Accessing Info via LDAP

[ZernanToledo]

This problem is driving me round the bend.

I'm building an Intranet system in ASP and need to access user info (Name, Delivery Address, Email, Phone etc) to display on departmental homepages. However, I'm having a nightmare actually getting the info via LDAP. Does anyone have any experienceor advice with this? So far, my code looks like this...

Code:

' Get Domain name from RootDSE object.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDomain = objRootDSE.Get("DefaultNamingContext")

sDomainADsPath = "LDAP://" & strDomain
set connection = Server.CreateObject("ADODB.Connection")
connection.provider = "ADsDSOObject"
Connection.Open "ADSI"

Set RS = Connection.Execute("SELECT name,ADsPath,displayname,physicaldeliveryofficename,department,telephonenumber,mail,title,samaccountname,description,member FROM " & sDomainADsPath & "WHERE sn='Surname'")

While Not RS.EOF 
	for i = 0 To RS.Fields.Count - 1
		IF RS.Fields(i).Type = adVariant AND NOT (IsNull(RS.Fields(i).Value)) THEN 
			FOR j = LBound(RS.Fields(i).Value) TO UBound(RS.Fields(i).Value)
				Entry = Entry & RS.Fields(i).Value(j) & vbTab
			NEXT 
		ELSE 
			Entry = Entry & RS.Fields(i).Value & vbTab
		END IF 
		
		IF Index = RS.Fields.Count - 1 THEN 
			Response.Write Entry & "<br>"
		END IF 
		Index = Index + 1 
	next  
	Entry = " " 
	Index = 0
	RS.MoveNext
Wend

However, i am just now getting '80072020' errors on line 12 (highlighted), and as I'm far from a network Admin man, i've really no idea what's going wrong.

Once I've got the info and can display it, then I can think about filtering it by department. (i.e IF department = Information+Technology THEN Response.Write)

I'd really appreciate if anyone can help on this, as Its the last hurdle in getting the intranet complete.

[jimfraser]

I never got anywhere with LDAP, did you check out this page?
http://www.4guysfromrolla.com/webtech/041800-1.shtml

[Kupo?]

I fought with this for awhile and finally got it working. If you have a 2003 server you have to pass admin credentials, but I didn't when it was 2000. I also had to disable anonymous access to the directory through IIS, though this might just be because of my implementation.

The following is my code for looking up user info by logon (sAMAccountName).

Code:

set conn = CreateObject("ADODB.Connection")
conn.provider = "ADSDSOObject"
conn.Properties("User ID") = "domain\login"
conn.Properties("Password") = "password"
conn.Properties("Encrypt Password") = True
conn.open "ADs Provider"

set gui = conn.execute("SELECT distinguishedName, givenName, sn, mail, description, physicalDeliveryOfficeName, telephoneNumber, l, postalCode, st, homePhone, streetAddress, displayName, department FROM 'LDAP://servername' WHERE objectClass='user' AND sAMAccountName='"&logonName&"'")

Please feel free to ask any questions. I wrestled with this on and off for a week.

[ZernanToledo]

Thanks Kupo

My biggest problem with getting this working is an unhelpful IT department. What I need to know first is what parts of the connection string need to be given to me by IT.

For example, from the above 4guys example:

Code:

SQLStmt = "SELECT cn " & _
          "FROM 'LDAP://LDAPSERVER:1003/o=microsoft/ou=members' " & _
          "WHERE objectClass='*'"

		Set Conn = CreateObject("ADODB.Connection")
		Conn.Provider = "ADSDSOObject"
			
		Conn.Open "ADs Provider", _
				  "cn=Administrator,ou=members,o=microsoft", _
				   "secret"

Obviously i need to know what my version of LDAP://LDAPSERVER is, but when asking for say, the value of o and ou, what should I ask for? I've tried sending the code to them to 'fill in', but they instead send me back 'clues' of what to do without offering any real assistance. I want to ask them is precise terms for the info I need. So I guess that would mean:

LDAP:// ---------------------- LDAP Server
o -----------------------------
ou ----------------------------
cn ----------------------------
"secret" ----------------------- password?

Also, I'm not wanting to acess via objectClass but department, so I take it my WHERE would be for example:

Code:

WHERE department = 'Corporate+Communications'

I'm afraid Networks are at the very edge of my expertise ;o)

[Kupo?]

Honestly, I tried to get the 4guys method to work for a few days then I scrapped it. I have pretty decent AD and ASP knowledge and I couldn't get it working.

So all you really need from IT is an admin username and password and any server that AD/LDAP replicates to that you want to pull information from.

And yes..

Code:

WHERE objectClass='user' AND department='department name'

would work fine. I've found if you add the objectClass it makes searches faster because it only searches actual users instead of groups or anything else.

[ZernanToledo]

Cool, thanks. Appreciate the tips!

I've started again based on your code (although i am told by IT that i am to filter by Group instead of department, but here am testing with surname). However the following code gets a 80004005 error. Any thoughs as to why? I get the notion that its some kind of permission error, but what permissions?

Code:

<%
set objConnection = CreateObject("ADODB.Connection")
objConnection.provider = "ADSDSOObject"
objConnection.Properties("User ID") = *****
objConnection.Properties("Password") = *****
objConnection.Properties("Encrypt Password") = True
objConnection.open "ADs Provider"

set gui = objConnection.execute("SELECT distinguishedName, givenName, sn, mail, description, physicalDeliveryOfficeName, telephoneNumber, l, postalCode, st, homePhone, streetAddress, displayName, department FROM 'LDAP://mydomain.com' WHERE sn='name'")
%>

[bslintx]

I use this daily on an intranet

Code:

<&#37;
  Dim oConn

  Sub connActiveDir(sLogonDomain, sLogon, sPassword)   
   Set oConn = CreateObject("ADODB.Connection")
   Set oRS = CreateObject("ADODB.Recordset")
   oConn.Open ("Data Source=Active Directory Provider;Provider=ADsDSOObject;" & _
               "User ID=" & sLogonDomain & "\" & sLogon & ";password=" & sPassword & ";")    
  End Sub

  Function getDomain()  
   Set objRootDSE = GetObject("LDAP://RootDSE")
   sConfig = objRootDSE.Get("configurationNamingContext") 
   getDomain = objRootDSE.Get("defaultNamingContext")
  End Function

  Function getLogon()
   getLogon = (Mid(Request.ServerVariables("LOGON_USER"), _
         InStrRev(Request.ServerVariables("LOGON_USER"), "\") + 1))
  End Function  

  Function GetUserDepartment(sDomain, sLogon)
   Set oRS = oConn.Execute("SELECT department " & _
                           "FROM 'LDAP://" & sDomain & "' " & _
                           "WHERE samaccountname='" & sLogon & "'")

    If Not oRs.EOF Then
     GetUserDepartment = oRs("department")
    Else
     GetUserDepartment = "No Department Listed"
    End If
  End Function


  ' Call Function to connect to Active Directory
  ' Requires 3 parameters
  ' 1.)The domain you are logging on to
  ' 2.)A valid Active Directory Logon
  ' 3.)The password to logon to the (1.)Domain and signed under (2.)Logon
 
  connActiveDir "wallyworld", "joe.blow;", "%47%21323$"
  
  ' Call a function to simply display the department of a user that is Currently logged on
  Response.Write "Your Department - " & GetUserDepartment(getDomain, getLogon)
   
%>

[Kupo?]

Zernan are you connecting to a 2000 or 2003 server? Yeah it sound like a perm issue. What is the full 80004005 error you're getting?