Classic ASP: General access denied error - asp-classic

I have a system, written in Classic ASP, which reads data from a form and updates AD. I am, however, getting the following error when I try and update my own information:
Active Directory error '80070005'
General access denied error
/activedirectory/index.asp, line 99
Line 99 is
objUser.SetInfo
and the entire code block is as follows:
<%
uname = request.querystring("account_name")
ADUser = "LDAP://OU=Staff,OU=Users,DC=example,DC=internal"
Set objCon = Server.CreateObject("ADODB.Connection")
objCon.provider ="ADsDSOObject"
objCon.Properties("User ID") = "NETWORK\example"
objCon.Properties("Password") = "PaSsWoRd"
objCon.Properties("Encrypt Password") = TRUE
objCon.open "Active Directory Provider"
Set objCom = CreateObject("ADODB.Command")
Set objCom.ActiveConnection = objCon
objCom.CommandText ="select distinguishedName FROM '"+ ADUser +"' where sAMAccountname='"& uname &"'"
Set objRS = objCom.Execute
distinguishedName = objRS.Fields("distinguishedName")
'Const ADS_PROPERTY_UPDATE = 2
Set objUser = GetObject _
("LDAP://" & distinguishedName)
objUser.Put "givenName", firstname
objUser.Put "mail", email
objUser.Put "sn", lastname
objUser.Put "mobile", mobile
objUser.Put "description", description
objUser.Put "telephoneNumber", telephonenumber
objUser.Put "department", department
objUser.Put "title", title
objUser.Put "company", company
objUser.SetInfo
Response.Write("User data for "& uname &" has been modified. Click <a href='/'>here</a> to go home")
%>
I have gone through the troubleshooting steps that I can think of, ensuring the password I am using is correct, making sure the account has delegated write permissions, etc. Some pointers would be much appreciated

Related

Classic ASP: LDAP Query and aliases

I have the following:
Set objDomain = GetObject ("GC://RootDSE")
objADsPath = objDomain.Get("defaultNamingContext")
'response.write(objADsPath)
Set objDomain = Nothing
Set objConn = Server.CreateObject("ADODB.Connection")
objConn.provider ="ADsDSOObject"
objConn.Properties("User ID") = "USER" 'domain account with read access to LDAP
objConn.Properties("Password") = "PASS" 'domain account password
objConn.Properties("Encrypt Password") = True
objConn.open "Active Directory Provider"
Set objCom = CreateObject("ADODB.Command")
Set objCom.ActiveConnection = objConn
objCom.CommandText ="select sAMAccountName as id, mail, sAMAccountName as label, sAMAccountName as value FROM 'GC://"+objADsPath+"' where sAMAccountname = '*"&Request.QueryString("term")&"*' ORDER by sAMAccountname"
I presumed I could alias the column names like I would do in SQL but it fails. Is it possible to do?

Classic ASP organisational structure from AD

I have the following code to pull the organizational structure from Active Directory:
<%# Language="VBScript"%>
<% response.Buffer = True
'Define the AD OU that contains our users
dim department
%>
<!--#include file="includes/functions.asp"-->
<!--#include file="includes/display.asp"-->
<h1>Organisational Structure</h1>
<div class="commandspace">
<p class="infotext">The org structure can be viewed with or without staff, indented or left justified.</p>
</div>
<div class="Structure_Item_1">
<%
ADUser = "LDAP://OU=Staff,OU=Users,DC=DOMAIN,DC=internal"
' Make AD connection and run query
Set objCon = Server.CreateObject("ADODB.Connection")
objCon.provider ="ADsDSOObject"
objCon.Properties("User ID") = "DOMAIN\example_user"
objCon.Properties("Password") = "password"
objCon.Properties("Encrypt Password") = TRUE
objCon.open "Active Directory Provider"
Set objCom = CreateObject("ADODB.Command")
Set objCom.ActiveConnection = objCon
objCom.CommandText ="select company FROM '"& ADUser &"' where company ='*' ORDER by company ASC"
Set objRS = objCom.Execute
' Loop over returned recordset and output HTML
Do While Not objRS.EOF Or objRS.BOF
Response.Write "<div id='Structure_Item_Field'>" & objRS("company") & "</div>"
Set objCom = CreateObject("ADODB.Command")
Set objCom.ActiveConnection = objCon
objCom.CommandText ="select department FROM '"& ADUser &"' where company ='*" & objRS("company") & "*' ORDER BY company ASC"
Set department = objCom.Execute
' Loop over returned recordset and output HTML
Do While Not department.EOF Or department.BOF
Response.Write " " & department("department") & "<br>"
'&nbsp is the HTML entity of a space character. I put &nbsp four times so that the department is indented four spaces
Set objCom = CreateObject("ADODB.Command")
Set objCom.ActiveConnection = objCon
objCom.CommandText ="select givenName, sn FROM '"& ADUser &"' where department ='*" & department("department") & "*' ORDER by givenName ASC"
Set names = objCom.Execute
Do While Not names.EOF Or names.BOF
Response.Write " " & names("givenName") & " " & names("sn") & "<br>"
names.MoveNext
Response.Flush
Loop
department.MoveNext
Response.Flush
Loop
objRS.MoveNext
Response.Flush
Loop
' Clean up
objRS.Close
objCon.Close
Set objRS = Nothing
Set objCon = Nothing
Set objCom = Nothing
%>
Excuse my ignorance but it seems very slow and I'm not sure why. I'm not sure what I need to do to improve performance.

Error when leaving input blank in ASP

I am developing a script to allow users to write to Active Directory. The problem is that, when I leave a field blank, it results in an error. When, however, I put a value in, even a space, it seems happy. I have the following code:
<%#LANGUAGE="VBScript">
%>
<%
if isEmpty(request.form("subval")) then
response.write("You did not submit the form, please <a href='ldap.asp'>go back</a>")
else
'If the subval field is empty, we know the form has been submitted OK
dim firstname, lastname, email, telephonenumber, mobile, description
ADUser = "LDAP://OU=Staff,OU=Users,DC=example,DC=internal"
' Make AD connection and run query
subval = request.querystring("account_name")
'This value held the CN earlier, it is now overwriten here
Set objCon = Server.CreateObject("ADODB.Connection")
objCon.provider ="ADsDSOObject"
objCon.Properties("User ID") = "EXAMPLE\Exampe"
objCon.Properties("Password") = "TestPassword"
objCon.Properties("Encrypt Password") = TRUE
objCon.open "Active Directory Provider"
Set objCom = CreateObject("ADODB.Command")
Set objCom.ActiveConnection = objCon
objCom.CommandText ="select sAMAccountName, distinguishedName FROM '"+ ADUser +"' where sAMAccountname='"& subval &"'"
Set objRS = objCom.Execute
distinguishedName = objRS.Fields("distinguishedName")
objRS.Close
objCon.Close
Set objRS = Nothing
Set objCom = Nothing
'We select the distinguishedName from AD
firstname = request.form("firstname")
lastname = request.form("lastname")
email = request.form("email")
telephonenumber = request.form("telephonenumber")
mobile = request.form("mobile")
description = request.form("description")
Const ADS_PROPERTY_UPDATE = 2
Set objUser = GetObject _ ("LDAP://" & distinguishedName)
if (IsNull(firstname)) Then
firstname = " "
end if
if (IsNull(lastname)) Then
lastname = " "
end if
if (IsNull(email)) Then
email = " "
end if
if (IsNull(telephonenumber)) Then
telephonenumber = " "
end if
if (IsNull(mobile)) Then
mobile = " "
end if
if (IsNull(description)) Then
description = " "
end if
objUser.Put "givenName", firstname
objUser.Put "mail", email
objUser.Put "sn", lastname
objUser.Put "mobile", mobile
objUser.Put "description", description
objUser.Put "telephoneNumber", telephonenumber
objUser.SetInfo
Response.Write("User data for "& subval &" has been modified")
end if
%>
The error I get whenever I leave a field blank is why I am trying to inject spaces into the variables since that seems to work in my form.
The error I get is on the SetInfo line
error '8007200b'
/updateldap.asp, line 68
I'm not sure what I can try since I've done all the stuff I can think of
8007200b = LDAP_INVALID_SYNTAX (The attribute syntax specified to the directory service is invalid)
I would say that you have worked out what the issue is. LDAP attributes cannot be NULL. You probably don't even need to have spaces, an empty string might work as well.
e.g.
if (IsNull(firstname)) Then
firstname = ""
end if

Send Password if user forgets

I'm working on a project with asp and i have a section of where a user forgets his or her password she enters her email and if it's valid it sends the password. Now the problem is, its able to check if the email is in the database alright and sends the mail, but can't send the password along.
<%
'Check if the form has been processed
If Request.Form("process")="true" Then
'Check the recordset for a valid record
If Not rs_user.Eof Then
'Valid record, so proceed with the email
Call sSendReminder (rs_user("email"), rs_user("password"))
Response.Write "Your password has been sent to your inbox. If you don't find it in your mail box, check your junk mail folder"
dim sName, sEmail, sMessage
dim oCdoMail, oCdoConf, sConfURL
sEmail = Request.Form("email")
Set oCdoMail = Server.CreateObject("CDO.Message")
Set oCdoConf = Server.CreateObject("CDO.Configuration")
sConfURL = "http://schemas.microsoft.com/cdo/configuration/"
with oCdoConf
.Fields.Item(sConfURL & "sendusing") = 2
.Fields.Item(sConfURL & "smtpserver") = "smptserveraddress.com"
.Fields.Item(sConfURL & "smtpserverport") = 25
.Fields.Update
end with
with oCdoMail
.From = "noreply#sample.com"
.To = sEmail
.Subject = "Password Recovery from samplesite"
.TextBody = "Your password is: " & password
.HTMLBody = "Your password is: " & password
.Configuration = oCdoConf
.Send
end with
Set oCdoConf = Nothing
Set oCdoMail = Nothing
Else
'Not a valid record
Response.Write "Sorry, no email was found."
End If
End If
Sub sSendReminder(email, password)
End Sub
%>
Is the above code the exact code you are running?
If so, you need to move the
Sub sSendReminder(email, password)
above
dim sName, sEmail, sMessage
You also need to move those "end if" statements outside the sub.
Your code runs (I think) because it is technically correct, but it doesn't run like you think it should because your sub is actually blank.
Correct code would look like this:
<%
'Check if the form has been processed
If Request.Form("process")="true" Then
'Check the recordset for a valid record
If Not rs_user.Eof Then
'Valid record, so proceed with the email
Call sSendReminder (rs_user("email"), rs_user("password"))
Response.Write "Your password has been sent to your inbox. If you don't find it in your mail box, check your junk mail folder"
Else
'Not a valid record
Response.Write "Sorry, no email was found."
End If
End If
Sub sSendReminder(email, password)
dim sName, sEmail, sMessage
dim oCdoMail, oCdoConf, sConfURL
sEmail = Request.Form("email")
Set oCdoMail = Server.CreateObject("CDO.Message")
Set oCdoConf = Server.CreateObject("CDO.Configuration")
sConfURL = "http://schemas.microsoft.com/cdo/configuration/"
with oCdoConf
.Fields.Item(sConfURL & "sendusing") = 2
.Fields.Item(sConfURL & "smtpserver") = "smptserveraddress.com"
.Fields.Item(sConfURL & "smtpserverport") = 25
.Fields.Update
end with
with oCdoMail
.From = "noreply#sample.com"
.To = sEmail
.Subject = "Password Recovery from samplesite"
.TextBody = "Your password is: " & password
.HTMLBody = "Your password is: " & password
.Configuration = oCdoConf
.Send
end with
Set oCdoConf = Nothing
Set oCdoMail = Nothing
End Sub %>

Automatically Logging In User After Custom Membership Creation (not using Wizard)

I'm using the following code to create a user account on my vb.net website. The code is in a button click. It works fine as far creating the membership but when the user is redirected to the next page they are not logged in. Apparently "newUser.IsApproved = True" is not working. Any thoughts on what I'm doing wrong. I want the user to be automatically logged in after the membership is created.
Dim createStatus As MembershipCreateStatus
Try
Dim newUser As System.Web.Security.MembershipUser = Membership.CreateUser(txtinput_Email.Value, txtinput_Password.Value, txtinput_Email.Value)
newUser.IsApproved = True
Catch ex As Exception
LabelCreateAccountResults.Text = ex.Message
' MessageBox.Show("There's an error: " & vbCrLf & ex.ToString)
Response.Write("<script language='javascript'>alert('" & ex.Message & "')</script>")
Exit Sub
End Try
Select Case createStatus
Case MembershipCreateStatus.Success
LabelCreateAccountResults.Text = "The user account was successfully created!"
Response.Redirect("yo-delivery.aspx")
Case MembershipCreateStatus.DuplicateUserName
LabelCreateAccountResults.Text = "That username already exists."
Case MembershipCreateStatus.DuplicateEmail
LabelCreateAccountResults.Text = "A user with that Email address already exists."
Case MembershipCreateStatus.InvalidEmail
LabelCreateAccountResults.Text = "PLease enter a VALID email address."
Case MembershipCreateStatus.InvalidPassword
LabelCreateAccountResults.Text = "The password entered is invalid. Please enter a passoword with at least 4 characters."
Case Else
LabelCreateAccountResults.Text = "Unknown Error: Account NOT created."
End Select
OK perhaps look into something along these lines
Dim username__1 As String = Username.Text
Dim password__2 As String = Password.Text
If Membership.ValidateUser(username__1, password__2) Then
Dim ticket As New FormsAuthenticationTicket(1, username__1, DateTime.Now, DateTime.Now.AddMinutes(20), False, String.Empty, _
FormsAuthentication.FormsCookiePath)
Response.Cookies.Add(New HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket)) With { _
Key .Expires = ticket.Expiration, _
Key .Path = FormsAuthentication.FormsCookiePath _
})
If Not String.IsNullOrEmpty(Request.QueryString("returnurl")) Then
Response.Redirect(Request.QueryString("returnurl"))
End If
Response.Redirect("~/Home")
End If

Resources