Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How to get more values from LDAP with Classic ASP

Posted on 2013-02-06
3
Medium Priority
?
1,284 Views
Last Modified: 2013-02-06
I have the function below that works, but I need it to give me back the values for sn, givenname, and mail from the LDAP but I cannot figure out how to make it work. Any help is appreciated.

With the following code:

function AuthenticateUser(UserName, Password, Domain)
dim strUser

AuthenticateUser = false

strUser = UserName
strPassword = Password

strQuery = "SELECT cn,sn,givenname,mail FROM 'LDAP://" & strDomain & "' WHERE objectClass='*'"
set oConn = server.CreateObject("ADODB.Connection")
oConn.Provider = "ADsDSOOBJECT"
oConn.Properties("User ID") = strUser
oConn.Properties("Password") = strPassword
oConn.Properties("Encrypt Password") = true

oConn.open "DS Query", strUser, strPassword

set cmd = server.CreateObject("ADODB.Command")
set cmd.ActiveConnection = oConn
cmd.CommandText = strQuery

set oRS = cmd.Execute

if oRS.bof or oRS.eof then
  AuthenticateUser = false
else
  AuthenticateUser = true
end if

oConn.close
set oRS = nothing
set oConn = nothing

end function
0
Comment
Question by:Donnie Walker
  • 2
3 Comments
 
LVL 17

Accepted Solution

by:
Tony Massa earned 1500 total points
ID: 38861753
Are you trying to authenticate as some other account, or are you searching for information (attributes) for just the one "strUser" person?

http://blogs.technet.com/b/heyscriptingguy/archive/2005/12/09/how-can-i-use-alternate-credentials-when-searching-active-directory.aspx
0
 

Author Comment

by:Donnie Walker
ID: 38861775
I have the user logging in with HTTP Basic Authentication and I then pass that to the function above.

So, they are logging in.

I just want to get their first, last name and email so I can use it else where.

I got the function some place and now I'm trying to figure out how to grab that data.
0
 
LVL 17

Expert Comment

by:Tony Massa
ID: 38861954
Maybe this link will give you some ideas
http://answers.google.com/answers/threadview?id=365115

You can grant them access to the site based on their Windows log-in
simply by unenabling Anonymous access and enabling Integrated Windows
authentication in the IIS console -> Anonymous access and
authentication control -> Edit... dialogue.

Once authenticated with Integrated Windows, you can get their username
through Request.ServerVariables("LOGON_USER").

Then use ADSI (Active Directory Services Interface). Pretty easy in
classic ASP and VBScript. Then you can get a user object through ADSI
based on the logged in username and the domain name
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question