponsor

Back
Top