How do i produce a group im a member of in Active Directory using VB/ASP
Hi All, i think im pretty close but i cant seem to get the syntax right or something. Below is the code for my ASP page. What happens is that when a user runs it, it will grab the userName, first and lastname, email, etc. If the user is part of 5 different groups, and i want only GroupA and GroupB to post, i need to specify that somehow in my code but unfortunately what i have below is as far as i have got. I have attached my full ASP code and have attached an image of the current output i get. What i did was put in the syntax "primarygroupID" just to test, its not what i need.
Any help would be much appreciated, or if I need to clarify something let me know.
Thank you in advance!
Any help would be much appreciated, or if I need to clarify something let me know.
Thank you in advance!
<%Option Explicit%>
<%
'On Error Resume Next
'variables declared
dim formAction, logoutUrl, errorUrl, securityKey
dim email, firstName, lastName, userName, groups
Dim sDNSDomain, sFilter, sQuery, sDN
Dim oConnection, oCommand, oRS, oUser
Dim activeDirectoryUser, activeDirectoryPassword
Dim ldapIp
Dim Group1, Group2, Group3, Group4, Group5
'''''''''''''''''' FILL THESE OUT ''''''''''''''''''''''
formAction = "http://sus1.rapidtraining.com/lms/sso/"
logoutUrl = "http://susaspweb/sso/originalasp.asp"
errorUrl = "http://susaspweb/sso/matt.aspx?error={0}"
securityKey = "A701D3BAE6EE964245BE7794B6814DFD063036B4BED7028B"
activeDirectoryUser = "SUSINC\training" 'should be format domain\username (example: microsoft\bgates)
activeDirectoryPassword = "****"
ldapIp = "172.20.2.5:389" 'the IP address and port of your LDAP server
sDNSDomain = "DC=susinc,DC=ad" 'example: DC=microsoft,DC=com
'''''''''''''''''' END FILL THESE OUT ''''''''''''''''''''''
'acquire user information
userName=Request("AUTH_USER")
'set the ldap query string for ado
Set oConnection = CreateObject("ADODB.Connection")
Set oCommand = CreateObject("ADODB.Command")
oConnection.Provider = "ADsDSOOBject"
'The user to run the LDAP query as. Doesn't need any special privileges
oConnection.Properties("User ID") = activeDirectoryUser
oConnection.Properties("password")= activeDirectoryPassword
oConnection.Open "Active Directory Provider"
Set oCommand.ActiveConnection = oConnection
if InStr(1,userName, "\") then
userName = Mid(userName, InStr(1,userName, "\")+1)
end if
sFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" & userName & ")(memberOf=CN=WhatsupGold,OU=Users,OU=Information Technology,OU=Support Services,DC=susinc,DC=ad));primarygroupID,givenName,sn,mail,distinguishedName;subtree"
sQuery = "<LDAP://" & ldapIp & "/" & sDNSDomain & ">;" & sFilter & ";DistinguishedName;subtree"
oCommand.CommandText = sQuery
oCommand.Properties("Timeout") = 30
Set oRS = oCommand.Execute
if not oRS.EOF then
email = oRS.Fields("mail")
firstName = oRS.Fields("givenName")
lastName = oRS.Fields("sn")
Group1 = oRS.Fields("primarygroupID")
Set oUser = nothing
end if
oRS.Close
Set oRS=Nothing
oConnection.Close
Set oCommand = Nothing
Set oConnection = Nothing
%>
</SCRIPT>
<html>
<head>
<META http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title><%Request.ServerVariables("SERVER_NAME") %></title>
<style type="text/css">
<!--
TD {
color: #000000;
background-color: #FFFFFF;
font-family: Verdana, Arial;
font-size: 12px;
}
HR {
height: 1px;
color: #A52A25;
}
.row {
font-size: 10px;
}
.header {
color: #555555;
background-color: #F4F4F4;
border:1px solid #555555;
}
.alert {9:47 AM 11/15/2005
padding:20px;
color: #000000;
font-family: Verdana, Arial;
font-size: 10px;
font-weight: bold;
}
.formbutton {
color: #000000;
background-color: #F4F4F4;
font-family: Verdana, Arial;
font-size: 10px;
text-transform: uppercase;
width: 120px;
height: 24px;
}
-->
</style>
</head>
<body>
<table>
<tr>
<td style="padding-bottom:10px">
<font size="4" color="#A52A25">Single Sign-on Test</font>
<td>
</tr>
<% if not IsEmpty(Request.QueryString("error")) then %>
<tr>
<td>
Response from the server:<br><br>
<span class="alert">
<%= Request.QueryString("error") %>
</span>
</td>
</tr>
<tr>
<td style="padding-top:10px;padding-bottom:20px">
<span class="alert">
<input class="formbutton" type="button" value="okay"
onclick="location.href='sso.asp'">
</span>
</td>
</tr>
<% end if %>
<tr>
<td>
The following form parameters will be POSTED to the server:
</td>
</tr>
</table>
<table border="0" cellpadding="5" cellspacing="2"
style="border:1px solid #A52A25;margin:20px">
<!-- FORM BEGINS HERE -->
<form action="<%= formAction %>" method="post">
<!-- TABLE HEADER -->
<tr>
<td width="200" class="row header">
request parameter
</td>
<td width="120" class="row header">
form value
</td>
<td class="row header">
req. (y/n)
</td>
</tr>
<!-- USER ID -->
<tr>
<td class="row">
user.id
</td>
<td class="row">
<%= userName %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- FIRST NAME -->
<tr>
<td class="row">
user.first.name
</td>
<td class="row">
<%= firstName %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- LAST NAME -->
<tr>
<td class="row">
user.last.name
</td>
<td class="row">
<%= lastName %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- EMAIL -->
<tr>
<td class="row">
user.email
</td>
<td class="row">
<%= email %>
</td>
<td align="center" class="row">
n
</td>
</tr>
<!-- GROUPS -->
<tr>
<td class="row">
user.group.name
</td>
<td class="row">
<%= Group1 %>
</td>
<td align="center" class="row">
n
</td>
</tr>
<!-- DIVIDER -->
<tr>
<td colspan="3" style="padding:0px">
<hr>
</td>
</tr>
<!-- SECURITY KEY -->
<tr>
<td class="row">
security.key
</td>
<td class="row">
<%= securityKey %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- ERROR URL -->
<tr>
<td class="row">
security.error.url
</td>
<td class="row">
<%= errorUrl %>
</td>
<td align="center" class="row">
n
</td>
</tr>
<!-- LOGOUT URL -->
<tr>
<td class="row" style="padding-bottom:15px">
security.logout.url
</td>
<td class="row" style="padding-bottom:15px">
<%= logoutUrl %>
</td>
<td align="center" class="row" style="padding-bottom:15px">
n
</td>
</tr>
<tr>
<td colspan="3" align="right">
<input class="formbutton" type="submit" value="login">
</td>
</tr>
<% if not IsEmpty(email) Then %>
<input name="user.email" type="hidden" value="<%= email %>">
<% end if %>
<input name="security.key" type="hidden" value="<%= securityKey %>">
<input name="security.error.url" type="hidden" value="<%= errorUrl %>">
<input name="security.logout.url" type="hidden" value="<%= logoutUrl %>">
<input name="user.id" type="hidden" value="<%= userName %>">
<input name="user.first.name" type="hidden" value="<%= firstName %>">
<% if not IsEmpty(lastName) Then %>
<input name="user.last.name" type="hidden" value="<%= lastName %>">
<% end if %>
</form>
<!-- FORM ENDS HERE -->
</table>
</body>
</html>ASKER
Hi Rob, thanks for the reply! So now that i am understanding this better, i used the code above in my ASP page and im able to run the page without errors. Now the question becomes how do i post to my form those 2 groups if i am a member of them? Again, im not sure how to write that.
See updated code below:
See updated code below:
<%Option Explicit%>
<%
'On Error Resume Next
'variables declared
dim formAction, logoutUrl, errorUrl, securityKey
dim email, firstName, lastName, userName, groups
Dim sDNSDomain, sFilter, sQuery, sDN
Dim oConnection, oCommand, oRS, oUser
Dim activeDirectoryUser, activeDirectoryPassword
Dim ldapIp
Dim Group1, Group2, Group3, Group4, Group5
'''''''''''''''''' FILL THESE OUT ''''''''''''''''''''''
formAction = "http://sus1.rapidtraining.com/lms/sso/"
logoutUrl = "http://susaspweb/sso/originalasp.asp"
errorUrl = "http://susaspweb/sso/matt.aspx?error={0}"
securityKey = "A701D3BAE6EE964245BE7794B6814DFD063036B4BED7028B"
activeDirectoryUser = "SUSINC\training" 'should be format domain\username (example: microsoft\bgates)
activeDirectoryPassword = "*****"
ldapIp = "172.20.2.5:389" 'the IP address and port of your LDAP server
sDNSDomain = "DC=susinc,DC=ad" 'example: DC=microsoft,DC=com
'''''''''''''''''' END FILL THESE OUT ''''''''''''''''''''''
'acquire user information
userName=Request("AUTH_USER")
'set the ldap query string for ado
Set oConnection = CreateObject("ADODB.Connection")
Set oCommand = CreateObject("ADODB.Command")
oConnection.Provider = "ADsDSOOBject"
'The user to run the LDAP query as. Doesn't need any special privileges
oConnection.Properties("User ID") = activeDirectoryUser
oConnection.Properties("password")= activeDirectoryPassword
oConnection.Open "Active Directory Provider"
Set oCommand.ActiveConnection = oConnection
if InStr(1,userName, "\") then
userName = Mid(userName, InStr(1,userName, "\")+1)
end if
sFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" & userName & ")(|(memberOf=CN=WhatsupGold,OU=Users,OU=Information Technology,OU=Support Services,DC=susinc,DC=ad)(memberOf=CN=app-FEZ,OU=Users,DC=susinc,DC=ad)));primarygroupID,givenName,sn,mail,distinguishedName;subtree"
sQuery = "<LDAP://" & ldapIp & "/" & sDNSDomain & ">;" & sFilter & ";DistinguishedName;subtree"
oCommand.CommandText = sQuery
oCommand.Properties("Timeout") = 30
Set oRS = oCommand.Execute
if not oRS.EOF then
email = oRS.Fields("mail")
firstName = oRS.Fields("givenName")
lastName = oRS.Fields("sn")
Set oUser = nothing
end if
oRS.Close
Set oRS=Nothing
oConnection.Close
Set oCommand = Nothing
Set oConnection = Nothing
%>
</SCRIPT>
<html>
<head>
<META http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title><%Request.ServerVariables("SERVER_NAME") %></title>
<style type="text/css">
<!--
TD {
color: #000000;
background-color: #FFFFFF;
font-family: Verdana, Arial;
font-size: 12px;
}
HR {
height: 1px;
color: #A52A25;
}
.row {
font-size: 10px;
}
.header {
color: #555555;
background-color: #F4F4F4;
border:1px solid #555555;
}
.alert {9:47 AM 11/15/2005
padding:20px;
color: #000000;
font-family: Verdana, Arial;
font-size: 10px;
font-weight: bold;
}
.formbutton {
color: #000000;
background-color: #F4F4F4;
font-family: Verdana, Arial;
font-size: 10px;
text-transform: uppercase;
width: 120px;
height: 24px;
}
-->
</style>
</head>
<body>
<table>
<tr>
<td style="padding-bottom:10px">
<font size="4" color="#A52A25">Single Sign-on Test</font>
<td>
</tr>
<% if not IsEmpty(Request.QueryString("error")) then %>
<tr>
<td>
Response from the server:<br><br>
<span class="alert">
<%= Request.QueryString("error") %>
</span>
</td>
</tr>
<tr>
<td style="padding-top:10px;padding-bottom:20px">
<span class="alert">
<input class="formbutton" type="button" value="okay"
onclick="location.href='sso.asp'">
</span>
</td>
</tr>
<% end if %>
<tr>
<td>
The following form parameters will be POSTED to the server:
</td>
</tr>
</table>
<table border="0" cellpadding="5" cellspacing="2"
style="border:1px solid #A52A25;margin:20px">
<!-- FORM BEGINS HERE -->
<form action="<%= formAction %>" method="post">
<!-- TABLE HEADER -->
<tr>
<td width="200" class="row header">
request parameter
</td>
<td width="120" class="row header">
form value
</td>
<td class="row header">
req. (y/n)
</td>
</tr>
<!-- USER ID -->
<tr>
<td class="row">
user.id
</td>
<td class="row">
<%= userName %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- FIRST NAME -->
<tr>
<td class="row">
user.first.name
</td>
<td class="row">
<%= firstName %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- LAST NAME -->
<tr>
<td class="row">
user.last.name
</td>
<td class="row">
<%= lastName %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- EMAIL -->
<tr>
<td class="row">
user.email
</td>
<td class="row">
<%= email %>
</td>
<td align="center" class="row">
n
</td>
</tr>
<!-- GROUPS -->
<tr>
<td class="row">
user.group.name
</td>
<td class="row">
<%= Group1 %>
</td>
<td align="center" class="row">
n
</td>
</tr>
<!-- DIVIDER -->
<tr>
<td colspan="3" style="padding:0px">
<hr>
</td>
</tr>
<!-- SECURITY KEY -->
<tr>
<td class="row">
security.key
</td>
<td class="row">
<%= securityKey %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- ERROR URL -->
<tr>
<td class="row">
security.error.url
</td>
<td class="row">
<%= errorUrl %>
</td>
<td align="center" class="row">
n
</td>
</tr>
<!-- LOGOUT URL -->
<tr>
<td class="row" style="padding-bottom:15px">
security.logout.url
</td>
<td class="row" style="padding-bottom:15px">
<%= logoutUrl %>
</td>
<td align="center" class="row" style="padding-bottom:15px">
n
</td>
</tr>
<tr>
<td colspan="3" align="right">
<input class="formbutton" type="submit" value="login">
</td>
</tr>
<% if not IsEmpty(email) Then %>
<input name="user.email" type="hidden" value="<%= email %>">
<% end if %>
<input name="security.key" type="hidden" value="<%= securityKey %>">
<input name="security.error.url" type="hidden" value="<%= errorUrl %>">
<input name="security.logout.url" type="hidden" value="<%= logoutUrl %>">
<input name="user.id" type="hidden" value="<%= userName %>">
<input name="user.first.name" type="hidden" value="<%= firstName %>">
<% if not IsEmpty(lastName) Then %>
<input name="user.last.name" type="hidden" value="<%= lastName %>">
<% end if %>
</form>
<!-- FORM ENDS HERE -->
</table>
</body>
</html>
Hi, sorry for my delay. I'm not sure what you want to display if you are a member, as opposed to if you are not a member, but you could change this:
<input class="formbutton" type="submit" value="login">
to something like
<% if firstName <> "" then %>
<input class="formbutton" type="submit" value="login">
<% else %>
You are not authorised to log on
<% end if %>
Regards,
Rob.
<input class="formbutton" type="submit" value="login">
to something like
<% if firstName <> "" then %>
<input class="formbutton" type="submit" value="login">
<% else %>
You are not authorised to log on
<% end if %>
Regards,
Rob.
Or if you wanted it to automatically log on, try something like redirecting to the full URL:
<% if firstName <> "" then
response.redirect "http://http://sus1.rapidtraining.com/lms/sso/?firstname=" & firstname & "&lastname=" & lastName
else %>
You are not authorised to log on
<% end if %>
but change the URL to whatever you need.
Regards,
Rob.
<% if firstName <> "" then
response.redirect "http://http://sus1.rapidtraining.com/lms/sso/?firstname=" & firstname & "&lastname=" & lastName
else %>
You are not authorised to log on
<% end if %>
but change the URL to whatever you need.
Regards,
Rob.
ASKER
Hi Rob, thanks again for the reply. I definitely want to display the group if i am a member of it. However I need to know that the syntax is correct for the query with AD in order to look for the groups. If that is correct, what i'll need to do is declare "GroupA", "GroupB", etc. So basically if im part of GroupA and GroupB, it will post them both to my form using the below format. I would like to test with 1 group first, can you help me in determining if the query is right first? If i can get 1 group that i am a member of to post to my form, then i can slowly work on getting this to work with multiple groups.
Thank you!
Thank you!
<td class="row">
user.group.name
</td>
<td class="row">
<%= GroupA %>
</td>
<td class="row">
user.group.name
</td>
<td class="row">
<%= GroupB %>
</td>
OK, how about we try something rather different?
Instead of using one query to check for membership in both groups, I've added a dictionary object where you specify each group DN you need to check.
A single query is performed for each group, and the dictionary will set a flag if the user is a member of each. Then, when outputting the groups further down, it will check if the flag specifies whether they are a member of each, and display it.
Regards,
Rob.
Instead of using one query to check for membership in both groups, I've added a dictionary object where you specify each group DN you need to check.
A single query is performed for each group, and the dictionary will set a flag if the user is a member of each. Then, when outputting the groups further down, it will check if the flag specifies whether they are a member of each, and display it.
Regards,
Rob.
<%Option Explicit%>
<%
'On Error Resume Next
'variables declared
dim formAction, logoutUrl, errorUrl, securityKey
dim email, firstName, lastName, userName, groups
Dim sDNSDomain, sFilter, sQuery, sDN
Dim oConnection, oCommand, oRS
Dim activeDirectoryUser, activeDirectoryPassword
Dim ldapIp
Dim dctGroups, strGroupDN
Set dctGroups = CreateObject("Scripting.Dictionary")
'''''''''''''''''' FILL THESE OUT ''''''''''''''''''''''
formAction = "http://sus1.rapidtraining.com/lms/sso/"
logoutUrl = "http://susaspweb/sso/originalasp.asp"
errorUrl = "http://susaspweb/sso/matt.aspx?error={0}"
securityKey = "A701D3BAE6EE964245BE7794B6814DFD063036B4BED7028B"
activeDirectoryUser = "SUSINC\training" 'should be format domain\username (example: microsoft\bgates)
activeDirectoryPassword = "*****"
ldapIp = "172.20.2.5:389" 'the IP address and port of your LDAP server
sDNSDomain = "DC=susinc,DC=ad" 'example: DC=microsoft,DC=com
dctGroups.Add "CN=WhatsupGold,OU=Users,OU=Information Technology,OU=Support Services,DC=susinc,DC=ad", 0
dctGroups.Add "CN=app-FEZ,OU=Users,DC=susinc,DC=ad", 0
'''''''''''''''''' END FILL THESE OUT ''''''''''''''''''''''
'acquire user information
userName=Request("AUTH_USER")
'set the ldap query string for ado
Set oConnection = CreateObject("ADODB.Connection")
Set oCommand = CreateObject("ADODB.Command")
oConnection.Provider = "ADsDSOOBject"
'The user to run the LDAP query as. Doesn't need any special privileges
oConnection.Properties("User ID") = activeDirectoryUser
oConnection.Properties("password")= activeDirectoryPassword
oConnection.Open "Active Directory Provider"
Set oCommand.ActiveConnection = oConnection
if InStr(1,userName, "\") then
userName = Mid(userName, InStr(1,userName, "\")+1)
end if
For Each strGroupDN In dctGroups
sFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" & userName & ")(memberOf=" & strGroupDN & "));primarygroupID,givenName,sn,mail,distinguishedName;subtree"
sQuery = "<LDAP://" & ldapIp & "/" & sDNSDomain & ">;" & sFilter & ";DistinguishedName;subtree"
oCommand.CommandText = sQuery
oCommand.Properties("Timeout") = 30
Set oRS = oCommand.Execute
if not oRS.EOF then
email = oRS.Fields("mail")
firstName = oRS.Fields("givenName")
lastName = oRS.Fields("sn")
dctGroups(strGroupDN) = 1
end if
oRS.Close
Set oRS=Nothing
Next
oConnection.Close
Set oCommand = Nothing
Set oConnection = Nothing
%>
</SCRIPT>
<html>
<head>
<META http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title><%Request.ServerVariables("SERVER_NAME") %></title>
<style type="text/css">
<!--
TD {
color: #000000;
background-color: #FFFFFF;
font-family: Verdana, Arial;
font-size: 12px;
}
HR {
height: 1px;
color: #A52A25;
}
.row {
font-size: 10px;
}
.header {
color: #555555;
background-color: #F4F4F4;
border:1px solid #555555;
}
.alert {9:47 AM 11/15/2005
padding:20px;
color: #000000;
font-family: Verdana, Arial;
font-size: 10px;
font-weight: bold;
}
.formbutton {
color: #000000;
background-color: #F4F4F4;
font-family: Verdana, Arial;
font-size: 10px;
text-transform: uppercase;
width: 120px;
height: 24px;
}
-->
</style>
</head>
<body>
<table>
<tr>
<td style="padding-bottom:10px">
<font size="4" color="#A52A25">Single Sign-on Test</font>
<td>
</tr>
<% if not IsEmpty(Request.QueryString("error")) then %>
<tr>
<td>
Response from the server:<br><br>
<span class="alert">
<%= Request.QueryString("error") %>
</span>
</td>
</tr>
<tr>
<td style="padding-top:10px;padding-bottom:20px">
<span class="alert">
<input class="formbutton" type="button" value="okay"
onclick="location.href='sso.asp'">
</span>
</td>
</tr>
<% end if %>
<tr>
<td>
The following form parameters will be POSTED to the server:
</td>
</tr>
</table>
<table border="0" cellpadding="5" cellspacing="2"
style="border:1px solid #A52A25;margin:20px">
<!-- FORM BEGINS HERE -->
<form action="<%= formAction %>" method="post">
<!-- TABLE HEADER -->
<tr>
<td width="200" class="row header">
request parameter
</td>
<td width="120" class="row header">
form value
</td>
<td class="row header">
req. (y/n)
</td>
</tr>
<!-- USER ID -->
<tr>
<td class="row">
user.id
</td>
<td class="row">
<%= userName %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- FIRST NAME -->
<tr>
<td class="row">
user.first.name
</td>
<td class="row">
<%= firstName %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- LAST NAME -->
<tr>
<td class="row">
user.last.name
</td>
<td class="row">
<%= lastName %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- EMAIL -->
<tr>
<td class="row">
user.email
</td>
<td class="row">
<%= email %>
</td>
<td align="center" class="row">
n
</td>
</tr>
<!-- GROUPS -->
<% For Each strGroupDN In dctGroups %>
<tr>
<td class="row" colspan="2">
<% strGroupDN %>
</td>
<td class="row">
<% If dctGroups(strGroupDN) = 1 Then %>
y
<% Else %>
n
<% End If %>
</td>
</tr>
<% Next %>
<!-- DIVIDER -->
<tr>
<td colspan="3" style="padding:0px">
<hr>
</td>
</tr>
<!-- SECURITY KEY -->
<tr>
<td class="row">
security.key
</td>
<td class="row">
<%= securityKey %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- ERROR URL -->
<tr>
<td class="row">
security.error.url
</td>
<td class="row">
<%= errorUrl %>
</td>
<td align="center" class="row">
n
</td>
</tr>
<!-- LOGOUT URL -->
<tr>
<td class="row" style="padding-bottom:15px">
security.logout.url
</td>
<td class="row" style="padding-bottom:15px">
<%= logoutUrl %>
</td>
<td align="center" class="row" style="padding-bottom:15px">
n
</td>
</tr>
<tr>
<td colspan="3" align="right">
<input class="formbutton" type="submit" value="login">
</td>
</tr>
<% if not IsEmpty(email) Then %>
<input name="user.email" type="hidden" value="<%= email %>">
<% end if %>
<input name="security.key" type="hidden" value="<%= securityKey %>">
<input name="security.error.url" type="hidden" value="<%= errorUrl %>">
<input name="security.logout.url" type="hidden" value="<%= logoutUrl %>">
<input name="user.id" type="hidden" value="<%= userName %>">
<input name="user.first.name" type="hidden" value="<%= firstName %>">
<% if not IsEmpty(lastName) Then %>
<input name="user.last.name" type="hidden" value="<%= lastName %>">
<% end if %>
</form>
<!-- FORM ENDS HERE -->
</table>
</body>
</html>ASKER
Rob, this is amazing thank you so much for taking the time in helping me out. When i run the code im getting a "Type Mismatch" on line 223 which is <% StrGroupDN %>. Now, i have adjusted this section slightly as you can see in my code post. The form Value column can only accept 1 group, if i am part of multiple groups then it needs to post to another row. However that can wait until we at least get one group to populate...
I also attached a screen shot of my output in case you need to reference that briefly.
Thanks Rob!
I also attached a screen shot of my output in case you need to reference that briefly.
Thanks Rob!
<td class="row">
user.group.name
</td>
<td class="row">
<% For Each strGroupDN In dctGroups %>
<% strGroupDN %>
<% If dctGroups(strGroupDN) = 1 Then %>
y
<% Else %>
n
<% End If %>
</td>
<td align="center" class="row">
n
</td>
</tr>
<% Next %>ASKER
Hi Rob, actually it looks like we were missing the "=" sign within in <% strGroupDN %> so it now reads <%= strGroupDN %>. Below is my output, its a bit off but hopefully we can work with that, notice how long the string is, i would need it just to say "WhatsupGold".
outputASP.gif
outputASP.gif
OK, so change
<% =strGroupDN %>
to this
<% =Mid(Split(strGroupDN, ",")(0), 4) %>
Regards,
Rob.
<% =strGroupDN %>
to this
<% =Mid(Split(strGroupDN, ",")(0), 4) %>
Regards,
Rob.
ASKER
Rob, that works awesome! Cant thank you enough. Im not sure the query is working correctly though. To test, i inputted 2 groups that i am not a part of (Excel, Word) See code:
When i run this, i get the image below. However it should still populate my (firstname, lastname, and Email) if i am NOT part of any groups. In this case, its posting the Excel Group and the Word Group when it shouldn't show post any groups.
When i run this, i get the image below. However it should still populate my (firstname, lastname, and Email) if i am NOT part of any groups. In this case, its posting the Excel Group and the Word Group when it shouldn't show post any groups.
dctGroups.Add "CN=Excel,OU=Users,OU=Information Technology,OU=Support Services,DC=susinc,DC=ad", 0
dctGroups.Add "CN=Word,OU=Users,DC=susinc,DC=ad", 0
Hi, we're getting there ;-)
I'm not sure why the "Word" group is outside the table....formatting problem with the code I guess.
If you try this for the GROUPS section:
It should output something like:
user.group.name WhatsupGold y
user.group.name Excel n
user.group.name Word y
where the last column actually shows y or n depending on whether the current user is actually a member of those groups, and does not reflect whether they are required or not. The groups that you put in dctGroups should just be the "required" ones I suppose.
Regards,
Rob.
I'm not sure why the "Word" group is outside the table....formatting problem with the code I guess.
If you try this for the GROUPS section:
<!-- GROUPS -->
<% For Each strGroupDN In dctGroups %>
<tr>
<td class="row">
user.group.name
</td>
<td class="row">
<% =Mid(Split(strGroupDN, ",")(0), 4) %>
</td>
<td class="row">
<% If dctGroups(strGroupDN) = 1 Then %>
y
<% Else %>
n
<% End If %>
</td>
</tr>
<% Next %>It should output something like:
user.group.name WhatsupGold y
user.group.name Excel n
user.group.name Word y
where the last column actually shows y or n depending on whether the current user is actually a member of those groups, and does not reflect whether they are required or not. The groups that you put in dctGroups should just be the "required" ones I suppose.
Regards,
Rob.
ASKER
Hi Rob, thanks for the update! Yes i think we are getting there....(with your help of course!)
I replaced the GROUP section with the code you provided for me and that seemed to fix the formatting outside the table. Also when I ran it, it puts in WORD and EXCEL like it should if i was an actual member of those groups, but in Active Directory I am not, so those should not post to the form, the last thing is that it didn't add my (firstName, lastName, and email) like it did before.
The image below shows my output which is what i would need it to look like if i was a member of those groups, that's why im not sure if the query is actually Querying AD?
Thanks Rob!!!!
outputASP.gif
I replaced the GROUP section with the code you provided for me and that seemed to fix the formatting outside the table. Also when I ran it, it puts in WORD and EXCEL like it should if i was an actual member of those groups, but in Active Directory I am not, so those should not post to the form, the last thing is that it didn't add my (firstName, lastName, and email) like it did before.
The image below shows my output which is what i would need it to look like if i was a member of those groups, that's why im not sure if the query is actually Querying AD?
Thanks Rob!!!!
outputASP.gif
OK, I think I need to change the way this works. I have now made it so that (hopefully) it will enumerate every group a user is a member of (since that's what I think you want to display) and then compare those with the *required* groups that you put into dctGroups, and list y or n for each group. Only put *required* groups in dctGroups and see what you get.
Regards,
Rob.
Regards,
Rob.
<%Option Explicit%>
<%
'On Error Resume Next
'variables declared
dim formAction, logoutUrl, errorUrl, securityKey
dim email, firstName, lastName, userName, groups
Dim sDNSDomain, sFilter, sQuery, sDN
Dim oConnection, oCommand, oRS
Dim activeDirectoryUser, activeDirectoryPassword
Dim ldapIp
Dim dctGroups, strGroupDN, strRequiredGroups
Set dctGroups = CreateObject("Scripting.Dictionary")
'''''''''''''''''' FILL THESE OUT ''''''''''''''''''''''
formAction = "http://sus1.rapidtraining.com/lms/sso/"
logoutUrl = "http://susaspweb/sso/originalasp.asp"
errorUrl = "http://susaspweb/sso/matt.aspx?error={0}"
securityKey = "A701D3BAE6EE964245BE7794B6814DFD063036B4BED7028B"
activeDirectoryUser = "SUSINC\training" 'should be format domain\username (example: microsoft\bgates)
activeDirectoryPassword = "*****"
ldapIp = "172.20.2.5:389" 'the IP address and port of your LDAP server
sDNSDomain = "DC=susinc,DC=ad" 'example: DC=microsoft,DC=com
dctGroups.Add LCase("CN=WhatsupGold,OU=Users,OU=Information Technology,OU=Support Services,DC=susinc,DC=ad"), 0
dctGroups.Add LCase("CN=app-FEZ,OU=Users,DC=susinc,DC=ad"), 0
'''''''''''''''''' END FILL THESE OUT ''''''''''''''''''''''
'Keep track of required groups
strRequiredGroups = ";"
For Each strGroupDN In dctGroups
strRequiredGroups = strRequiredGroups & strGroupDN & ";"
Next
'acquire user information
userName=Request("AUTH_USER")
'set the ldap query string for ado
Set oConnection = CreateObject("ADODB.Connection")
Set oCommand = CreateObject("ADODB.Command")
oConnection.Provider = "ADsDSOOBject"
'The user to run the LDAP query as. Doesn't need any special privileges
oConnection.Properties("User ID") = activeDirectoryUser
oConnection.Properties("password")= activeDirectoryPassword
oConnection.Open "Active Directory Provider"
Set oCommand.ActiveConnection = oConnection
if InStr(1,userName, "\") then
userName = Mid(userName, InStr(1,userName, "\")+1)
end if
sFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" & userName & "));primarygroupID,givenName,sn,mail,distinguishedName;subtree"
sQuery = "<LDAP://" & ldapIp & "/" & sDNSDomain & ">;" & sFilter & ";DistinguishedName;subtree"
oCommand.CommandText = sQuery
oCommand.Properties("Timeout") = 30
Set oRS = oCommand.Execute
if not oRS.EOF Then
Set objUser = GetObject("LDAP://" & oRS.Fields("distinguishedName"))
email = oRS.Fields("mail")
firstName = oRS.Fields("givenName")
lastName = oRS.Fields("sn")
dctGroups(strGroupDN) = 1
end If
oRS.Close
Set oRS=Nothing
oConnection.Close
Set oCommand = Nothing
Set oConnection = Nothing
If LCase(TypeName(objUser.MemberOf)) <> "empty" Then
If LCase(TypeName(objUser.MemberOf)) = "string" Then
If dctGroups.Exists(LCase(objUser.MemberOf)) = True Then
dctGroups(LCase(objUser.MemberOf)) = 1
Else
dctGroups.Add LCase(objUser.MemberOf), 1
End If
Else
For Each strGroupDN In objUser.MemberOf
If dctGroups.Exists(LCase(strGroupDN)) = True Then
dctGroups(LCase(strGroupDN)) = 1
Else
dctGroups.Add LCase(strGroupDN), 1
End If
Next
End If
End If
%>
</SCRIPT>
<html>
<head>
<META http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title><%Request.ServerVariables("SERVER_NAME") %></title>
<style type="text/css">
<!--
TD {
color: #000000;
background-color: #FFFFFF;
font-family: Verdana, Arial;
font-size: 12px;
}
HR {
height: 1px;
color: #A52A25;
}
.row {
font-size: 10px;
}
.header {
color: #555555;
background-color: #F4F4F4;
border:1px solid #555555;
}
.alert {9:47 AM 11/15/2005
padding:20px;
color: #000000;
font-family: Verdana, Arial;
font-size: 10px;
font-weight: bold;
}
.formbutton {
color: #000000;
background-color: #F4F4F4;
font-family: Verdana, Arial;
font-size: 10px;
text-transform: uppercase;
width: 120px;
height: 24px;
}
-->
</style>
</head>
<body>
<table>
<tr>
<td style="padding-bottom:10px">
<font size="4" color="#A52A25">Single Sign-on Test</font>
<td>
</tr>
<% if not IsEmpty(Request.QueryString("error")) then %>
<tr>
<td>
Response from the server:<br><br>
<span class="alert">
<%= Request.QueryString("error") %>
</span>
</td>
</tr>
<tr>
<td style="padding-top:10px;padding-bottom:20px">
<span class="alert">
<input class="formbutton" type="button" value="okay"
onclick="location.href='sso.asp'">
</span>
</td>
</tr>
<% end if %>
<tr>
<td>
The following form parameters will be POSTED to the server:
</td>
</tr>
</table>
<table border="0" cellpadding="5" cellspacing="2"
style="border:1px solid #A52A25;margin:20px">
<!-- FORM BEGINS HERE -->
<form action="<%= formAction %>" method="post">
<!-- TABLE HEADER -->
<tr>
<td width="200" class="row header">
request parameter
</td>
<td width="120" class="row header">
form value
</td>
<td class="row header">
req. (y/n)
</td>
</tr>
<!-- USER ID -->
<tr>
<td class="row">
user.id
</td>
<td class="row">
<%= userName %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- FIRST NAME -->
<tr>
<td class="row">
user.first.name
</td>
<td class="row">
<%= firstName %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- LAST NAME -->
<tr>
<td class="row">
user.last.name
</td>
<td class="row">
<%= lastName %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- EMAIL -->
<tr>
<td class="row">
user.email
</td>
<td class="row">
<%= email %>
</td>
<td align="center" class="row">
n
</td>
</tr>
<!-- GROUPS -->
<% For Each strGroupDN In dctGroups %>
<tr>
<td class="row">
user.group.name
</td>
<td class="row">
<% =Mid(Split(strGroupDN, ",")(0), 4) %>
</td>
<td class="row">
<% If InStr(LCase(strRequiredGroups), LCase(";" & strGroupDN & ";")) > 0 Then %>
y
<% Else %>
n
<% End If %>
</td>
</tr>
<% Next %>
<!-- DIVIDER -->
<tr>
<td colspan="3" style="padding:0px">
<hr>
</td>
</tr>
<!-- SECURITY KEY -->
<tr>
<td class="row">
security.key
</td>
<td class="row">
<%= securityKey %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- ERROR URL -->
<tr>
<td class="row">
security.error.url
</td>
<td class="row">
<%= errorUrl %>
</td>
<td align="center" class="row">
n
</td>
</tr>
<!-- LOGOUT URL -->
<tr>
<td class="row" style="padding-bottom:15px">
security.logout.url
</td>
<td class="row" style="padding-bottom:15px">
<%= logoutUrl %>
</td>
<td align="center" class="row" style="padding-bottom:15px">
n
</td>
</tr>
<tr>
<td colspan="3" align="right">
<input class="formbutton" type="submit" value="login">
</td>
</tr>
<% if not IsEmpty(email) Then %>
<input name="user.email" type="hidden" value="<%= email %>">
<% end if %>
<input name="security.key" type="hidden" value="<%= securityKey %>">
<input name="security.error.url" type="hidden" value="<%= errorUrl %>">
<input name="security.logout.url" type="hidden" value="<%= logoutUrl %>">
<input name="user.id" type="hidden" value="<%= userName %>">
<input name="user.first.name" type="hidden" value="<%= firstName %>">
<% if not IsEmpty(lastName) Then %>
<input name="user.last.name" type="hidden" value="<%= lastName %>">
<% end if %>
</form>
<!-- FORM ENDS HERE -->
</table>
</body>
</html>ASKER
Wow Rob, I really look forward to your responses when i get into work these past few weeks!! Simply Awesome...
Alright so im getting the error:
"Item cannot be found in the collection corresponding to the requested name or ordinal." on Line 65
for this:
Set objUser = GetObject("LDAP://" & oRS.Fields("distinguishedN
I understand that this creates a reference to an object and have been researching a bit on this today but im not sure how to get around this.
Thanks,
Artie
Alright so im getting the error:
"Item cannot be found in the collection corresponding to the requested name or ordinal." on Line 65
for this:
Set objUser = GetObject("LDAP://" & oRS.Fields("distinguishedN
I understand that this creates a reference to an object and have been researching a bit on this today but im not sure how to get around this.
Thanks,
Artie
Hmmm, that would suggest that "distinguishedName" cannot be found in the available fields from the query, but I'm sure I spelled it right. I did just notice though, that it's an invalid query anyway, which I'm surprised worked in the first place....
You have these two lines:
sFilter = "(&(objectCategory=person)
sQuery = "<LDAP://" & ldapIp & "/" & sDNSDomain & ">;" & sFilter & ";DistinguishedName;subtre
which *both* specify the last two parameters of the objects to return, and the scope of the query. I would change:
sQuery = "<LDAP://" & ldapIp & "/" & sDNSDomain & ">;" & sFilter & ";DistinguishedName;subtre
to just
sQuery = "<LDAP://" & ldapIp & "/" & sDNSDomain & ">;" & sFilter
and see if that helps.
If it still fails, then above this line:
Set objUser = GetObject("LDAP://" & oRS.Fields("distinguishedN
try putting
Response.Write "Binding to user: LDAP://" & oRS.Fields("distinguishedN
Response.End
and see if it shows the LDAP path for the user.
Rob.
You have these two lines:
sFilter = "(&(objectCategory=person)
sQuery = "<LDAP://" & ldapIp & "/" & sDNSDomain & ">;" & sFilter & ";DistinguishedName;subtre
which *both* specify the last two parameters of the objects to return, and the scope of the query. I would change:
sQuery = "<LDAP://" & ldapIp & "/" & sDNSDomain & ">;" & sFilter & ";DistinguishedName;subtre
to just
sQuery = "<LDAP://" & ldapIp & "/" & sDNSDomain & ">;" & sFilter
and see if that helps.
If it still fails, then above this line:
Set objUser = GetObject("LDAP://" & oRS.Fields("distinguishedN
try putting
Response.Write "Binding to user: LDAP://" & oRS.Fields("distinguishedN
Response.End
and see if it shows the LDAP path for the user.
Rob.
ASKER
Thank you again Rob, so I changed the query and its telling me that the variable "objUser" is undefined. When i add the response.write commands, it shows the correct path, so i guess we know the query is working correctly.
Ah, great, so change this:
dim email, firstName, lastName, userName, groups
to this
dim objUser, email, firstName, lastName, userName, groups
and that will get rid of the "variable not defined" error.
Rob.
dim email, firstName, lastName, userName, groups
to this
dim objUser, email, firstName, lastName, userName, groups
and that will get rid of the "variable not defined" error.
Rob.
ASKER
Good day Rob!
The variable error is now fixed (Thank you!), below is my screen shot of the output. Notice the "Subscript out of range" error. I have tried to increase/decrease the number size but that obviously only changes the output of the OU or the Group. Also, not sure if this matters at this point yet, but see the second group "Excel" I dont even have that group created in Active Directory yet, i typed it in the Dct.group section to test and it still posts to the output, where it should be posting nothing.
Talk to you soon!
Updated Code as well...
The variable error is now fixed (Thank you!), below is my screen shot of the output. Notice the "Subscript out of range" error. I have tried to increase/decrease the number size but that obviously only changes the output of the OU or the Group. Also, not sure if this matters at this point yet, but see the second group "Excel" I dont even have that group created in Active Directory yet, i typed it in the Dct.group section to test and it still posts to the output, where it should be posting nothing.
Talk to you soon!
Updated Code as well...
<%Option Explicit%>
<%
'On Error Resume Next
'variables declared
dim formAction, logoutUrl, errorUrl, securityKey
dim objUser, email, firstName, lastName, userName, groups
Dim sDNSDomain, sFilter, sQuery, sDN
Dim oConnection, oCommand, oRS
Dim activeDirectoryUser, activeDirectoryPassword
Dim ldapIp
Dim dctGroups, strGroupDN, strRequiredGroups
Set dctGroups = CreateObject("Scripting.Dictionary")
'''''''''''''''''' FILL THESE OUT ''''''''''''''''''''''
formAction = "http://sus1.rapidtraining.com/lms/sso/"
logoutUrl = "http://susaspweb/sso/originalasp.asp"
errorUrl = "http://susaspweb/sso/matt.aspx?error={0}"
securityKey = "A701D3BAE6EE964245BE7794B6814DFD063036B4BED7028B"
activeDirectoryUser = "SUSINC\training" 'should be format domain\username (example: microsoft\bgates)
activeDirectoryPassword = "***"
ldapIp = "172.20.2.5:389" 'the IP address and port of your LDAP server
sDNSDomain = "DC=susinc,DC=ad" 'example: DC=microsoft,DC=com
dctGroups.Add LCase("CN=WhatsupGold,OU=Users,OU=Information Technology,OU=Support Services,DC=susinc,DC=ad"), 0
dctGroups.Add LCase("CN=Excel,OU=Users,DC=susinc,DC=ad"), 0
'''''''''''''''''' END FILL THESE OUT ''''''''''''''''''''''
'Keep track of required groups
strRequiredGroups = ";"
For Each strGroupDN In dctGroups
strRequiredGroups = strRequiredGroups & strGroupDN & ";"
Next
'acquire user information
userName=Request("AUTH_USER")
'set the ldap query string for ado
Set oConnection = CreateObject("ADODB.Connection")
Set oCommand = CreateObject("ADODB.Command")
oConnection.Provider = "ADsDSOOBject"
'The user to run the LDAP query as. Doesn't need any special privileges
oConnection.Properties("User ID") = activeDirectoryUser
oConnection.Properties("password")= activeDirectoryPassword
oConnection.Open "Active Directory Provider"
Set oCommand.ActiveConnection = oConnection
if InStr(1,userName, "\") then
userName = Mid(userName, InStr(1,userName, "\")+1)
end if
sFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" & userName & "));primarygroupID,givenName,sn,mail,distinguishedName;subtree"
sQuery = "<LDAP://" & ldapIp & "/" & sDNSDomain & ">;" & sFilter
oCommand.CommandText = sQuery
oCommand.Properties("Timeout") = 30
Set oRS = oCommand.Execute
if not oRS.EOF Then
Set objUser = GetObject("LDAP://" & oRS.Fields("DistinguishedName"))
email = oRS.Fields("mail")
firstName = oRS.Fields("givenName")
lastName = oRS.Fields("sn")
dctGroups(strGroupDN) = 1
end If
oRS.Close
Set oRS=Nothing
oConnection.Close
Set oCommand = Nothing
Set oConnection = Nothing
If LCase(TypeName(objUser.MemberOf)) <> "empty" Then
If LCase(TypeName(objUser.MemberOf)) = "string" Then
If dctGroups.Exists(LCase(objUser.MemberOf)) = True Then
dctGroups(LCase(objUser.MemberOf)) = 1
Else
dctGroups.Add LCase(objUser.MemberOf), 1
End If
Else
For Each strGroupDN In objUser.MemberOf
If dctGroups.Exists(LCase(strGroupDN)) = True Then
dctGroups(LCase(strGroupDN)) = 1
Else
dctGroups.Add LCase(strGroupDN), 1
End If
Next
End If
End If
%>
</SCRIPT>
<html>
<head>
<META http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title><%Request.ServerVariables("SERVER_NAME") %></title>
<style type="text/css">
<!--
TD {
color: #000000;
background-color: #FFFFFF;
font-family: Verdana, Arial;
font-size: 12px;
}
HR {
height: 1px;
color: #A52A25;
}
.row {
font-size: 10px;
}
.header {
color: #555555;
background-color: #F4F4F4;
border:1px solid #555555;
}
.alert {9:47 AM 11/15/2005
padding:20px;
color: #000000;
font-family: Verdana, Arial;
font-size: 10px;
font-weight: bold;
}
.formbutton {
color: #000000;
background-color: #F4F4F4;
font-family: Verdana, Arial;
font-size: 10px;
text-transform: uppercase;
width: 120px;
height: 24px;
}
-->
</style>
</head>
<body>
<table>
<tr>
<td style="padding-bottom:10px">
<font size="4" color="#A52A25">Single Sign-on Test</font>
<td>
</tr>
<% if not IsEmpty(Request.QueryString("error")) then %>
<tr>
<td>
Response from the server:<br><br>
<span class="alert">
<%= Request.QueryString("error") %>
</span>
</td>
</tr>
<tr>
<td style="padding-top:10px;padding-bottom:20px">
<span class="alert">
<input class="formbutton" type="button" value="okay"
onclick="location.href='sso.asp'">
</span>
</td>
</tr>
<% end if %>
<tr>
<td>
The following form parameters will be POSTED to the server:
</td>
</tr>
</table>
<table border="0" cellpadding="5" cellspacing="2"
style="border:1px solid #A52A25;margin:20px">
<!-- FORM BEGINS HERE -->
<form action="<%= formAction %>" method="post">
<!-- TABLE HEADER -->
<tr>
<td width="200" class="row header">
request parameter
</td>
<td width="120" class="row header">
form value
</td>
<td class="row header">
req. (y/n)
</td>
</tr>
<!-- USER ID -->
<tr>
<td class="row">
user.id
</td>
<td class="row">
<%= userName %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- FIRST NAME -->
<tr>
<td class="row">
user.first.name
</td>
<td class="row">
<%= firstName %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- LAST NAME -->
<tr>
<td class="row">
user.last.name
</td>
<td class="row">
<%= lastName %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- EMAIL -->
<tr>
<td class="row">
user.email
</td>
<td class="row">
<%= email %>
</td>
<td align="center" class="row">
n
</td>
</tr>
<!-- GROUPS -->
<% For Each strGroupDN In dctGroups %>
<tr>
<td class="row">
user.group.name
</td>
<td class="row">
<%= Mid(Split(strGroupDN, ",")(0),4) %>
</td>
<td class="row">
<% If InStr(LCase(strRequiredGroups), LCase(";" & strGroupDN & ";")) > 0 Then %>
y
<% Else %>
n
<% End If %>
</td>
</tr>
<% Next %>
<!-- DIVIDER -->
<tr>
<td colspan="3" style="padding:0px">
<hr>
</td>
</tr>
<!-- SECURITY KEY -->
<tr>
<td class="row">
security.key
</td>
<td class="row">
<%= securityKey %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- ERROR URL -->
<tr>
<td class="row">
security.error.url
</td>
<td class="row">
<%= errorUrl %>
</td>
<td align="center" class="row">
n
</td>
</tr>
<!-- LOGOUT URL -->
<tr>
<td class="row" style="padding-bottom:15px">
security.logout.url
</td>
<td class="row" style="padding-bottom:15px">
<%= logoutUrl %>
</td>
<td align="center" class="row" style="padding-bottom:15px">
n
</td>
</tr>
<tr>
<td colspan="3" align="right">
<input class="formbutton" type="submit" value="login">
</td>
</tr>
<% if not IsEmpty(email) Then %>
<input name="user.email" type="hidden" value="<%= email %>">
<% end if %>
<input name="security.key" type="hidden" value="<%= securityKey %>">
<input name="security.error.url" type="hidden" value="<%= errorUrl %>">
<input name="security.logout.url" type="hidden" value="<%= logoutUrl %>">
<input name="user.id" type="hidden" value="<%= userName %>">
<input name="user.first.name" type="hidden" value="<%= firstName %>">
<% if not IsEmpty(lastName) Then %>
<input name="user.last.name" type="hidden" value="<%= lastName %>">
<% end if %>
</form>
<!-- FORM ENDS HERE -->
</table>
</body>
</html>
OK, I think I'm still not quite understanding how you want to output it.
Try this. I have changed dctGroups to dctRequiredGroups, in which you need to put the DN's for each group that is required to allow the SSO process.
I have added dctUserGroups, which is automatically populated with each group the user is a member of, and these are *all* listed on the form, and if each group is part of dctRequiredGroups, then it shows "y", otherwise it shows "n". In essence, I'm thiking that if a users groups all show "n", they are not allowed to go through with the SSO process.
Regards,
Rob.
Try this. I have changed dctGroups to dctRequiredGroups, in which you need to put the DN's for each group that is required to allow the SSO process.
I have added dctUserGroups, which is automatically populated with each group the user is a member of, and these are *all* listed on the form, and if each group is part of dctRequiredGroups, then it shows "y", otherwise it shows "n". In essence, I'm thiking that if a users groups all show "n", they are not allowed to go through with the SSO process.
Regards,
Rob.
<%Option Explicit%>
<%
'On Error Resume Next
'variables declared
dim formAction, logoutUrl, errorUrl, securityKey
dim objUser, email, firstName, lastName, userName, groups
Dim sDNSDomain, sFilter, sQuery, sDN
Dim oConnection, oCommand, oRS
Dim activeDirectoryUser, activeDirectoryPassword
Dim ldapIp
Dim dctRequiredGroups, strGroupDN, dctUserGroups
Set dctGroups = CreateObject("Scripting.Dictionary")
'''''''''''''''''' FILL THESE OUT ''''''''''''''''''''''
formAction = "http://sus1.rapidtraining.com/lms/sso/"
logoutUrl = "http://susaspweb/sso/originalasp.asp"
errorUrl = "http://susaspweb/sso/matt.aspx?error={0}"
securityKey = "A701D3BAE6EE964245BE7794B6814DFD063036B4BED7028B"
activeDirectoryUser = "SUSINC\training" 'should be format domain\username (example: microsoft\bgates)
activeDirectoryPassword = "***"
ldapIp = "172.20.2.5:389" 'the IP address and port of your LDAP server
sDNSDomain = "DC=susinc,DC=ad" 'example: DC=microsoft,DC=com
dctRequiredGroups.Add LCase("CN=WhatsupGold,OU=Users,OU=Information Technology,OU=Support Services,DC=susinc,DC=ad"), 0
dctRequiredGroups.Add LCase("CN=Excel,OU=Users,DC=susinc,DC=ad"), 0
'''''''''''''''''' END FILL THESE OUT ''''''''''''''''''''''
'acquire user information
userName=Request("AUTH_USER")
'set the ldap query string for ado
Set oConnection = CreateObject("ADODB.Connection")
Set oCommand = CreateObject("ADODB.Command")
oConnection.Provider = "ADsDSOOBject"
'The user to run the LDAP query as. Doesn't need any special privileges
oConnection.Properties("User ID") = activeDirectoryUser
oConnection.Properties("password")= activeDirectoryPassword
oConnection.Open "Active Directory Provider"
Set oCommand.ActiveConnection = oConnection
if InStr(1,userName, "\") then
userName = Mid(userName, InStr(1,userName, "\")+1)
end if
sFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" & userName & "));primarygroupID,givenName,sn,mail,distinguishedName;subtree"
sQuery = "<LDAP://" & ldapIp & "/" & sDNSDomain & ">;" & sFilter
oCommand.CommandText = sQuery
oCommand.Properties("Timeout") = 30
Set oRS = oCommand.Execute
if not oRS.EOF Then
Set objUser = GetObject("LDAP://" & oRS.Fields("DistinguishedName"))
email = oRS.Fields("mail")
firstName = oRS.Fields("givenName")
lastName = oRS.Fields("sn")
dctGroups(strGroupDN) = 1
end If
oRS.Close
Set oRS=Nothing
oConnection.Close
Set oCommand = Nothing
Set oConnection = Nothing
If LCase(TypeName(objUser.MemberOf)) <> "empty" Then
If LCase(TypeName(objUser.MemberOf)) = "string" Then
If dctUserGroups.Exists(LCase(objUser.MemberOf)) = False Then
dctUserGroups.Add LCase(objUser.MemberOf), 0
End If
Else
For Each strGroupDN In objUser.MemberOf
If dctUserGroups.Exists(LCase(strGroupDN)) = False Then
dctGroups.Add LCase(strGroupDN), 0
End If
Next
End If
End If
%>
</SCRIPT>
<html>
<head>
<META http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title><%Request.ServerVariables("SERVER_NAME") %></title>
<style type="text/css">
<!--
TD {
color: #000000;
background-color: #FFFFFF;
font-family: Verdana, Arial;
font-size: 12px;
}
HR {
height: 1px;
color: #A52A25;
}
.row {
font-size: 10px;
}
.header {
color: #555555;
background-color: #F4F4F4;
border:1px solid #555555;
}
.alert {9:47 AM 11/15/2005
padding:20px;
color: #000000;
font-family: Verdana, Arial;
font-size: 10px;
font-weight: bold;
}
.formbutton {
color: #000000;
background-color: #F4F4F4;
font-family: Verdana, Arial;
font-size: 10px;
text-transform: uppercase;
width: 120px;
height: 24px;
}
-->
</style>
</head>
<body>
<table>
<tr>
<td style="padding-bottom:10px">
<font size="4" color="#A52A25">Single Sign-on Test</font>
<td>
</tr>
<% if not IsEmpty(Request.QueryString("error")) then %>
<tr>
<td>
Response from the server:<br><br>
<span class="alert">
<%= Request.QueryString("error") %>
</span>
</td>
</tr>
<tr>
<td style="padding-top:10px;padding-bottom:20px">
<span class="alert">
<input class="formbutton" type="button" value="okay"
onclick="location.href='sso.asp'">
</span>
</td>
</tr>
<% end if %>
<tr>
<td>
The following form parameters will be POSTED to the server:
</td>
</tr>
</table>
<table border="0" cellpadding="5" cellspacing="2"
style="border:1px solid #A52A25;margin:20px">
<!-- FORM BEGINS HERE -->
<form action="<%= formAction %>" method="post">
<!-- TABLE HEADER -->
<tr>
<td width="200" class="row header">
request parameter
</td>
<td width="120" class="row header">
form value
</td>
<td class="row header">
req. (y/n)
</td>
</tr>
<!-- USER ID -->
<tr>
<td class="row">
user.id
</td>
<td class="row">
<%= userName %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- FIRST NAME -->
<tr>
<td class="row">
user.first.name
</td>
<td class="row">
<%= firstName %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- LAST NAME -->
<tr>
<td class="row">
user.last.name
</td>
<td class="row">
<%= lastName %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- EMAIL -->
<tr>
<td class="row">
user.email
</td>
<td class="row">
<%= email %>
</td>
<td align="center" class="row">
n
</td>
</tr>
<!-- GROUPS -->
<% For Each strGroupDN In dctUserGroups %>
<tr>
<td class="row">
user.group.name
</td>
<td class="row">
<%= Mid(Split(strGroupDN, ",")(0),4) %>
</td>
<td class="row">
<% If dctRequiredGroups.Exists(strGroupDN) = True Then %>
y
<% Else %>
n
<% End If %>
</td>
</tr>
<% Next %>
<!-- DIVIDER -->
<tr>
<td colspan="3" style="padding:0px">
<hr>
</td>
</tr>
<!-- SECURITY KEY -->
<tr>
<td class="row">
security.key
</td>
<td class="row">
<%= securityKey %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- ERROR URL -->
<tr>
<td class="row">
security.error.url
</td>
<td class="row">
<%= errorUrl %>
</td>
<td align="center" class="row">
n
</td>
</tr>
<!-- LOGOUT URL -->
<tr>
<td class="row" style="padding-bottom:15px">
security.logout.url
</td>
<td class="row" style="padding-bottom:15px">
<%= logoutUrl %>
</td>
<td align="center" class="row" style="padding-bottom:15px">
n
</td>
</tr>
<tr>
<td colspan="3" align="right">
<input class="formbutton" type="submit" value="login">
</td>
</tr>
<% if not IsEmpty(email) Then %>
<input name="user.email" type="hidden" value="<%= email %>">
<% end if %>
<input name="security.key" type="hidden" value="<%= securityKey %>">
<input name="security.error.url" type="hidden" value="<%= errorUrl %>">
<input name="security.logout.url" type="hidden" value="<%= logoutUrl %>">
<input name="user.id" type="hidden" value="<%= userName %>">
<input name="user.first.name" type="hidden" value="<%= firstName %>">
<% if not IsEmpty(lastName) Then %>
<input name="user.last.name" type="hidden" value="<%= lastName %>">
<% end if %>
</form>
<!-- FORM ENDS HERE -->
</table>
</body>
</html>ASKER
Hi Rob!!
Yes you are correct, if i add a row for each group i need posted (dctRequiredGroups.Add) then only those groups should post to the form. The catch is, these groups only post if the user is a member of them in Active Directory. If the user is NOT a member then they need to post as blank Text so nothing gets passed through SSO.
After running the code you sent, i am getting an Object Required error " on line 24:
You definitely hit this on the money and i like how this is working out.
I had to Dim (dctGroups) Then i ran into the Object Required error...
Look forward to your reply!
Thanks Artie
Yes you are correct, if i add a row for each group i need posted (dctRequiredGroups.Add) then only those groups should post to the form. The catch is, these groups only post if the user is a member of them in Active Directory. If the user is NOT a member then they need to post as blank Text so nothing gets passed through SSO.
After running the code you sent, i am getting an Object Required error " on line 24:
You definitely hit this on the money and i like how this is working out.
I had to Dim (dctGroups) Then i ran into the Object Required error...
Look forward to your reply!
Thanks Artie
<%Option Explicit%>
<%
'On Error Resume Next
'variables declared
dim formAction, logoutUrl, errorUrl, securityKey
dim objUser, email, firstName, lastName, userName, groups
Dim sDNSDomain, sFilter, sQuery, sDN
Dim oConnection, oCommand, oRS
Dim activeDirectoryUser, activeDirectoryPassword
Dim ldapIp
Dim dctRequiredGroups, dctGroups, strGroupDN, dctUserGroups
Set dctGroups = CreateObject("Scripting.Dictionary")
'''''''''''''''''' FILL THESE OUT ''''''''''''''''''''''
formAction = "http://sus1.rapidtraining.com/lms/sso/"
logoutUrl = "http://susaspweb/sso/originalasp.asp"
errorUrl = "http://susaspweb/sso/matt.aspx?error={0}"
securityKey = "A701D3BAE6EE964245BE7794B6814DFD063036B4BED7028B"
activeDirectoryUser = "SUSINC\training" 'should be format domain\username (example: microsoft\bgates)
activeDirectoryPassword = "***"
ldapIp = "172.20.2.5:389" 'the IP address and port of your LDAP server
sDNSDomain = "DC=susinc,DC=ad" 'example: DC=microsoft,DC=com
dctRequiredGroups.Add LCase("CN=WhatsupGold,OU=Users,OU=Information Technology,OU=Support Services,DC=susinc,DC=ad"), 0
dctRequiredGroups.Add LCase("CN=Excel,OU=Users,DC=susinc,DC=ad"), 0
'''''''''''''''''' END FILL THESE OUT ''''''''''''''''''''''
'acquire user information
userName=Request("AUTH_USER")
'set the ldap query string for ado
Set oConnection = CreateObject("ADODB.Connection")
Set oCommand = CreateObject("ADODB.Command")
oConnection.Provider = "ADsDSOOBject"
'The user to run the LDAP query as. Doesn't need any special privileges
oConnection.Properties("User ID") = activeDirectoryUser
oConnection.Properties("password")= activeDirectoryPassword
oConnection.Open "Active Directory Provider"
Set oCommand.ActiveConnection = oConnection
if InStr(1,userName, "\") then
userName = Mid(userName, InStr(1,userName, "\")+1)
end if
sFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" & userName & "));primarygroupID,givenName,sn,mail,distinguishedName;subtree"
sQuery = "<LDAP://" & ldapIp & "/" & sDNSDomain & ">;" & sFilter
oCommand.CommandText = sQuery
oCommand.Properties("Timeout") = 30
Set oRS = oCommand.Execute
if not oRS.EOF Then
Set objUser = GetObject("LDAP://" & oRS.Fields("DistinguishedName"))
email = oRS.Fields("mail")
firstName = oRS.Fields("givenName")
lastName = oRS.Fields("sn")
dctGroups(strGroupDN) = 1
end If
oRS.Close
Set oRS=Nothing
oConnection.Close
Set oCommand = Nothing
Set oConnection = Nothing
If LCase(TypeName(objUser.MemberOf)) <> "empty" Then
If LCase(TypeName(objUser.MemberOf)) = "string" Then
If dctUserGroups.Exists(LCase(objUser.MemberOf)) = False Then
dctUserGroups.Add LCase(objUser.MemberOf), 0
End If
Else
For Each strGroupDN In objUser.MemberOf
If dctUserGroups.Exists(LCase(strGroupDN)) = False Then
dctGroups.Add LCase(strGroupDN), 0
End If
Next
End If
End If
%>
</SCRIPT>
<html>
<head>
<META http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title><%Request.ServerVariables("SERVER_NAME") %></title>
<style type="text/css">
<!--
TD {
color: #000000;
background-color: #FFFFFF;
font-family: Verdana, Arial;
font-size: 12px;
}
HR {
height: 1px;
color: #A52A25;
}
.row {
font-size: 10px;
}
.header {
color: #555555;
background-color: #F4F4F4;
border:1px solid #555555;
}
.alert {9:47 AM 11/15/2005
padding:20px;
color: #000000;
font-family: Verdana, Arial;
font-size: 10px;
font-weight: bold;
}
.formbutton {
color: #000000;
background-color: #F4F4F4;
font-family: Verdana, Arial;
font-size: 10px;
text-transform: uppercase;
width: 120px;
height: 24px;
}
-->
</style>
</head>
<body>
<table>
<tr>
<td style="padding-bottom:10px">
<font size="4" color="#A52A25">Single Sign-on Test</font>
<td>
</tr>
<% if not IsEmpty(Request.QueryString("error")) then %>
<tr>
<td>
Response from the server:<br><br>
<span class="alert">
<%= Request.QueryString("error") %>
</span>
</td>
</tr>
<tr>
<td style="padding-top:10px;padding-bottom:20px">
<span class="alert">
<input class="formbutton" type="button" value="okay"
onclick="location.href='sso.asp'">
</span>
</td>
</tr>
<% end if %>
<tr>
<td>
The following form parameters will be POSTED to the server:
</td>
</tr>
</table>
<table border="0" cellpadding="5" cellspacing="2"
style="border:1px solid #A52A25;margin:20px">
<!-- FORM BEGINS HERE -->
<form action="<%= formAction %>" method="post">
<!-- TABLE HEADER -->
<tr>
<td width="200" class="row header">
request parameter
</td>
<td width="120" class="row header">
form value
</td>
<td class="row header">
req. (y/n)
</td>
</tr>
<!-- USER ID -->
<tr>
<td class="row">
user.id
</td>
<td class="row">
<%= userName %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- FIRST NAME -->
<tr>
<td class="row">
user.first.name
</td>
<td class="row">
<%= firstName %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- LAST NAME -->
<tr>
<td class="row">
user.last.name
</td>
<td class="row">
<%= lastName %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- EMAIL -->
<tr>
<td class="row">
user.email
</td>
<td class="row">
<%= email %>
</td>
<td align="center" class="row">
n
</td>
</tr>
<!-- GROUPS -->
<% For Each strGroupDN In dctUserGroups %>
<tr>
<td class="row">
user.group.name
</td>
<td class="row">
<%= Mid(Split(strGroupDN, ",")(0),4) %>
</td>
<td class="row">
<% If dctRequiredGroups.Exists(strGroupDN) = True Then %>
y
<% Else %>
n
<% End If %>
</td>
</tr>
<% Next %>
<!-- DIVIDER -->
<tr>
<td colspan="3" style="padding:0px">
<hr>
</td>
</tr>
<!-- SECURITY KEY -->
<tr>
<td class="row">
security.key
</td>
<td class="row">
<%= securityKey %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- ERROR URL -->
<tr>
<td class="row">
security.error.url
</td>
<td class="row">
<%= errorUrl %>
</td>
<td align="center" class="row">
n
</td>
</tr>
<!-- LOGOUT URL -->
<tr>
<td class="row" style="padding-bottom:15px">
security.logout.url
</td>
<td class="row" style="padding-bottom:15px">
<%= logoutUrl %>
</td>
<td align="center" class="row" style="padding-bottom:15px">
n
</td>
</tr>
<tr>
<td colspan="3" align="right">
<input class="formbutton" type="submit" value="login">
</td>
</tr>
<% if not IsEmpty(email) Then %>
<input name="user.email" type="hidden" value="<%= email %>">
<% end if %>
<input name="security.key" type="hidden" value="<%= securityKey %>">
<input name="security.error.url" type="hidden" value="<%= errorUrl %>">
<input name="security.logout.url" type="hidden" value="<%= logoutUrl %>">
<input name="user.id" type="hidden" value="<%= userName %>">
<input name="user.first.name" type="hidden" value="<%= firstName %>">
<% if not IsEmpty(lastName) Then %>
<input name="user.last.name" type="hidden" value="<%= lastName %>">
<% end if %>
</form>
<!-- FORM ENDS HERE -->
</table>
</body>
</html>
Sorry, you don't need to dim dctGroups, but you need to change
Set dctGroups = CreateObject("Scripting.Di
to
Set dctRequiredGroups = CreateObject("Scripting.Di
Rob.
Set dctGroups = CreateObject("Scripting.Di
to
Set dctRequiredGroups = CreateObject("Scripting.Di
Rob.
ASKER
Thanks Rob, now if i dont dim "dctGroups" i get the variable is undefined error for dctGroups on line 64, if i dim it and replace the dictionary line with the code you updated, i get a "Type Mismatch" on line 64
"dctGroups(strGroupDN) = 1"
Thanks
"dctGroups(strGroupDN) = 1"
Thanks
Ah, sorry. I can't test this, so I'm making a few mistakes. Try this version.
Rob.
Rob.
<%Option Explicit%>
<%
'On Error Resume Next
'variables declared
dim formAction, logoutUrl, errorUrl, securityKey
dim objUser, email, firstName, lastName, userName, groups
Dim sDNSDomain, sFilter, sQuery, sDN
Dim oConnection, oCommand, oRS
Dim activeDirectoryUser, activeDirectoryPassword
Dim ldapIp
Dim dctRequiredGroups, strGroupDN, dctUserGroups
Set dctRequiredGroups = CreateObject("Scripting.Dictionary")
'''''''''''''''''' FILL THESE OUT ''''''''''''''''''''''
formAction = "http://sus1.rapidtraining.com/lms/sso/"
logoutUrl = "http://susaspweb/sso/originalasp.asp"
errorUrl = "http://susaspweb/sso/matt.aspx?error={0}"
securityKey = "A701D3BAE6EE964245BE7794B6814DFD063036B4BED7028B"
activeDirectoryUser = "SUSINC\training" 'should be format domain\username (example: microsoft\bgates)
activeDirectoryPassword = "***"
ldapIp = "172.20.2.5:389" 'the IP address and port of your LDAP server
sDNSDomain = "DC=susinc,DC=ad" 'example: DC=microsoft,DC=com
dctRequiredGroups.Add LCase("CN=WhatsupGold,OU=Users,OU=Information Technology,OU=Support Services,DC=susinc,DC=ad"), 0
dctRequiredGroups.Add LCase("CN=Excel,OU=Users,DC=susinc,DC=ad"), 0
'''''''''''''''''' END FILL THESE OUT ''''''''''''''''''''''
'acquire user information
userName=Request("AUTH_USER")
'set the ldap query string for ado
Set oConnection = CreateObject("ADODB.Connection")
Set oCommand = CreateObject("ADODB.Command")
oConnection.Provider = "ADsDSOOBject"
'The user to run the LDAP query as. Doesn't need any special privileges
oConnection.Properties("User ID") = activeDirectoryUser
oConnection.Properties("password")= activeDirectoryPassword
oConnection.Open "Active Directory Provider"
Set oCommand.ActiveConnection = oConnection
if InStr(1,userName, "\") then
userName = Mid(userName, InStr(1,userName, "\")+1)
end if
sFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" & userName & "));primarygroupID,givenName,sn,mail,distinguishedName;subtree"
sQuery = "<LDAP://" & ldapIp & "/" & sDNSDomain & ">;" & sFilter
oCommand.CommandText = sQuery
oCommand.Properties("Timeout") = 30
Set oRS = oCommand.Execute
if not oRS.EOF Then
Set objUser = GetObject("LDAP://" & oRS.Fields("DistinguishedName"))
email = oRS.Fields("mail")
firstName = oRS.Fields("givenName")
lastName = oRS.Fields("sn")
end If
oRS.Close
Set oRS=Nothing
oConnection.Close
Set oCommand = Nothing
Set oConnection = Nothing
If LCase(TypeName(objUser.MemberOf)) <> "empty" Then
If LCase(TypeName(objUser.MemberOf)) = "string" Then
If dctUserGroups.Exists(LCase(objUser.MemberOf)) = False Then
dctUserGroups.Add LCase(objUser.MemberOf), 0
End If
Else
For Each strGroupDN In objUser.MemberOf
If dctUserGroups.Exists(LCase(strGroupDN)) = False Then
dctUserGroups.Add LCase(strGroupDN), 0
End If
Next
End If
End If
%>
</SCRIPT>
<html>
<head>
<META http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title><%Request.ServerVariables("SERVER_NAME") %></title>
<style type="text/css">
<!--
TD {
color: #000000;
background-color: #FFFFFF;
font-family: Verdana, Arial;
font-size: 12px;
}
HR {
height: 1px;
color: #A52A25;
}
.row {
font-size: 10px;
}
.header {
color: #555555;
background-color: #F4F4F4;
border:1px solid #555555;
}
.alert {9:47 AM 11/15/2005
padding:20px;
color: #000000;
font-family: Verdana, Arial;
font-size: 10px;
font-weight: bold;
}
.formbutton {
color: #000000;
background-color: #F4F4F4;
font-family: Verdana, Arial;
font-size: 10px;
text-transform: uppercase;
width: 120px;
height: 24px;
}
-->
</style>
</head>
<body>
<table>
<tr>
<td style="padding-bottom:10px">
<font size="4" color="#A52A25">Single Sign-on Test</font>
<td>
</tr>
<% if not IsEmpty(Request.QueryString("error")) then %>
<tr>
<td>
Response from the server:<br><br>
<span class="alert">
<%= Request.QueryString("error") %>
</span>
</td>
</tr>
<tr>
<td style="padding-top:10px;padding-bottom:20px">
<span class="alert">
<input class="formbutton" type="button" value="okay"
onclick="location.href='sso.asp'">
</span>
</td>
</tr>
<% end if %>
<tr>
<td>
The following form parameters will be POSTED to the server:
</td>
</tr>
</table>
<table border="0" cellpadding="5" cellspacing="2"
style="border:1px solid #A52A25;margin:20px">
<!-- FORM BEGINS HERE -->
<form action="<%= formAction %>" method="post">
<!-- TABLE HEADER -->
<tr>
<td width="200" class="row header">
request parameter
</td>
<td width="120" class="row header">
form value
</td>
<td class="row header">
req. (y/n)
</td>
</tr>
<!-- USER ID -->
<tr>
<td class="row">
user.id
</td>
<td class="row">
<%= userName %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- FIRST NAME -->
<tr>
<td class="row">
user.first.name
</td>
<td class="row">
<%= firstName %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- LAST NAME -->
<tr>
<td class="row">
user.last.name
</td>
<td class="row">
<%= lastName %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- EMAIL -->
<tr>
<td class="row">
user.email
</td>
<td class="row">
<%= email %>
</td>
<td align="center" class="row">
n
</td>
</tr>
<!-- GROUPS -->
<% For Each strGroupDN In dctUserGroups %>
<tr>
<td class="row">
user.group.name
</td>
<td class="row">
<%= Mid(Split(strGroupDN, ",")(0),4) %>
</td>
<td class="row">
<% If dctRequiredGroups.Exists(strGroupDN) = True Then %>
y
<% Else %>
n
<% End If %>
</td>
</tr>
<% Next %>
<!-- DIVIDER -->
<tr>
<td colspan="3" style="padding:0px">
<hr>
</td>
</tr>
<!-- SECURITY KEY -->
<tr>
<td class="row">
security.key
</td>
<td class="row">
<%= securityKey %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- ERROR URL -->
<tr>
<td class="row">
security.error.url
</td>
<td class="row">
<%= errorUrl %>
</td>
<td align="center" class="row">
n
</td>
</tr>
<!-- LOGOUT URL -->
<tr>
<td class="row" style="padding-bottom:15px">
security.logout.url
</td>
<td class="row" style="padding-bottom:15px">
<%= logoutUrl %>
</td>
<td align="center" class="row" style="padding-bottom:15px">
n
</td>
</tr>
<tr>
<td colspan="3" align="right">
<input class="formbutton" type="submit" value="login">
</td>
</tr>
<% if not IsEmpty(email) Then %>
<input name="user.email" type="hidden" value="<%= email %>">
<% end if %>
<input name="security.key" type="hidden" value="<%= securityKey %>">
<input name="security.error.url" type="hidden" value="<%= errorUrl %>">
<input name="security.logout.url" type="hidden" value="<%= logoutUrl %>">
<input name="user.id" type="hidden" value="<%= userName %>">
<input name="user.first.name" type="hidden" value="<%= firstName %>">
<% if not IsEmpty(lastName) Then %>
<input name="user.last.name" type="hidden" value="<%= lastName %>">
<% end if %>
</form>
<!-- FORM ENDS HERE -->
</table>
</body>
</html>ASKER
Hi Rob, seriously im not worried about the mistakes, you've been a great help. I get the "Object Required" on line 78 "If dctUserGroups.Exists(LCase
Now, i thought maybe that dctUserGroups should be changed to dctRequiredGroups, so i tried that and then got the same error on the next line 79 so i changed that as well. Then i received "Object not a collection on line 229. So i probably didn't need to do that at all but thought I'd give it a shot.
Thanks!
Now, i thought maybe that dctUserGroups should be changed to dctRequiredGroups, so i tried that and then got the same error on the next line 79 so i changed that as well. Then i received "Object not a collection on line 229. So i probably didn't need to do that at all but thought I'd give it a shot.
Thanks!
Oh! This time I forgot to create dctUserGroups.
Under this:
Set dctRequiredGroups = CreateObject("Scripting.Di
please add this:
Set dctUserGroups = CreateObject("Scripting.Di
Rob.
Under this:
Set dctRequiredGroups = CreateObject("Scripting.Di
please add this:
Set dctUserGroups = CreateObject("Scripting.Di
Rob.
ASKER
Ok, now we are getting somewhere. See the file I attached, its the output i get when i run it. At least it is running but im missing the group posting.
signon.gif
signon.gif
Have you confirmed your user is part of more AD groups than just the primary group?
ASKER
Hi Rob, i am actually the test user for this. I have attached an image of part of my group Membership in AD, notice i am a member of other multiple groups, also "VPN Users" and "WhatsupGold".
So because i am a member of those two groups and i specified them in the RequiredGroups, those two groups should post to the form, but they do not as you can tell.
I'll be bringing this home to work on tonight so i should be able to respond to you much quicker.
Thank you,
Artie
So because i am a member of those two groups and i specified them in the RequiredGroups, those two groups should post to the form, but they do not as you can tell.
I'll be bringing this home to work on tonight so i should be able to respond to you much quicker.
Thank you,
Artie
dctRequiredGroups.Add LCase("CN=WhatsupGold,OU=Users,OU=Information Technology,OU=Support Services,DC=susinc,DC=ad"), 0
dctRequiredGroups.Add LCase("CN=VPN Users,OU=Users,DC=susinc,DC=ad"), 0
Artie, I'm going to set up a test ASP server tonight. Hopefully I can set up a similar scenario and get it tested once and for all ;-)
It's 4:45pm here at the moment, so I'll be few hours before I can respond again.
Rob.
It's 4:45pm here at the moment, so I'll be few hours before I can respond again.
Rob.
Hi, well, I set up one of my .NET Web Servers to allow .asp pages to be executed, and ran this code as a test:
and it listed each of the groups that my active directory user account is a member of.
Perhaps what you're missing is that your web server needs to be delegated in Active Directory. In ADUC, right click the Web Server computer object, and click Properties. Go to the Delegation tab. Select "Trust this computer for delegation to any service." and click OK. Then try again. That test page should show your groups, as long as the credentials you have provided in the code have enough rights to read the user account.
If that works, we'll look at the full code again, and maybe put a Response.Write whereever it's adding the groups to the dctUserGroups object.
Regards,
Rob.
<%
'''''''''''''''''' FILL THESE OUT ''''''''''''''''''''''
activeDirectoryUser = "SUSINC\training" 'should be format domain\username (example: microsoft\bgates)
activeDirectoryPassword = "***"
ldapIp = "172.20.2.5:389" 'the IP address and port of your LDAP server
sDNSDomain = "DC=susinc,DC=ad" 'example: DC=microsoft,DC=com
'''''''''''''''''' END FILL THESE OUT ''''''''''''''''''''''
userName=Request("AUTH_USER")
'set the ldap query string for ado
Set oConnection = CreateObject("ADODB.Connection")
Set oCommand = CreateObject("ADODB.Command")
oConnection.Provider = "ADsDSOOBject"
'The user to run the LDAP query as. Doesn't need any special privileges
oConnection.Properties("User ID") = activeDirectoryUser
oConnection.Properties("password")= activeDirectoryPassword
oConnection.Open "Active Directory Provider"
Set oCommand.ActiveConnection = oConnection
if InStr(1,userName, "\") then
userName = Mid(userName, InStr(1,userName, "\")+1)
end if
sFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" & userName & "));primarygroupID,givenName,sn,mail,distinguishedName;subtree"
sQuery = "<LDAP://" & ldapIp & "/" & sDNSDomain & ">;" & sFilter
oCommand.CommandText = sQuery
oCommand.Properties("Timeout") = 30
Set oRS = oCommand.Execute
if not oRS.EOF Then
Set objUser = GetObject("LDAP://" & oRS.Fields("DistinguishedName"))
email = oRS.Fields("mail")
firstName = oRS.Fields("givenName")
lastName = oRS.Fields("sn")
end If
Set dctUserGroups = CreateObject("Scripting.Dictionary")
Response.Write "<BR>Email: " & email
Response.Write "<BR>Firstname: " & firstName
Response.Write "<BR>Lastname: " & lastName
Response.Write "<BR>"
oRS.Close
Set oRS=Nothing
oConnection.Close
Set oCommand = Nothing
Set oConnection = Nothing
If LCase(TypeName(objUser.MemberOf)) <> "empty" Then
If LCase(TypeName(objUser.MemberOf)) = "string" Then
If dctUserGroups.Exists(LCase(objUser.MemberOf)) = False Then
dctUserGroups.Add LCase(objUser.MemberOf), 0
End If
Else
For Each strGroupDN In objUser.MemberOf
If dctUserGroups.Exists(LCase(strGroupDN)) = False Then
dctUserGroups.Add LCase(strGroupDN), 0
End If
Next
End If
End If
Response.Write "<BR>Groups:"
For Each strGroupDN In dctUserGroups
Response.Write "<BR>" & strGroupDN
Next
%>
<html>
<head>
<META http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title></title>
</head>
<body>
</body>
</html>and it listed each of the groups that my active directory user account is a member of.
Perhaps what you're missing is that your web server needs to be delegated in Active Directory. In ADUC, right click the Web Server computer object, and click Properties. Go to the Delegation tab. Select "Trust this computer for delegation to any service." and click OK. Then try again. That test page should show your groups, as long as the credentials you have provided in the code have enough rights to read the user account.
If that works, we'll look at the full code again, and maybe put a Response.Write whereever it's adding the groups to the dctUserGroups object.
Regards,
Rob.
ASKER
Morning Rob! This is cool, so your suggestion worked. I ran the code in your post and it successfully posted all my AD groups, see the image below.
groupconfirm.gif
groupconfirm.gif
Great! So we know the group enumeration works then. So I went ahead and plugged everything else back in to the page, and the whole page worked for me perfectly. Please try this.
Regards,
Rob.
Regards,
Rob.
<%
Option Explicit
'On Error Resume Next
'variables declared
dim formAction, logoutUrl, errorUrl, securityKey
dim objUser, email, firstName, lastName, userName, groups
Dim sDNSDomain, sFilter, sQuery, sDN
Dim oConnection, oCommand, oRS
Dim activeDirectoryUser, activeDirectoryPassword
Dim ldapIp
Dim dctRequiredGroups, strGroupDN, dctUserGroups
Set dctRequiredGroups = CreateObject("Scripting.Dictionary")
Set dctUserGroups = CreateObject("Scripting.Dictionary")
'''''''''''''''''' FILL THESE OUT ''''''''''''''''''''''
formAction = "http://sus1.rapidtraining.com/lms/sso/"
logoutUrl = "http://susaspweb/sso/originalasp.asp"
errorUrl = "http://susaspweb/sso/matt.aspx?error={0}"
securityKey = "A701D3BAE6EE964245BE7794B6814DFD063036B4BED7028B"
activeDirectoryUser = "SUSINC\training" 'should be format domain\username (example: microsoft\bgates)
activeDirectoryPassword = "***"
ldapIp = "172.20.2.5:389" 'the IP address and port of your LDAP server
sDNSDomain = "DC=susinc,DC=ad" 'example: DC=microsoft,DC=com
dctRequiredGroups.Add LCase("CN=WhatsupGold,OU=Users,OU=Information Technology,OU=Support Services,DC=susinc,DC=ad"), 0
dctRequiredGroups.Add LCase("CN=Excel,OU=Users,DC=susinc,DC=ad"), 0
'''''''''''''''''' END FILL THESE OUT ''''''''''''''''''''''
'acquire user information
userName=Request("AUTH_USER")
'set the ldap query string for ado
Set oConnection = CreateObject("ADODB.Connection")
Set oCommand = CreateObject("ADODB.Command")
oConnection.Provider = "ADsDSOOBject"
'The user to run the LDAP query as. Doesn't need any special privileges
oConnection.Properties("User ID") = activeDirectoryUser
oConnection.Properties("password")= activeDirectoryPassword
oConnection.Open "Active Directory Provider"
Set oCommand.ActiveConnection = oConnection
if InStr(1,userName, "\") then
userName = Mid(userName, InStr(1,userName, "\")+1)
end if
sFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" & userName & "));primarygroupID,givenName,sn,mail,distinguishedName;subtree"
sQuery = "<LDAP://" & ldapIp & "/" & sDNSDomain & ">;" & sFilter
oCommand.CommandText = sQuery
oCommand.Properties("Timeout") = 30
Set oRS = oCommand.Execute
if not oRS.EOF Then
Set objUser = GetObject("LDAP://" & oRS.Fields("DistinguishedName"))
email = oRS.Fields("mail")
firstName = oRS.Fields("givenName")
lastName = oRS.Fields("sn")
end If
oRS.Close
Set oRS=Nothing
oConnection.Close
Set oCommand = Nothing
Set oConnection = Nothing
If LCase(TypeName(objUser.MemberOf)) <> "empty" Then
If LCase(TypeName(objUser.MemberOf)) = "string" Then
If dctUserGroups.Exists(LCase(objUser.MemberOf)) = False Then
dctUserGroups.Add LCase(objUser.MemberOf), 0
End If
Else
For Each strGroupDN In objUser.MemberOf
If dctUserGroups.Exists(LCase(strGroupDN)) = False Then
dctUserGroups.Add LCase(strGroupDN), 0
End If
Next
End If
End If
%>
<html>
<head>
<META http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title><%Request.ServerVariables("SERVER_NAME") %></title>
<style type="text/css">
<!--
TD {
color: #000000;
background-color: #FFFFFF;
font-family: Verdana, Arial;
font-size: 12px;
}
HR {
height: 1px;
color: #A52A25;
}
.row {
font-size: 10px;
}
.header {
color: #555555;
background-color: #F4F4F4;
border:1px solid #555555;
}
.alert {9:47 AM 11/15/2005
padding:20px;
color: #000000;
font-family: Verdana, Arial;
font-size: 10px;
font-weight: bold;
}
.formbutton {
color: #000000;
background-color: #F4F4F4;
font-family: Verdana, Arial;
font-size: 10px;
text-transform: uppercase;
width: 120px;
height: 24px;
}
-->
</style>
</head>
<body>
<table>
<tr>
<td style="padding-bottom:10px">
<font size="4" color="#A52A25">Single Sign-on Test</font>
<td>
</tr>
<% if not IsEmpty(Request.QueryString("error")) then %>
<tr>
<td>
Response from the server:<br><br>
<span class="alert">
<%= Request.QueryString("error") %>
</span>
</td>
</tr>
<tr>
<td style="padding-top:10px;padding-bottom:20px">
<span class="alert">
<input class="formbutton" type="button" value="okay"
onclick="location.href='sso.asp'">
</span>
</td>
</tr>
<% end if %>
<tr>
<td>
The following form parameters will be POSTED to the server:
</td>
</tr>
</table>
<table border="0" cellpadding="5" cellspacing="2"
style="border:1px solid #A52A25;margin:20px">
<!-- FORM BEGINS HERE -->
<form action="<%= formAction %>" method="post">
<!-- TABLE HEADER -->
<tr>
<td width="200" class="row header">
request parameter
</td>
<td width="120" class="row header">
form value
</td>
<td class="row header">
req. (y/n)
</td>
</tr>
<!-- USER ID -->
<tr>
<td class="row">
user.id
</td>
<td class="row">
<%= userName %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- FIRST NAME -->
<tr>
<td class="row">
user.first.name
</td>
<td class="row">
<%= firstName %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- LAST NAME -->
<tr>
<td class="row">
user.last.name
</td>
<td class="row">
<%= lastName %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- EMAIL -->
<tr>
<td class="row">
user.email
</td>
<td class="row">
<%= email %>
</td>
<td align="center" class="row">
n
</td>
</tr>
<!-- GROUPS -->
<% For Each strGroupDN In dctUserGroups %>
<tr>
<td class="row">
user.group.name
</td>
<td class="row">
<%= Mid(Split(strGroupDN, ",")(0),4) %>
</td>
<td align="center" class="row">
<% If dctRequiredGroups.Exists(strGroupDN) = True Then %>
y
<% Else %>
n
<% End If %>
</td>
</tr>
<% Next %>
<!-- DIVIDER -->
<tr>
<td colspan="3" style="padding:0px">
<hr>
</td>
</tr>
<!-- SECURITY KEY -->
<tr>
<td class="row">
security.key
</td>
<td class="row">
<%= securityKey %>
</td>
<td align="center" class="row">
y
</td>
</tr>
<!-- ERROR URL -->
<tr>
<td class="row">
security.error.url
</td>
<td class="row">
<%= errorUrl %>
</td>
<td align="center" class="row">
n
</td>
</tr>
<!-- LOGOUT URL -->
<tr>
<td class="row" style="padding-bottom:15px">
security.logout.url
</td>
<td class="row" style="padding-bottom:15px">
<%= logoutUrl %>
</td>
<td align="center" class="row" style="padding-bottom:15px">
n
</td>
</tr>
<tr>
<td colspan="3" align="right">
<input class="formbutton" type="submit" value="login">
</td>
</tr>
<% if not IsEmpty(email) Then %>
<input name="user.email" type="hidden" value="<%= email %>">
<% end if %>
<input name="security.key" type="hidden" value="<%= securityKey %>">
<input name="security.error.url" type="hidden" value="<%= errorUrl %>">
<input name="security.logout.url" type="hidden" value="<%= logoutUrl %>">
<input name="user.id" type="hidden" value="<%= userName %>">
<input name="user.first.name" type="hidden" value="<%= firstName %>">
<% if not IsEmpty(lastName) Then %>
<input name="user.last.name" type="hidden" value="<%= lastName %>">
<% end if %>
</form>
<!-- FORM ENDS HERE -->
</table>
</body>
</html>
P.S. It's a shame we're in such different time zones! My post above is 9:23am, Wednesday morning.
Your post before that was 11:33pm on Tuesday night. I was asleep ;-)
Rob.
Your post before that was 11:33pm on Tuesday night. I was asleep ;-)
Rob.
ASKER
Hey Rob, i know man sucks were not in timezones but hey we are making it work, are you ever in NYC?. Ok so see below, i can get the form to post correctly now. We just need to post the 2 groups i specified that i am a member of, not all the groups.
groupconfirm.gif
groupconfirm.gif
No, never in NYC....never even been to the US :-(
So you want to check whether you're a member of dctRequiredGroups? What if you're not? What do you want displayed on the form?
Anyway, to do that, change this section:
to this:
Regards,
Rob.
So you want to check whether you're a member of dctRequiredGroups? What if you're not? What do you want displayed on the form?
Anyway, to do that, change this section:
<% For Each strGroupDN In dctUserGroups %>
<tr>
<td class="row">
user.group.name
</td>
<td class="row">
<%= Mid(Split(strGroupDN, ",")(0),4) %>
</td>
<td align="center" class="row">
<% If dctRequiredGroups.Exists(strGroupDN) = True Then %>
y
<% Else %>
n
<% End If %>
</td>
</tr>
<% Next %>to this:
<% For Each strGroupDN In dctUserGroups %>
<tr>
<td class="row">
user.group.name
</td>
<td class="row">
<%= Mid(Split(strGroupDN, ",")(0),4) %>
</td>
<td align="center" class="row">
<% If dctRequiredGroups.Exists(strGroupDN) = True Then %>
y
<% Else %>
n
<% End If %>
</td>
</tr>
<% Next %>Regards,
Rob.
Doh, the new bit didn't post....
Use this:
Regards,
Rob.
Use this:
<% For Each strGroupDN In dctUserGroups %>
<% If objRequiredGroups.Exists(LCase(strGroupDN)) = True Then %>
<tr>
<td class="row">
user.group.name
</td>
<td class="row">
<%= Mid(Split(strGroupDN, ",")(0),4) %>
</td>
<td align="center" class="row">
<% If dctRequiredGroups.Exists(strGroupDN) = True Then %>
y
<% Else %>
n
<% End If %>
</td>
</tr>
<% End If %>
<% Next %>Regards,
Rob.
ASKER
Rob, if possible i'd like it to display nothing at all if im not a part of the group. Also, i think the Code to change it to is the same as the initial code...
What country are you from?
What country are you from?
ASKER
Variable is undefined: 'objRequiredGroups'
Do you want me to dim it? If i do, i get "Object Required: "
Do you want me to dim it? If i do, i get "Object Required: "
Oh, typo!!! That was supposed to be dctRequiredGroups...
Rob.
Rob.
<% For Each strGroupDN In dctUserGroups %>
<% If dctRequiredGroups.Exists(LCase(strGroupDN)) = True Then %>
<tr>
<td class="row">
user.group.name
</td>
<td class="row">
<%= Mid(Split(strGroupDN, ",")(0),4) %>
</td>
<td align="center" class="row">
<% If dctRequiredGroups.Exists(strGroupDN) = True Then %>
y
<% Else %>
n
<% End If %>
</td>
</tr>
<% End If %>
<% Next %>ASKER
Very cool, ok so that works now. So the group "WhatsupGold" posts properly, i required that group and because im part of it, it posted. Now the the second group i specified doesnt even exist in AD, therefore it shouldnt post and it didnt!!
To test further,I removed the second group (Excel) and added a group that i am a member of "VPN users" and it did NOT post to the form where it should.
What do you think?
To test further,I removed the second group (Excel) and added a group that i am a member of "VPN users" and it did NOT post to the form where it should.
What do you think?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Alright Rob, that did the trick!
I cant thank you enough...
Is it possible i can get your email contact?
I cant thank you enough...
Is it possible i can get your email contact?
ASKER
The best by far experience i have had working with someone on Experts-Exchange, Rob is a Genius.
I'm glad we got there in the end.
Thanks for your patience. It always helps when I can work with someone who is willing to learn and try different things.
You wil find my email address in my profile.
Regards,
Rob.
Thanks for your patience. It always helps when I can work with someone who is willing to learn and try different things.
You wil find my email address in my profile.
Regards,
Rob.
sFilter = "(&(objectCategory=person)
You can determine (by way of RS.EOF) whether the user is a member of two specific groups.
Regards,
Rob.