LDAP Queries & Byte Arrays

[Grasty]

Im having some trouble trying to get an LDAP Query (Non Active Directory) to pull some information

 

Specifically, I can get the Query to pull some fields like givenname, ou, title. But not other fields like city and State.

 

After playing with it for a while, I tried pulling the data in Powershell and noticed that some fields are stored as text and others are stored as byte arrays

It seems that I can successfully query any of the fields with text in them, and none of the fields with byte arrays work. 

 

If I try and pull the byte array fields I end up with a COM Error

Running LDAP Query....
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@ COM Error Intercepted!
@@   err.description is : Unspecified error
@@   err.windescription : Exception occurred.
@@        err.number is : 80020009
@@     err.lastdllerror : 0
@@       err.scriptline : 215
@@        err.source is : Provider
@@         err.helpfile : 
@@      err.helpcontext : 1240640
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

And here is my code - Line 215 is $oRecordSet = $oComm.Execute() 

expandcollapse popup

$Location = _Ldap_Search("test.user","city","cn")
MsgBox(0,"",$Location)

Func __Ldap_SetQueryString($sSearchVal,$sReturnFields,$sSearchField,$sLdapServer)
    ;Construct LDAP Query String using passed parameters
    $g_sLdap_QueryString = StringFormat("SELECT %s FROM 'LDAP://%s' WHERE %s = '%s'", $sReturnFields,$sLdapServer,$sSearchField,$sSearchVal)
    ;Return "SELECT " & $sReturnFields & " FROM 'LDAP://" & $sLdapServer & "' WHERE " & $sSearchField & " = '" & $sSearchVal & "'"
    Return $g_sLdap_QueryString
EndFunc

Func _Ldap_Search($sSearchVal,$sReturnFields=Default,$sSearchField=Default,$sLdapServer=Default)

    Local Const $DEFAULT_RETURN_FIELDS = "givenName,sn,mail,title,ou"
    Local Const $DEFAULT_SEARCH_FIELD  = "uid"
    Local Const $DEFAULT_LDAP_SERVER   = "ldap.server.com:389"

    ;Set Defaults
    If $sReturnFields = Default Then $sReturnFields = $DEFAULT_RETURN_FIELDS
    if $sSearchField  = Default Then $sSearchField  = $DEFAULT_SEARCH_FIELD
    if $sLdapServer   = Default Then $sLdapServer   = $DEFAULT_LDAP_SERVER

    $g_sLdap_ErrorMessage = ""

    ;Intialize Locals
    Local $oConnection  = ObjCreate("ADODB.Connection")
    Local $oRecordSet   = ObjCreate("ADODB.RecordSet")
    Local $oComm        = ObjCreate("ADODB.Command")
    Local $oRecordSet   = Null
    Local $sQuery       = "", $sUser = ""
    Local $asUsers      = Null                                         ;Will Contain array of Search Criteris (1 or more items)
    Local $iCount       = 0
    Local $asProperties = StringSplit($sReturnFields,",",$STR_NOCOUNT) ;Property Names that will be Returned from LDAP
    Local $asSearchVals = StringSplit($sSearchVal,",",$STR_NOCOUNT)    ;Value(s) that will be used as LDAP Search Criteria

    Local $asReturnVal[0][0]                                           ;2D array returned by func (will redim to match caller spec later)

    ReDim $asReturnVal[UBound($asSearchVals)+1][UBound($asProperties)+1]
    ;Assign search criteria attribute name to element[0][0]
    $asReturnVal[0][0] = $sSearchField

    ;Assign search result attribut names to elements [0][1..n]
    For $i = 1 to UBound($asSearchVals)
        $asReturnVal[$i][0] = $asSearchVals[$i-1]
    Next
    For $j = 1 to UBound($asProperties)
        $asReturnVal[0][$j] = $asProperties[$j-1]
    Next

    ;Setup ADODB objects for LDAP query
    $oConnection.Provider = "ADsDSOObject"
    $oConnection.Open("ADs Provider")
    ;__Ldap_ConsoleWriteLine("Isobj : " & IsObj($oConnection))
    $oComm.ActiveConnection = $oConnection

    ;Prep array for multiple queries
    $asUsers=StringSplit($sSearchVal,",",$STR_NOCOUNT)

    ;Query LDAP with each Search Value
    For $sUser In $asUsers
        $iCount = $iCount + 1
        $sQuery = __Ldap_SetQueryString($sUser,$sReturnFields,$sSearchField,$sLdapServer)
        $oComm.CommandText = $sQuery
        $oComm.Properties.Item("Page Size") = 50
        $oComm.Properties.Item("Timeout") = 30

        $oRecordSet = $oComm.Execute()
        if @error Then
            $g_sLdap_ErrorMessage = "Ldap ERROR: " & "Make sure you are connected to the corporate nextwork."
        Else
            While Not $oRecordSet.EOF

                ;Assign Property Values to 2-D Array
                For $j = 1 to UBound($asReturnVal,2)-1
                    $asReturnVal[$iCount][$j] = $oRecordSet.Fields.Item($asReturnVal[0][$j]).Value[0]
                Next

                $oRecordSet.MoveNext
            WEnd
        EndIf
    Next
    __Ldap_SetSearchResult_FmtArray($asReturnVal)
    __Ldap_SetSearchResult_FmtList($asReturnVal)
    $g_asLdap_SearchResult = $asReturnVal
    Return($asReturnVal)

EndFunc

 

 

Edited September 13, 2017 by Grasty

[Grasty]

Also if it helps, I get a similar issue if i do OpenLDAP instead of using the ADO Connection

$LDAP = ObjGet("LDAP://ldap.test.com/cn=test_user,DC=test,DC=com")

MsgBox(0,"",$LDAP.city)

 

"D:\Repo\projects\ldap.au3" (38) : ==> Variable must be of type "Object".:
MsgBox(0,"",$LDAP.city)
MsgBox(0,"",$LDAP^ ERROR

 

[Grasty]

any ideas? Still havent managed to get this to work. 

[water]

You need to add a COM error handler to your script.
When ObjGet returns an error the $LDAP is undefined and raises an error when used.

Check the help file for ObjEvent for a COM error handler example.

[Grasty]

I was using an Error Handler, but i replaced it with the one in the help file and i still get the same error

 

    err.number is:         0x80020009
    err.windescription:    Exception occurred.

    err.description is:     Unspecified error
    err.source is:         Provider
    err.helpfile is:     
    err.helpcontext is:     1240640
    err.lastdllerror is:     0
    err.scriptline is:     218
    err.retcode is:     0x80004005

[water]

Strange. In your OP it crashes at line 38, now the error is shown on line 218

[Grasty]

in the OP it crashes at Line 215 and now 218 ... Its still the same line though ( $oRecordSet = $oComm.Execute()  ). The only difference is when i was trying stuff and removed what i tried i left some extra blank lines in so it shifted that line down 3 lines. 

The file that im using has a bunch of other functions that arent related to the issue im having (and are never called) so i only pasted the relevant code ... so maybe its line 38 in the code i pasted, but its 215 (and now 218) in the file im working with. 

 

Either way the code im using hasnt changed except for a couple extra blank lines that shifted some code downwards. 

Edited September 19, 2017 by Grasty

[water]

I was talking about line 38 in post #2.
Nevertheless, HRESULT 0x80020009 is a general error and hard to diagnose.

What's the difference between givenname, ou, title and city or State? A different data type?
Which error message do you get when you query a non existing property like "xyz"?

[Grasty]

Got sidetracked with other stuff and just circling back to this. 

 

Querying the city or state field provides the same error as if you attempt to query a field that doesnt exist

 

and givenname, ou, title are in a normal string format from what i can tell, and city/state are in some kind of binary format like Byte Array or BLOB. There is a powershell screenshot in the original post that shows the city/state/title for examples. For example, if you look at the state field it lists {73 76}, and in powershell if you do [char]73 + [char]76 then it will give you the proper state (IL).

 

But for whatever reason the LDAP Query will not grab that data since it is in that weird binary/byte array/blob format

 

And the code in Post 2 was an attempt to query LDAP using a different method to show that it doesnt work using that simplified method either. That is completely different code than what is in Post 1 and Post 5

 

 

Edited September 27, 2017 by Grasty