Sign in to follow this  
Followers 0
Radsam

LDAP Attribute Help

11 posts in this topic

Does anyone know how to list all of the GROUPS a user is a member of using LDAP? I need to list in a gui what you would see in the Member Of tab in AD.

Thanks

Share this post


Link to post
Share on other sites



no problem guy ^^

i'm an expert in ADSI now

ok the property memberof is not indexed but you can do two things :

you know the ldap path so you do :

$tmp=objget("LDAP://youruserldappath")
$members=$tmp.getex("memberof")
for $member in $members
consolewrite($member & @cr)
next

oÝ÷ ÚØ^¢Ø^¯²ëÊ¢}ý¶IèÂØ^ºÇ«¥«a²¨¹ÚºÚ"µÍÌÍÛØÛXZ[HØÙ]
    ][ÝÓTËÔÛÝÙI][ÝÊBÌÍÛÛYÛXZ[HH   ÌÍÛØÛXZ[Ù]
    ][ÝÙY][[Z[ØÛÛ^ ][ÝÊBÛØ[    ÌÍÕÙÛXZ[H  ÌÍÛÛYÛXZ[BØØ[    ÌÍÛØÛÛ[X[HØÜX]J ][ÝÐQÑÛÛ[X[    ][ÝÊBSØØ[   ÌÍÛØÛÛXÝ[ÛHØÜX]J  ][ÝÐQÑÛÛXÝ[Û][ÝÊBIÌÍÛØÛÛXÝ[ÛÝYH   ][ÝÐQÑÓÓØXÝ  ][ÝÂIÌÍÛØÛÛXÝ[ÛÜ[
    ][ÝÐXÝ]HXÝÜHÝY][ÝÊBIÌÍÛØÛÛ[X[XÝ]PÛÛXÝ[ÛH ÌÍÛØÛÛXÝ[ÛSØØ[    ÌÍÜÝÙHH    ][ÝÉÓTËÉ][ÝÈ [È ÌÍÕÙÛXZ[   [È ][ÝÉÝÉ][ÝÂSØØ[  ÌÍÜÝ[H  ][ÝÊ  [ÊØXÝØ]YÛÜOÛÛJI][ÝÂSØØ[ ÌÍÜÝ]X]ÈH  ][ÝØÛÐSPXØÛÝ[[YKY[XÙ][ÝÂSØØ[    ÌÍÜÝ]YHH    ÌÍÜÝÙH [È ][ÝÎÉ][ÝÈ  [È ÌÍÜÝ[   [È ][ÝÎÉ][ÝÈ  [È ÌÍÜÝ]X]È   [È ][ÝÎÜÝXYI][ÝÂIÌÍÛØÛÛ[X[ÛÛ[X[^H    ÌÍÜÝ]YBIÌÍÛØÛÛ[X[ÜYÈ
    ][ÝÔYÙHÚ^I][ÝÊHHLIÌÍÛØÛÛ[X[ÜYÊ    ][ÝÔÛÜÛ][ÝÊHH    ][ÝØÛ][ÝÂIÌÍÛØÛÛ[X[ÜYÈ
    ][ÝÕ[Y[Ý]    ][ÝÊHHÌIÌÍÛØÛÛ[X[ÜYÈ
    ][ÝÐØXÚHÝ[É][ÝÊHH[ÙBIÌÍÐQ×ÔÐÓÔWÔÕPQHHIÌÍÛØÛÛ[X[ÜYÈ
    ][ÝÜÙXÚØÛÜI][ÝÊHH  ÌÍÐQ×ÔÐÓÔWÔÕPQBSØØ[ ÌÍÛØXÛÜÙ]H   ÌÍÛØÛÛ[X[^XÝ]BUÚ[HÝ    ÌÍÛØXÛÜÙ]SÑBIÌÍÜÝ[YHH   ÌÍÛØXÛÜÙ]Y[È
    ][ÝØÛ][ÝÊK[YBBIÌÍÜÝÓH ÌÍÛØXÛÜÙ]Y[È
    ][ÝÜÐSPXØÛÝ[[YI][ÝÊK[YBBIÌÍÛY[XÈH   ÌÍÛØXÛÜÙ]Y[È
    ][ÝÛY[XÙ][ÝÊK[YBBYÜ   ÌÍÛY[X[  ÌÍÛY[XÂBXÛÛÛÛ]Ü]J  ÌÍÛY[X   [ÈÜBB[^BIÌÍÛØXÛÜÙ][ÝS^UÑ[

c u

and remember that adsi takes time to understand, so don't worry ^^


-- Arck System _ Soon -- Ideas make everything

"La critique est facile, l'art est difficile"

Projects :

[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list]

Share this post


Link to post
Share on other sites

Thank you arcker, this works great! I used the first example and I was able to list the groups in my app. This is great.

Thanks

Share this post


Link to post
Share on other sites

arcker, would you know how to lookup Computer objects? In particular the "Fully qualified domain name of object". It would be nice to lookup other attributes of computers but at least the above item would be a great place to start.

Thanks

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

e.g.:

Local $strFilter = "(&(objectCategory=computer)(objectClass=computer)(Name=" & $l_PCName & "*))"
Edited by JdeB

Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

arcker, thanks for the example scripts. Respectfully, isn't your COM example for the user missing a filter for the username? Something like changing this:

Local $strFilter = "(&(objectCategory=person))"
oÝ÷ Ûú®¢×­¢Øb±«­¢+Ù1½°ÀÌØíÍÑÉ¥±ÑÈôÅÕ½Ðì µÀ졽©Ñ
ѽÉäõÁÉͽ¸¤¡9µôÅÕ½ÐìµÀìUÍÉ9µµÀìÅÕ½Ðì¤ÅÕ½Ðì

Or am I totally missing something? It looks like your script will return all group names for all users. I don't have a domain that I can test on right now to see.


BlueBearrOddly enough, this is what I do for fun.

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

Or am I totally missing something? It looks like your script will return all group names for all users. I don't have a domain that I can test on right now to see.

Correct, It wll return all person records showing the groups for each.

:whistle:

Edited by JdeB

Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

Your example works great, however, when I try to lookup other info like "operatingSystemVersion", I get the following error:

The requested action with this object has failed.: 
$strtest = $objRecordSet.Fields ("operatingSystemVersion").value 
$strtest = $objRecordSet.Fields ("operatingSystemVersion")^ ERROR
>AutoIT3.exe ended.

Here is the code: (I am entering a valid Domain and PC name for the variables)

$UserDomain = "some domain"
$l_PCName = "some PC name"
Dim $Counter
Dim $H2_Search


Local $objCommand = ObjCreate("ADODB.Command")
Local $objConnection = ObjCreate("ADODB.Connection")
$objConnection.Provider = "ADsDSOObject"
$objConnection.Open ("Active Directory Provider")
$objCommand.ActiveConnection = $objConnection
Local $strBase = "<LDAP://" & $UserDomain & ">"
Local $strFilter = "(&(objectCategory=computer)(objectClass=computer)(Name=" & $l_PCName & "*))"
Local $strAttributes = "cn,Name,displayName,sn,distinguishedName"
Local $strQuery = $strBase & ";" & $strFilter & ";" & $strAttributes & ";subtree"
$objCommand.CommandText = $strQuery
$objCommand.Properties ("Page Size") = 100
$objCommand.Properties ("Timeout") = 30
$objCommand.Properties ("Cache Results") = False
$ADS_SCOPE_SUBTREE = 2
$objCommand.Properties ("searchscope") = $ADS_SCOPE_SUBTREE
Local $objRecordSet = $objCommand.Execute
While Not $objRecordSet.EOF
    $strName = $objRecordSet.Fields ("Name").Value
    $strCN = $objRecordSet.Fields ("cn").value
    $strdisplayName = $objRecordSet.Fields ("displayName").value
    $strSN = $objRecordSet.Fields ("SN").value
    $strdistinguishedName = $objRecordSet.Fields ("distinguishedName").value
    $strtest = $objRecordSet.Fields ("operatingSystemVersion").value
    $Counter = $Counter + 1
    If $Counter = 2 Then GUISetState(@SW_SHOW, $H2_Search)
    If $Counter > 500 Then ExitLoop
    MsgBox(0,"", $strtest)
    ConsoleWrite($strName & "|" & $strCN & "|" & $strdistinguishedName & @LF)
    $objRecordSet.MoveNext
WEnd
$objConnection.Close
$objConnection = ""
$objCommand = ""
$objRecordSet = ""

Share this post


Link to post
Share on other sites

Your example works great, however, when I try to lookup other info like "operatingSystemVersion", I get the following error:

Local $strAttributes = "cn,Name,displayName,sn,distinguishedName"
You need to tell your query which fields you want to work with .... :whistle:

Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

Duh! Posted to quickly. :">

What about the groups the computer is a member of? Would I use something like this?

$sMembers = $objRecordSet.getex("memberof")
For $sMember in $sMembers
    $sMember = StringReplace($sMember, "CN=", "")
    $n1 = StringInStr($sMember, ",")
    $sMember = StringLeft($sMember, $n1 - 1)
    $sMemberOf = $sMemberOf & $sMember & "|"
Next
MsgBox(0,"", $sMemberOf)

Share this post


Link to post
Share on other sites

sorry for the mistakes ^^

i just have pasted some codes without verifying

so, computer member of ? i didn't know it is possible ^^

but your script looks good

the better way is to test it ^^

@Jdeb, good job man, your _enumusers was my first point of depart

now, why did i use objectcategory instead of objectclass too ?

the point is on the MSDN. Objectcategory is indexed in ADO, while objectclass not

so it is faster to search on category

ok, we just gain 1-10 ms in the search, but more, the database less work for the type of request

so...

sorry i've not seen for the "name"

don't use the "name" attribute if possible, because it's return "cn="

use the "cn" attribute, better


-- Arck System _ Soon -- Ideas make everything

"La critique est facile, l'art est difficile"

Projects :

[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list]

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0