Retrieving LDAP info from eDirectory from IIS
Hello,
A customer is using Novell eDirectory 8.7.3.2 on Netware 6.5 sp2. My company's IIS application needs to find out some information from that directory. I'd like the solution to be generic LDAP rather than solved only through Novell tools, as we've also been asked to do the same thing for another customer with MS AD.
I have successfully set up a browser to the eDirectory from the IIS server using the third party LDAP browser tool from Softerra. The connection string that connects and lets me browse is:
ldap://ldap.company.com:38
where "company" replaces the organization's acronym, and the anonymous mode is used
I have seen in a prior answer some IIS code using the AdsDSOObject which should do this, but it doesn't work for me. I get a table error when the query is executed. From what I've read the table error is thrown when unexpected parameters are provided in the query.
Here's a snippet of the code I found in EE:
oConn.Provider = "ADsDSOOBJECT"
oConn.Properties("Encrypt Password") = False
oConn.Open "ADs Provider", "cn=SchemaReader,cn=staff,
strQuery = "<LDAP://" & strDomain &">; (&(objectClass=user)(objec
Set oRS = oConn.Execute(strQuery)
The tree has a structure such that I want to get a cn value which is buried under:
ou=[a certain region]
ou=[a certain facility]
ou=STAFF
then some containers of interest.
Thanks for help on this. Let me know if you need more info.
A customer is using Novell eDirectory 8.7.3.2 on Netware 6.5 sp2. My company's IIS application needs to find out some information from that directory. I'd like the solution to be generic LDAP rather than solved only through Novell tools, as we've also been asked to do the same thing for another customer with MS AD.
I have successfully set up a browser to the eDirectory from the IIS server using the third party LDAP browser tool from Softerra. The connection string that connects and lets me browse is:
ldap://ldap.company.com:38
where "company" replaces the organization's acronym, and the anonymous mode is used
I have seen in a prior answer some IIS code using the AdsDSOObject which should do this, but it doesn't work for me. I get a table error when the query is executed. From what I've read the table error is thrown when unexpected parameters are provided in the query.
Here's a snippet of the code I found in EE:
oConn.Provider = "ADsDSOOBJECT"
oConn.Properties("Encrypt Password") = False
oConn.Open "ADs Provider", "cn=SchemaReader,cn=staff,
strQuery = "<LDAP://" & strDomain &">; (&(objectClass=user)(objec
Set oRS = oConn.Execute(strQuery)
The tree has a structure such that I want to get a cn value which is buried under:
ou=[a certain region]
ou=[a certain facility]
ou=STAFF
then some containers of interest.
Thanks for help on this. Let me know if you need more info.
ASKER
The message is:
Provider (0x80040E37)
Table does not exist.
I've seen a lot of tips here and in other forums that this message is thrown when EITHER the security settings arent right, or a parameter in the search is not valid per the host LDAP. That's a big range of possible causes !
FYI, the host LDAP is set for anonymous connections, and I can connect to it fine from the web server machine using Softerra with the anonymous setting.
Provider (0x80040E37)
Table does not exist.
I've seen a lot of tips here and in other forums that this message is thrown when EITHER the security settings arent right, or a parameter in the search is not valid per the host LDAP. That's a big range of possible causes !
FYI, the host LDAP is set for anonymous connections, and I can connect to it fine from the web server machine using Softerra with the anonymous setting.
OK, and what part of the script throws that error? by the sound of it, it happens at the line containing oConn.Execute(strQuery)?
or does it occur when you attempt to access the recordset?
are you sure of the query parameters? Your Softerra sample starts virtually at the top of the LDAP tree (o=company) and the search filter is essentially a wildcard (objectClass=*)
Have you tried starting with these basic parameters in the ASP query? as in something like:
oConn.Open "ADs Provider"
strQuery = "<LDAP://ldap.company.com/
Cheers.
or does it occur when you attempt to access the recordset?
are you sure of the query parameters? Your Softerra sample starts virtually at the top of the LDAP tree (o=company) and the search filter is essentially a wildcard (objectClass=*)
Have you tried starting with these basic parameters in the ASP query? as in something like:
oConn.Open "ADs Provider"
strQuery = "<LDAP://ldap.company.com/
Cheers.
ASKER
Hi,
I get the error at oConn.Execute(strQuery)
I had tried the exact Softerra string into the code as you noted, but still get the error which is:
Provider (0x80004005)
unspecified error
My bet is that Softerra is running under a domain user whereas IIS code is running as IUSR_.
Does this sound like I need to run IIS under a domain user ? The LDAP server is in anonymous connection model
tnx
I get the error at oConn.Execute(strQuery)
I had tried the exact Softerra string into the code as you noted, but still get the error which is:
Provider (0x80004005)
unspecified error
My bet is that Softerra is running under a domain user whereas IIS code is running as IUSR_.
Does this sound like I need to run IIS under a domain user ? The LDAP server is in anonymous connection model
tnx
Hello,
>> I had tried the exact Softerra string into the code as you noted, but still get the error which is:
my suggested connection and query strings are provided with no previous experience using that module - it is probably still not the correct syntax.
>> My bet is that Softerra is running under a domain user whereas IIS code is running as IUSR_.
>> Does this sound like I need to run IIS under a domain user ? The LDAP server is in anonymous connection model
i doubt that very much - when accessing services over a network like this, the credentials used to run the service are not relevent.
Cheers.
>> I had tried the exact Softerra string into the code as you noted, but still get the error which is:
my suggested connection and query strings are provided with no previous experience using that module - it is probably still not the correct syntax.
>> My bet is that Softerra is running under a domain user whereas IIS code is running as IUSR_.
>> Does this sound like I need to run IIS under a domain user ? The LDAP server is in anonymous connection model
i doubt that very much - when accessing services over a network like this, the credentials used to run the service are not relevent.
Cheers.
ASKER
Points still out there, as I have simply solved the first connectivity portion of my problem:
Turns out I needed MDAC 2.7 or higher on the win2K server. I'm getting data back now. I had MDAC 2.6 before.
So continuing with my initial question
So now that I'm getting data back, I would appreciate any help from those of you who have dealt with highly nested trees. My query is taking 20 seconds, and I'm hoping I'm just new enough to this that it's an obvious fix:
I'm using different code now than I posted above, just because this was the code I was using when I got the MDAC upgraded:
[and I've substituted "big" for my organization and some other states for actual values]
SQLStmt = "SELECT cn " & _
"FROM'LDAP://ldap.mit.edu:
"WHERE objectClass='*'
Set Conn = CreateObject("ADODB.Connec
Conn.Provider = "ADSDSOObject"
Conn.Open "ADs Provider"
Set rs = Conn.Execute(SQLStmt)
Response.Write rs.RecordCount
and the LDAP structure is:
o=mit
then about 10 ou's including:
ou=Ohio
then about 100 ou's including:
ou=Cleveland
then about 10 ou's including:
ou=STAFF
then about 300 cn's including:
cn=GBush
and within that container, tehre are five strings of
securityEquals, and one of them is of interest, which reads:
cn=Teachers,ou=STAFF,ou=Cl
and the fact that the entry has "Teachers" rather than something else is what I'm searching for.
I'll come into the search knowing the value for the cn (GBush) but I won't know that GBush is in Cleveland, let alone Ohio. I'm hoping that there is an obvious way to find GBush without what appears to be a grab of many megabytes of data by the IIS machine rather than the work being done by the LDAP server.
I have tried the intuitive thing, which is to add the next level to the search, but I get one of those pesky table errors. So :
/o=mit/ou=Ohio/ou=Clevelan
throws an error.
Any ideas how to get what I need and get it quicker ?
tnx !
Turns out I needed MDAC 2.7 or higher on the win2K server. I'm getting data back now. I had MDAC 2.6 before.
So continuing with my initial question
So now that I'm getting data back, I would appreciate any help from those of you who have dealt with highly nested trees. My query is taking 20 seconds, and I'm hoping I'm just new enough to this that it's an obvious fix:
I'm using different code now than I posted above, just because this was the code I was using when I got the MDAC upgraded:
[and I've substituted "big" for my organization and some other states for actual values]
SQLStmt = "SELECT cn " & _
"FROM'LDAP://ldap.mit.edu:
"WHERE objectClass='*'
Set Conn = CreateObject("ADODB.Connec
Conn.Provider = "ADSDSOObject"
Conn.Open "ADs Provider"
Set rs = Conn.Execute(SQLStmt)
Response.Write rs.RecordCount
and the LDAP structure is:
o=mit
then about 10 ou's including:
ou=Ohio
then about 100 ou's including:
ou=Cleveland
then about 10 ou's including:
ou=STAFF
then about 300 cn's including:
cn=GBush
and within that container, tehre are five strings of
securityEquals, and one of them is of interest, which reads:
cn=Teachers,ou=STAFF,ou=Cl
and the fact that the entry has "Teachers" rather than something else is what I'm searching for.
I'll come into the search knowing the value for the cn (GBush) but I won't know that GBush is in Cleveland, let alone Ohio. I'm hoping that there is an obvious way to find GBush without what appears to be a grab of many megabytes of data by the IIS machine rather than the work being done by the LDAP server.
I have tried the intuitive thing, which is to add the next level to the search, but I get one of those pesky table errors. So :
/o=mit/ou=Ohio/ou=Clevelan
throws an error.
Any ideas how to get what I need and get it quicker ?
tnx !
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Cheers.