Grasty

LDAP Queries & Byte Arrays

9 posts in this topic

#1 ·  Posted (edited)

Im having some trouble trying to get an LDAP Query (Non Active Directory) to pull some information

 

Specifically, I can get the Query to pull some fields like givenname, ou, title. But not other fields like city and State.

 

After playing with it for a while, I tried pulling the data in Powershell and noticed that some fields are stored as text and others are stored as byte arrays

ldap.png

It seems that I can successfully query any of the fields with text in them, and none of the fields with byte arrays work. 

 

If I try and pull the byte array fields I end up with a COM Error

Running LDAP Query....
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@ COM Error Intercepted!
@@   err.description is : Unspecified error
@@   err.windescription : Exception occurred.
@@        err.number is : 80020009
@@     err.lastdllerror : 0
@@       err.scriptline : 215
@@        err.source is : Provider
@@         err.helpfile : 
@@      err.helpcontext : 1240640
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

And here is my code - Line 215 is $oRecordSet = $oComm.Execute() 

$Location = _Ldap_Search("test.user","city","cn")
MsgBox(0,"",$Location)

Func __Ldap_SetQueryString($sSearchVal,$sReturnFields,$sSearchField,$sLdapServer)
    ;Construct LDAP Query String using passed parameters
    $g_sLdap_QueryString = StringFormat("SELECT %s FROM 'LDAP://%s' WHERE %s = '%s'", $sReturnFields,$sLdapServer,$sSearchField,$sSearchVal)
    ;Return "SELECT " & $sReturnFields & " FROM 'LDAP://" & $sLdapServer & "' WHERE " & $sSearchField & " = '" & $sSearchVal & "'"
    Return $g_sLdap_QueryString
EndFunc

Func _Ldap_Search($sSearchVal,$sReturnFields=Default,$sSearchField=Default,$sLdapServer=Default)

    Local Const $DEFAULT_RETURN_FIELDS = "givenName,sn,mail,title,ou"
    Local Const $DEFAULT_SEARCH_FIELD  = "uid"
    Local Const $DEFAULT_LDAP_SERVER   = "ldap.server.com:389"

    ;Set Defaults
    If $sReturnFields = Default Then $sReturnFields = $DEFAULT_RETURN_FIELDS
    if $sSearchField  = Default Then $sSearchField  = $DEFAULT_SEARCH_FIELD
    if $sLdapServer   = Default Then $sLdapServer   = $DEFAULT_LDAP_SERVER

    $g_sLdap_ErrorMessage = ""

    ;Intialize Locals
    Local $oConnection  = ObjCreate("ADODB.Connection")
    Local $oRecordSet   = ObjCreate("ADODB.RecordSet")
    Local $oComm        = ObjCreate("ADODB.Command")
    Local $oRecordSet   = Null
    Local $sQuery       = "", $sUser = ""
    Local $asUsers      = Null                                         ;Will Contain array of Search Criteris (1 or more items)
    Local $iCount       = 0
    Local $asProperties = StringSplit($sReturnFields,",",$STR_NOCOUNT) ;Property Names that will be Returned from LDAP
    Local $asSearchVals = StringSplit($sSearchVal,",",$STR_NOCOUNT)    ;Value(s) that will be used as LDAP Search Criteria

    Local $asReturnVal[0][0]                                           ;2D array returned by func (will redim to match caller spec later)

    ReDim $asReturnVal[UBound($asSearchVals)+1][UBound($asProperties)+1]
    ;Assign search criteria attribute name to element[0][0]
    $asReturnVal[0][0] = $sSearchField

    ;Assign search result attribut names to elements [0][1..n]
    For $i = 1 to UBound($asSearchVals)
        $asReturnVal[$i][0] = $asSearchVals[$i-1]
    Next
    For $j = 1 to UBound($asProperties)
        $asReturnVal[0][$j] = $asProperties[$j-1]
    Next

    ;Setup ADODB objects for LDAP query
    $oConnection.Provider = "ADsDSOObject"
    $oConnection.Open("ADs Provider")
    ;__Ldap_ConsoleWriteLine("Isobj : " & IsObj($oConnection))
    $oComm.ActiveConnection = $oConnection

    ;Prep array for multiple queries
    $asUsers=StringSplit($sSearchVal,",",$STR_NOCOUNT)

    ;Query LDAP with each Search Value
    For $sUser In $asUsers
        $iCount = $iCount + 1
        $sQuery = __Ldap_SetQueryString($sUser,$sReturnFields,$sSearchField,$sLdapServer)
        $oComm.CommandText = $sQuery
        $oComm.Properties.Item("Page Size") = 50
        $oComm.Properties.Item("Timeout") = 30

        $oRecordSet = $oComm.Execute()
        if @error Then
            $g_sLdap_ErrorMessage = "Ldap ERROR: " & "Make sure you are connected to the corporate nextwork."
        Else
            While Not $oRecordSet.EOF

                ;Assign Property Values to 2-D Array
                For $j = 1 to UBound($asReturnVal,2)-1
                    $asReturnVal[$iCount][$j] = $oRecordSet.Fields.Item($asReturnVal[0][$j]).Value[0]
                Next

                $oRecordSet.MoveNext
            WEnd
        EndIf
    Next
    __Ldap_SetSearchResult_FmtArray($asReturnVal)
    __Ldap_SetSearchResult_FmtList($asReturnVal)
    $g_asLdap_SearchResult = $asReturnVal
    Return($asReturnVal)

EndFunc

 

 

Edited by Grasty

Share this post


Link to post
Share on other sites



Also if it helps, I get a similar issue if i do OpenLDAP instead of using the ADO Connection

$LDAP = ObjGet("LDAP://ldap.test.com/cn=test_user,DC=test,DC=com")

MsgBox(0,"",$LDAP.city)

 

"D:\Repo\projects\ldap.au3" (38) : ==> Variable must be of type "Object".:
MsgBox(0,"",$LDAP.city)
MsgBox(0,"",$LDAP^ ERROR

 

Share this post


Link to post
Share on other sites

any ideas? Still havent managed to get this to work. 

Share this post


Link to post
Share on other sites

You need to add a COM error handler to your script.
When ObjGet returns an error the $LDAP is undefined and raises an error when used.

Check the help file for ObjEvent for a COM error handler example.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

I was using an Error Handler, but i replaced it with the one in the help file and i still get the same error

 

    err.number is:         0x80020009
    err.windescription:    Exception occurred.

    err.description is:     Unspecified error
    err.source is:         Provider
    err.helpfile is:     
    err.helpcontext is:     1240640
    err.lastdllerror is:     0
    err.scriptline is:     218
    err.retcode is:     0x80004005

Share this post


Link to post
Share on other sites

Strange. In your OP it crashes at line 38, now the error is shown on line 218 :huh:


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

in the OP it crashes at Line 215 and now 218 ... Its still the same line though ( $oRecordSet = $oComm.Execute()  ). The only difference is when i was trying stuff and removed what i tried i left some extra blank lines in so it shifted that line down 3 lines. 

The file that im using has a bunch of other functions that arent related to the issue im having (and are never called) so i only pasted the relevant code ... so maybe its line 38 in the code i pasted, but its 215 (and now 218) in the file im working with. 

 

Either way the code im using hasnt changed except for a couple extra blank lines that shifted some code downwards. 

Edited by Grasty

Share this post


Link to post
Share on other sites

I was talking about line 38 in post #2.
Nevertheless, HRESULT 0x80020009 is a general error and hard to diagnose.

What's the difference between givenname, ou, title and city or State? A different data type?
Which error message do you get when you query a non existing property like "xyz"?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

Got sidetracked with other stuff and just circling back to this. 

 

Querying the city or state field provides the same error as if you attempt to query a field that doesnt exist

 

and givenname, ou, title are in a normal string format from what i can tell, and city/state are in some kind of binary format like Byte Array or BLOB. There is a powershell screenshot in the original post that shows the city/state/title for examples. For example, if you look at the state field it lists {73 76}, and in powershell if you do [char]73 + [char]76 then it will give you the proper state (IL).

 

But for whatever reason the LDAP Query will not grab that data since it is in that weird binary/byte array/blob format

 

And the code in Post 2 was an attempt to query LDAP using a different method to show that it doesnt work using that simplified method either. That is completely different code than what is in Post 1 and Post 5

 

 

Edited by Grasty

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now