Frequently Asked Questions For JustLDAP Search Functions

1. What attributes can I query for?

2. How do I extract multivalued attributes like "description" and "directReports" etc. ? 

3. In what order are the attributes returned in the recordset?

4. ASP and VBScript give errors when I try to print date/time attributes - why?

5. How do I call JustLDAP from my ASP.NET C# page?

6. How do I search for users in a specific OU (Organizational Unit)?

 

1. What attributes can I query for?

A Windows 2000/2003 Active Directory default installation provides a large number of "user" class attributes. JustLDAP is designed to query the entire "user" Object class space.

The most common organizational attributes are those that are directly modifiable by using the MMC Active Directory Users and Computers "snap-in".  The attributes that pertain to a user (employee) can be entered and modified using this "snap-in" or by the administrative functions of JustLDAP.

For a complete list of all user attributes that JustLDAP can display, simply run the following VB script on a computer in your Active Directory domain. A text file called attributesAll.txt should be created.

Available in this file if you would like to have a quick preview of a bare Windows 2003 Active Directory installation.

NOTE: Change the domain yourdomain.com to your actual DNS domain name.

 
' VBScript to print all user class attributes

Option Explicit

Dim oClass, PropName, fso, ts

Const ForWriting = 2

Set fso = CreateObject("Scripting.FileSystemObject")
Set ts = fso.OpenTextFile("attributesAll.txt", ForWriting, True)


Set oClass = GetObject("LDAP://yourdomain.com/schema/user")

For Each PropName In oClass.MandatoryProperties
  ts.Writeline PropName
Next


For Each PropName In oClass.OptionalProperties
  ts.Writeline PropName
Next

ts.close

Set oClass=Nothing
Set fso=Nothing
 

 

The attributes that are available with a new installation of Microsoft Windows 2003 Enterprise Server as a Domain Controller are listed in this file. Note this is a bare default installation and your actual schema may have many more custom attributes. NOTE: Extensive schema extensions also result from installing add on products such as Exchange Server.


2. How do I extract multivalued attributes like "description" and "directReports" etc. ? 

For these multivalued attributes, simply add a "For Each"  /  "Next"  ASP construct as shown in the ASP Web Page sample below.

The "description" is a multivalued attribute and requires the "For Each" / "Next" construct to iterate through each value. See the bold text below.

<html>
<head>
</head>
<body>

<%
Dim oLdap, oRS, Webuser, User, UserArray, ReturnedDetails
WebUser = Request.ServerVariables("LOGON_USER")
UserArray = split(WebUser, "\")
User = UserArray(Ubound(UserArray))
Set oLdap = Server.CreateObject("JustLDAP.Admin")
Set oRS = oLdap.Lookup("sAMAccountName", User, "description")
If Not isNull(oRS) then
  ReturnedDetails = oRS.GetRows
End If
Response.Write("<br>")


For Each element in ReturnedDetails(0, 0)
  Response.Write(element) & "<br>"
Next


Response.Write("<hr>")
Set oRS = Nothing
Set oLdap = Nothing
%>

</body>
</html>

 

3. In what order are the attributes returned in the recordset?

Attributes are returned in the same order that you pass them as parameter 3 in the JustLDAP methods.

4. ASP and VBScript give errors when I try to print date/time attributes - why?

Attributes that represent date and time values for a user, such as "lastLogon" are not directly printable by VB / ASP / ASP.NET.

This is not a problem with JustLDAP, rather, it is the way that these attributes are returned from any LDAP query.

They are in fact returned as a large integer representing the number of 100 Nanosecond intervals since 1st January 1601.

The following code will print a date time value. The returned date value must first be created as an object, then the ADSI functions Highpart / Lowpart can be used to extract a printable date and time.

For further information see:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adsi/adsi/iadslargeinteger.asp

Note, no allowance has been made for the time zone. Also, user time values are not replicated throughout the domain! This means that a value such as lastLogon needs to be derived by asking all Domain Controllers for the value and selecting the most recent!

<html>
<head>
</head>
<body>

<%
Dim oLdap, oRS, Webuser, User, UserArray, ReturnedDetails
WebUser = Request.ServerVariables("LOGON_USER")
UserArray = split(WebUser, "\")
User = UserArray(Ubound(UserArray))
Set oLdap = Server.CreateObject("JustLDAP.Admin")
Set oRS = oLdap.Lookup("sAMAccountName", User, "lastLogon")
If Not isNull(oRS) then
ReturnedDetails = oRS.GetRows
End If
Response.Write("<br>")


Set objDate = ReturnedDetails(0, 0)
longHigh = objDate.HighPart
longLow = objDate.LowPart
If longLow < 0 Then
  longHigh = longHigh + 1
End If
If (longHigh = 0) And (longLow = 0 ) Then
  ActualDate = #1/1/1601#
Else
  ActualDate = #1/1/1601# + (((longHigh * (2 ^ 32)) + longLow)/600000000)/1440
End If


Response.Write(ActualDate) & "<br>"

Response.Write("<hr>")
Set oRS = Nothing
Set oLdap = Nothing
%>

</body>
</html>

 

5. How do I call JustLDAP from my ASP.NET C# page?

JustLDAP is more easily called by using VB.NET with ASP.NET. The code is almost identical to an ASP page.

However C# can also be used. Extra steps are required.

First - make sure you have installed the MDAC 2.8 (or higher) package - a free download from Microsoft.

Second - make a 'reference' to justldap.dll in your Visual Studio (C# ASP.NET) project.

(NOTE: A reference to ADODB will automatically be added also.)

Simply call JustLDAP as you would in ASP. The following code shows how to declare the JustLDAP component, and the fact that it is returning an ADODB recordset.

This is shown in the Page_Load method for the ASP.NET Webform.

NOTE: 'justldap' is in lower case to match the DLL component reference.

 
// A simple example in C# code for an ASP.NET page is shown below.

// Create a class object and Recordset as shown.

// (Assuming ShowEmail is an ASP.NET Web page Label).


private void Page_Load(object sender, System.EventArgs e)
{

  justldap.AdminClass objLdap = new justldap.AdminClass();

  ADODB.Recordset Rs = new ADODB.Recordset();

  Rs = objLdap.Lookup("sAMAccountName", "bobuser", "sn, employeeID, mail");

  // This would return the user email address.
  // Here we are directly indexing to the Recordset field required (2).


  ShowEmail.Text = Rs.Fields[2].Value.ToString();


}
 

 

6. How do I target searching for users in a specific OU?

The often "forgotten child" of LDAP search results is the extremely handy attribute, the ADsPath for the user!

JustLDAP is designed to shield you from the complex and weird syntax that can be found in items such as a users Full Distinguished Name and their ADsPath.

However, the ADsPath has the formal LDAP path for any user object you search for and can be very useful. For example, if you search for a loginID "janeuser" and, because the loginID (sAMAccountName) is unique in the entire domain, you can retrieve her exact ADsPath.

A JustLDAP lookup query like this:

Set oRS = oLdap.Lookup("sAMAccountName", "janeuser", "ADsPath")

Will return this string:

LDAP://CN=Jane User,OU=Canada,OU=Sales,DC=easterndigital,DC=biz

So, a simple script to filter out (or in) the Canada OU could look like this.

 
' A simple example in VBScript to print out every users ADsPath for the
' Canada OU
.

' A scan of the entire domain is performed.
 
Option Explicit
 
Dim oLdap, UserID, oRS, item
 
Set oLdap = CreateObject("JustLDAP.Admin")

Set oRS = oLdap.Lookup("sAMAccountName", "*", "ADsPath")
 

If Not IsNull(oRS) Then
  While Not oRS.EOF
    For Each Item In oRS.Fields
      If Not IsNull(Item.Value) Then
       
          If InStr(Item.Value, "OU=Canada") > 0 Then
            Wscript.Echo(Item.Value)
          End If
      End If
    Next
  oRS.MoveNext
  Wend
End If
Set oRS = Nothing
Set oLdap = Nothing

 

As you can see, the script could easily be enhanced to filter all OU's in your corporation and select only the ones you want.

This needn't be done very often if you have a stable Active Directory. 

 

 



 

Google
 
Web easterndigitalsoftware.com

Copyright 2006 Eastern Digital Pty. Ltd. Australia.  ABN 87 004 274 051
Home | Contact us | Products | Downloads | Support | Privacy Policy