Link to home
Create AccountLog in
Avatar of tgiadmin
tgiadmin

asked on

LDAP Not all users returning Memberof information

Hello,

I have an issue thats been rattling my brain for the last few days and I've yet to find a definitive answer or solution.   I'm using Windows SBS Server 2003.

I'm querying the Active Directory for memberof information for various users and eventually setting a variable based off the resulting information. The problem I'm running into is that for some users, memberof is coming back null. This is not happening for all users though...and this includes members that contain the exact same memberof information. The groups that the users belong to are not nested and I cannot seem to find any difference between the accounts in the active directory, yet the code seems to work just fine...so i think it may be a permissions issue with some accounts?  I'm really not sure!
<%
username = request.form("username")
password = request.form("password")
 
Mode = 0
 
Set condb = Server.CreateObject("ADODB.connection")
	condb.Provider = "ADsDSOObject"
	condb.Open "Active Directory Provider"
	
Set rslog = Server.CreateObject("ADODB.Recordset")
	rsselect = "SELECT sAMAccountName, Memberof, displayname FROM 'LDAP://OU=SBSUsers,OU=Users,OU=MyBusiness,DC=learn,DC=local' WHERE sAMAccountName = '" & username & "'"
	rslog.Open rsselect, condb
	
	If not rslog.eof then
	
		ADMember = rslog("memberOf")
		DisplayName = rslog("DisplayName")
		
		If Not IsNull(ADMember) Then
		    ADString = CStr(ADMember(LBound(ADMember)))
		    For ADVariable = LBound(ADMember)+1 To UBound(ADMember)
		    	ADString = ADString & "," & CStr(ADMember(ADVariable))
		    Next
		End if
			
		If InStr(ADString, "learn event editors") <> 0 Then
			Mode = 1
		End If
			
		If InStr(ADString, "learn web editors") <> 0 Then
			Mode = 2
		End If
		
		If InStr(ADString, "tgi faculty") <> 0 Then
			Mode = 3
		End If
		
 
	Else
		
*redirect to undetermined error page
		
	End if
 
result = AuthenticateUser(username, password)
 
If (result <> 1) then
 
	*redirect to undetermined error page
 
End If
 
 
function AuthenticateUser(username, password)
 
	AuthenticateUser = 0
	
	rsselect2 = "SELECT cn FROM 'LDAP://OU=SBSUsers,OU=Users,OU=MyBusiness,DC=learn,DC=local'"
	
	set condb2 = Server.CreateObject("ADODB.Connection")
	
	condb2.Provider = "ADsDSOOBJECT"
	condb2.Properties("User ID") = username
	condb2.Properties("Password") = password
	condb2.Properties("Encrypt Password") = true
	condb2.open "DS Query", username, password
	
	set cmd = server.CreateObject("ADODB.Command")
	set cmd.ActiveConnection = condb2
		
	cmd.CommandText = rsselect2
		
	on error resume next
	
	set rslog2 = cmd.Execute
	
	if (rslog2.bof or rslog2.eof) then
		AuthenticateUser = 0
	else
		AuthenticateUser = 1
	end if
	
	set rslog2 = nothing
	set condb2 = nothing
 
end function
 
 
validkey = now()
	
Response.Cookies("user").Expires = Date + 1
Response.Cookies("user").Domain = "dev.learn.edu"
Response.Cookies("user")("Mode") = mode
Response.Cookies("user")("DisplayName") = DisplayName
 
*redirect to undetermined login success page
 
%>

Open in new window

Avatar of NovoNordisk
NovoNordisk

do any of the usernames have apostrophes in them?? all in same domain??
Avatar of tgiadmin

ASKER

Hey Novo,

No, none of the usernames have apostrophes.  They are all within the same domain.  Another odd thing is that I can pull back other information from the user such as DisplayName...etc.  So it is finding the sAMAccountName without any trouble, yet for these certain members it will not pull back the memberof information...and for others it will.  I've been doing alot of comparisons and I can't seem to locate any difference between working and non-working accounts.

-Brian
ASKER CERTIFIED SOLUTION
Avatar of NovoNordisk
NovoNordisk

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Hey Novo,

Haven't tried running it as an admin account yet just because of the fact that for some users it actually is working.  But you did mention having funny issues with it...so I'll have to give it a shot when I'm in the office Monday and I'll get back to you.  I do have code to impersonate a user that I wrote some vb stuff for, I'll have to try that.  Also, I did enter bogus user information and it comes back as bad user or password (where you see *redirect to undetermined error page I had just some temporary response.writes)  so I know that it is checking user/pass properly.  Thanks for the tips, I'll try the admin thing Monday.

-Brian
Hey Novo,

Just wanted to let you know it is now working.   The admin idea worked, thank you!
For anyone else that is having the same problem...the following code is an impersonate user script that calls a registered vb activex dll that I made located in "c:\windir\system32"  You can find information on making this dll if you goto google and search for:  LoginAdmin.ImpersonateUser

I wrapped all my existing LDAP code with this:

Set objLogon = Server.CreateObject("LoginAdmin.ImpersonateUser")
objLogon.Logon "admin username goes here", "admin password goes here", "domainname"

"Existing Code"

objLogon.Logoff
Set objLogon = Nothing
Thanks!
Exactly the code I use and its brilliant!!!
Actually I put the username and password within the DLL so that you dont have to specify it in the asp file.
Ahhh, thats a very good idea, I'll have to give that a shot.

Thanks Novo for your assistance!
-Brian