|
Frequently Asked
Questions For JustLDAP Search Functions
1.
What attributes can I query for?
2.
How do I extract multivalued
attributes like "description" and "directReports" etc. ?
3.
In what order are the
attributes returned in the recordset?
4.
ASP and
VBScript give errors when I try to print date/time attributes -
why?
5.
How do I call JustLDAP from my ASP.NET C#
page?
6.
How do I search for users in a specific OU
(Organizational Unit)?
1. What attributes can I query for?
A Windows 2000/2003 Active Directory
default installation provides a large number of "user" class attributes. JustLDAP is designed to query the entire
"user" Object class space.
The most common organizational attributes
are those that are directly modifiable by using the MMC Active Directory
Users and Computers "snap-in". The attributes that pertain to a
user (employee) can be entered and modified using this "snap-in"
or by the administrative functions of JustLDAP.
For a complete list of all user attributes
that JustLDAP can display, simply run the following VB script on a computer in your Active
Directory domain. A text file called attributesAll.txt should be
created.
Available in
this file if you would like to
have a quick preview of a bare Windows 2003 Active Directory
installation.
NOTE: Change the domain
yourdomain.com to your actual DNS domain
name.
'
VBScript to print all user class attributes
Option Explicit
Dim oClass, PropName, fso, ts
Const ForWriting = 2
Set fso =
CreateObject("Scripting.FileSystemObject")
Set ts =
fso.OpenTextFile("attributesAll.txt", ForWriting,
True)
Set oClass = GetObject("LDAP://yourdomain.com/schema/user")
For Each PropName
In oClass.MandatoryProperties
ts.Writeline PropName
Next
For Each PropName
In oClass.OptionalProperties
ts.Writeline PropName
Next
ts.close
Set oClass=Nothing
Set fso=Nothing
|
The attributes that are available
with a new installation of Microsoft Windows 2003 Enterprise
Server as a Domain Controller are listed in
this file. Note this is a
bare default installation and your actual schema may have many
more custom attributes. NOTE: Extensive schema extensions also result
from installing add on products such as Exchange Server.
2. How do I extract multivalued
attributes like "description" and "directReports" etc. ?
For these multivalued
attributes, simply add a "For Each" / "Next"
ASP construct as shown in the ASP Web Page sample below.
The "description" is a
multivalued attribute and requires the "For Each" / "Next"
construct to iterate through each value. See the bold
text below.
<html>
<head>
</head>
<body>
<%
Dim oLdap, oRS, Webuser, User, UserArray, ReturnedDetails
WebUser = Request.ServerVariables("LOGON_USER")
UserArray = split(WebUser, "\")
User = UserArray(Ubound(UserArray))
Set oLdap = Server.CreateObject("JustLDAP.Admin")
Set oRS = oLdap.Lookup("sAMAccountName", User, "description")
If Not isNull(oRS) then
ReturnedDetails = oRS.GetRows
End If
Response.Write("<br>")
For Each element in ReturnedDetails(0, 0)
Response.Write(element) & "<br>"
Next
Response.Write("<hr>")
Set oRS = Nothing
Set oLdap = Nothing
%>
</body>
</html>
|
3. In what order are the
attributes returned in the recordset?
Attributes are returned in the
same order that you pass them as parameter 3 in the JustLDAP
methods.
4. ASP and
VBScript give errors when I try to print date/time attributes -
why?
Attributes that represent date
and time values for a user, such as "lastLogon" are not directly
printable by VB / ASP / ASP.NET.
This is not a problem with
JustLDAP, rather, it is the way that these attributes are
returned from any LDAP query.
They are in fact returned as a
large integer representing the number of 100 Nanosecond
intervals since 1st January 1601.
The following code will print a
date time value. The returned date value must first be created
as an object, then the ADSI functions Highpart / Lowpart can be
used to extract a printable date and time.
For further information see:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adsi/adsi/iadslargeinteger.asp
Note, no allowance has been
made for the time zone. Also, user time values are not
replicated throughout the domain! This means that a value
such as lastLogon needs to be derived by asking all
Domain Controllers for the value and selecting the most recent!
<html>
<head>
</head>
<body>
<%
Dim oLdap, oRS, Webuser, User, UserArray, ReturnedDetails
WebUser = Request.ServerVariables("LOGON_USER")
UserArray = split(WebUser, "\")
User = UserArray(Ubound(UserArray))
Set oLdap = Server.CreateObject("JustLDAP.Admin")
Set oRS = oLdap.Lookup("sAMAccountName", User, "lastLogon")
If Not isNull(oRS) then
ReturnedDetails = oRS.GetRows
End If
Response.Write("<br>")
Set objDate = ReturnedDetails(0, 0)
longHigh = objDate.HighPart
longLow = objDate.LowPart
If longLow < 0 Then
longHigh = longHigh + 1
End If
If (longHigh = 0) And (longLow = 0 ) Then
ActualDate = #1/1/1601#
Else
ActualDate = #1/1/1601# + (((longHigh * (2 ^ 32)) + longLow)/600000000)/1440
End If
Response.Write(ActualDate) & "<br>"
Response.Write("<hr>")
Set oRS = Nothing
Set oLdap = Nothing
%>
</body>
</html>
|
5. How do I call JustLDAP from my ASP.NET
C# page? JustLDAP is more easily
called by using VB.NET with ASP.NET. The code is almost
identical to an ASP page.
However C# can also be used. Extra steps are required.
First - make sure you have installed the
MDAC 2.8 (or higher) package - a free download from Microsoft.
Second - make a 'reference' to
justldap.dll in your Visual Studio (C# ASP.NET) project.
(NOTE: A reference to ADODB will
automatically be added also.)
Simply call JustLDAP as you would
in ASP. The following code shows how to declare the JustLDAP
component, and the fact that it is returning an ADODB recordset.
This is shown in the Page_Load
method for the ASP.NET Webform.
NOTE:
'justldap' is in lower case to match the DLL component
reference.
// A simple example in
C# code for an ASP.NET page is shown below.
// Create a class object and Recordset as shown.
// (Assuming ShowEmail is an ASP.NET Web page Label).
private void Page_Load(object
sender, System.EventArgs e)
{
justldap.AdminClass objLdap = new
justldap.AdminClass();
ADODB.Recordset Rs = new ADODB.Recordset();
Rs = objLdap.Lookup("sAMAccountName", "bobuser", "sn, employeeID, mail");
// This would return the user email
address.
// Here we are directly indexing to the Recordset field required (2).
ShowEmail.Text = Rs.Fields[2].Value.ToString();
}
|
6. How do I target searching for users in a
specific OU?
The
often "forgotten child" of LDAP search results is the
extremely handy attribute, the ADsPath for the user!
JustLDAP is designed to shield you from the complex and weird
syntax that can be found in items such as a users Full
Distinguished Name and their ADsPath.
However, the ADsPath has the formal LDAP path for any user
object you search for and can be very useful. For example, if
you search for a loginID "janeuser" and, because the loginID
(sAMAccountName) is unique in the entire domain, you can
retrieve her exact ADsPath. A JustLDAP lookup query like this:
Set oRS =
oLdap.Lookup("sAMAccountName", "janeuser", "ADsPath")
Will return this string:
LDAP://CN=Jane
User,OU=Canada,OU=Sales,DC=easterndigital,DC=biz
So, a simple script to filter out (or in) the Canada OU could
look like this.
' A simple example in
VBScript to print out every users ADsPath for the
' Canada OU.
' A scan of the entire domain is performed.
Option Explicit
Dim oLdap,
UserID, oRS, item
Set oLdap =
CreateObject("JustLDAP.Admin")
Set oRS = oLdap.Lookup("sAMAccountName",
"*", "ADsPath")
If Not IsNull(oRS) Then
While Not oRS.EOF
For Each Item In oRS.Fields
If Not IsNull(Item.Value) Then
If InStr(Item.Value, "OU=Canada") > 0 Then
Wscript.Echo(Item.Value)
End If
End If
Next
oRS.MoveNext
Wend
End If
Set oRS = Nothing
Set oLdap = Nothing
|
As you can see, the script could easily be enhanced to filter
all OU's in your corporation and select only the ones you want.
This needn't be done very often if you have a stable Active
Directory.
|
