I have the following:
Set objDomain = GetObject ("GC://RootDSE")
objADsPath = objDomain.Get("defaultNamingContext")
'response.write(objADsPath)
Set objDomain = Nothing
Set objConn = Server.CreateObject("ADODB.Connection")
objConn.provider ="ADsDSOObject"
objConn.Properties("User ID") = "USER" 'domain account with read access to LDAP
objConn.Properties("Password") = "PASS" 'domain account password
objConn.Properties("Encrypt Password") = True
objConn.open "Active Directory Provider"
Set objCom = CreateObject("ADODB.Command")
Set objCom.ActiveConnection = objConn
objCom.CommandText ="select sAMAccountName as id, mail, sAMAccountName as label, sAMAccountName as value FROM 'GC://"+objADsPath+"' where sAMAccountname = '*"&Request.QueryString("term")&"*' ORDER by sAMAccountname"
I presumed I could alias the column names like I would do in SQL but it fails. Is it possible to do?
Related
I have problem with authentication LDAP in aps classic application. I found the script for do it but it is not working. Could anyone tell me what I need to have its done? I attach below the authentification which always returns false. I apreciate for the examples for the variables from this function, becose I dont know where I did wrong.
Thank you for your attention.
function AuthenticateUser(Username,Password,Domain)
dim strUser,strPass,strQuery,oConn,cmd,oRS
AuthenticateUser = false
strQuery = "SELECT cn FROM 'LDAP://" & Domain & "' WHERE
objectClass='*'"
set oConn = server.CreateObject("ADODB.Connection")
oConn.Provider = "ADsDSOOBJECT"
oConn.properties("User ID") = Username
oConn.properties("Password")=Password
oConn.properties("Encrypt Password") = true
oConn.open "DS Query", Username,Password
set cmd = server.CreateObject("ADODB.Command")
set cmd.ActiveConnection = oConn
cmd.CommandText = strQuery
on error resume next
set oRS = cmd.Execute
if oRS.bof or oRS.eof then
AuthenticateUser = false
else
AuthenticateUser = true
end if
set oRS = nothing
set oConn = nothing
end function
Have a asp.net(vb.net) login page that I need set up to grant access to users base on EmployeeTypeID. The following code needs to be converted into vb.net from Access vb6 or written in vb.net
If rs!EmployeeTypeID = 2 Then
rs.Close
Me.LoginLabel.Visible = False
DoCmd.OpenForm "DetectIdleTIme", , , , , acHidden
DoCmd.OpenForm "frmProcessTimer", , , , , acHidden
DoCmd.OpenForm "frmCRMControlCenter"
DoCmd.Close acForm, Me.Name
Exit Sub
End If
If rs!EmployeeTypeID = 3 Then
Dim prop As Property
On Error GoTo SetProperty
If MsgBox("Would you like to turn on the ByPass Key?", vbYesNo, "Allow Bypass?") = vbYes Then
CurrentDb.Properties("AllowBypassKey") = True
Else
CurrentDb.Properties("AllowBypassKey") = False
End If
rs.Close
Me.LoginLabel.Visible = False
DoCmd.OpenForm "DetectIdleTIme", , , , , acHidden
DoCmd.OpenForm "frmProcessTimer", , , , , acHidden
DoCmd.OpenForm "frmCRMControlCenter"
DoCmd.Close acForm, Me.Name
Exit Sub
This should help :)
Protected Sub UserLogin()
Dim Username As String = Me.txtUserName.Text
Dim Password As String = Me.txtPassword.Text
Dim Connstr As String = "SERVER:BLAHBALHUID" ' Your connection string <<<<
Dim con As SqlConnection = New SqlConnection(Connstr)
'Query string - using paramters (#User and #Pwd to set the username and password criteria)
Dim qry As String = "SELECT Username, Password, EmployeeTypeID FROM Employees WHERE Username =#User AND Password=#Pwd"
Dim cmd As SqlCommand = New SqlCommand(qry, con)
'Using cmd.paramters means that you wont get any SQL injections
'- definately google SQL injections and check out some of the Youtubes!! :)
cmd.Parameters.Add("#User", SqlDbType.VarChar).Value = Username
cmd.Parameters.Add("#Pwd", SqlDbType.VarChar).Value = Password
con.Open()
Dim rdr As SqlDataReader = cmd.ExecuteReader
Dim Found_A_Record As Boolean = False
Dim EmployeeType As String = Nothing
While rdr.Read
'if there is a row - then we have found the username and password that matches
'Therefore - this must be a user with the username and matching password
Found_A_Record = True
EmployeeType = rdr("EmployeeTypeID")
End While
cmd.Dispose()
con.Close()
If Not Found_A_Record Then
'No records found - exit? or do whatever would be for not correct details
End If
Select Case EmployeeType
Case "1"
Response.Redirect("~/CustomerRelationshipManagement.aspx")
Case "2"
Response.Redirect("~/CRMControlCenter.aspx")
Case "3"
Response.Redirect("~/CRMControlCenter.aspx")
Case Else
Response.Write("<script>alert('Incorrect Username or Password.', 'Login Failed')</script>")
End Select
End Sub
I have a system, written in Classic ASP, which reads data from a form and updates AD. I am, however, getting the following error when I try and update my own information:
Active Directory error '80070005'
General access denied error
/activedirectory/index.asp, line 99
Line 99 is
objUser.SetInfo
and the entire code block is as follows:
<%
uname = request.querystring("account_name")
ADUser = "LDAP://OU=Staff,OU=Users,DC=example,DC=internal"
Set objCon = Server.CreateObject("ADODB.Connection")
objCon.provider ="ADsDSOObject"
objCon.Properties("User ID") = "NETWORK\example"
objCon.Properties("Password") = "PaSsWoRd"
objCon.Properties("Encrypt Password") = TRUE
objCon.open "Active Directory Provider"
Set objCom = CreateObject("ADODB.Command")
Set objCom.ActiveConnection = objCon
objCom.CommandText ="select distinguishedName FROM '"+ ADUser +"' where sAMAccountname='"& uname &"'"
Set objRS = objCom.Execute
distinguishedName = objRS.Fields("distinguishedName")
'Const ADS_PROPERTY_UPDATE = 2
Set objUser = GetObject _
("LDAP://" & distinguishedName)
objUser.Put "givenName", firstname
objUser.Put "mail", email
objUser.Put "sn", lastname
objUser.Put "mobile", mobile
objUser.Put "description", description
objUser.Put "telephoneNumber", telephonenumber
objUser.Put "department", department
objUser.Put "title", title
objUser.Put "company", company
objUser.SetInfo
Response.Write("User data for "& uname &" has been modified. Click <a href='/'>here</a> to go home")
%>
I have gone through the troubleshooting steps that I can think of, ensuring the password I am using is correct, making sure the account has delegated write permissions, etc. Some pointers would be much appreciated
I am developing a script to allow users to write to Active Directory. The problem is that, when I leave a field blank, it results in an error. When, however, I put a value in, even a space, it seems happy. I have the following code:
<%#LANGUAGE="VBScript">
%>
<%
if isEmpty(request.form("subval")) then
response.write("You did not submit the form, please <a href='ldap.asp'>go back</a>")
else
'If the subval field is empty, we know the form has been submitted OK
dim firstname, lastname, email, telephonenumber, mobile, description
ADUser = "LDAP://OU=Staff,OU=Users,DC=example,DC=internal"
' Make AD connection and run query
subval = request.querystring("account_name")
'This value held the CN earlier, it is now overwriten here
Set objCon = Server.CreateObject("ADODB.Connection")
objCon.provider ="ADsDSOObject"
objCon.Properties("User ID") = "EXAMPLE\Exampe"
objCon.Properties("Password") = "TestPassword"
objCon.Properties("Encrypt Password") = TRUE
objCon.open "Active Directory Provider"
Set objCom = CreateObject("ADODB.Command")
Set objCom.ActiveConnection = objCon
objCom.CommandText ="select sAMAccountName, distinguishedName FROM '"+ ADUser +"' where sAMAccountname='"& subval &"'"
Set objRS = objCom.Execute
distinguishedName = objRS.Fields("distinguishedName")
objRS.Close
objCon.Close
Set objRS = Nothing
Set objCom = Nothing
'We select the distinguishedName from AD
firstname = request.form("firstname")
lastname = request.form("lastname")
email = request.form("email")
telephonenumber = request.form("telephonenumber")
mobile = request.form("mobile")
description = request.form("description")
Const ADS_PROPERTY_UPDATE = 2
Set objUser = GetObject _ ("LDAP://" & distinguishedName)
if (IsNull(firstname)) Then
firstname = " "
end if
if (IsNull(lastname)) Then
lastname = " "
end if
if (IsNull(email)) Then
email = " "
end if
if (IsNull(telephonenumber)) Then
telephonenumber = " "
end if
if (IsNull(mobile)) Then
mobile = " "
end if
if (IsNull(description)) Then
description = " "
end if
objUser.Put "givenName", firstname
objUser.Put "mail", email
objUser.Put "sn", lastname
objUser.Put "mobile", mobile
objUser.Put "description", description
objUser.Put "telephoneNumber", telephonenumber
objUser.SetInfo
Response.Write("User data for "& subval &" has been modified")
end if
%>
The error I get whenever I leave a field blank is why I am trying to inject spaces into the variables since that seems to work in my form.
The error I get is on the SetInfo line
error '8007200b'
/updateldap.asp, line 68
I'm not sure what I can try since I've done all the stuff I can think of
8007200b = LDAP_INVALID_SYNTAX (The attribute syntax specified to the directory service is invalid)
I would say that you have worked out what the issue is. LDAP attributes cannot be NULL. You probably don't even need to have spaces, an empty string might work as well.
e.g.
if (IsNull(firstname)) Then
firstname = ""
end if
I have a button which when pressed, sets the user's rights in the db. (If Administrator UserTypeID is set to '2' and if Customer it is set to '1'). However when I run the below code, everything remains the same. I think it's from the SQL statement but I;m not sure. Can anyone help please?
Protected Sub btnSetUser_Click(sender As Object, e As System.EventArgs) _
Handles btnSetUser.Click
Dim conn As New OleDbConnection( _
"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\...\WebSite3\db.mdb;")
Dim cmd As OleDbCommand = _
New OleDbCommand("UPDATE [User] SET [UserTypeID] WHERE Username=?", conn)
conn.Open()
cmd.Parameters.AddWithValue("#Username", txtUser.Text)
If ddUserType.SelectedItem.Text = "Administrator" Then
cmd.Parameters.AddWithValue("#UserTypeID", "2")
cmd.ExecuteNonQuery()
lblSetUser.Text = txtUser.Text + "was set to Administrator."
ElseIf ddUserType.SelectedItem.Text = "Customer" Then
cmd.Parameters.AddWithValue("#UserTypeID", "1")
cmd.ExecuteNonQuery()
lblSetUser.Text = txtUser.Text + "was set to Customer."
End If
conn.Close()
End Sub
End Class
If you add a parameter #Username your command should have such a parameter
SELECT [UserTypeID] FROM [User] WHERE Username = #Username
Also, you add an additional parameter later, which does not occur at all in your query! You call cmd.ExecuteNonQuery(), which works only for INSERT, UPDATE and DELETE queries.
Your query should probably look like this
UPDATE [User]
SET UserTypeID = #UserTypeID
WHERE Username = #Username
Dim cmd As OleDbCommand = New OleDbCommand( _
"UPDATE [User] SET UserTypeID = #UserTypeID WHERE Username = #Username", conn)
Dim userType As String = ddUserType.SelectedItem.Text
Dim userTypeId As Integer = If(userType = "Administrator", 2, 1)
cmd.Parameters.AddWithValue("#UserTypeID", userTypeId)
cmd.Parameters.AddWithValue("#Username", txtUser.Text)
conn.Open()
cmd.ExecuteNonQuery()
lblSetUser.Text = txtUser.Text + "was set to " & userType
UPDATE (some clarifications)
In "UDATE [User] SET UserTypeID = #UserTypeID WHERE Username = #Username"
[User] is the name of the table
UserTypeID is the name of the user type id column
#UserTypeID is the name of the user type id parameter (the new value)
Username is the name of the user name column
#Username is the name of the user name parameter
You might have to change these names in order to match your actual situation.
You are only performing a Select Query - which will not modify any data at all.
You will want to use an Update Query, supplying parameters for both the username and the user rights number.
You're doing a SELECT instead of an UPDATE...
New OleDbCommand("SELECT [UserTypeID] FROM [User] WHERE Username=?", conn)
should be
New OleDbCommand("UPDATE [User] SET [UserTypeID] = #UserTypeID WHERE Username = #Username", conn)