Greetings - 1st post 4 me :)
I too have a need to read from LDAP to authenticate users for an internal web system.
This is what I cobbled together; but I have been unable to turn the corner of success.
Maybe together we can figure this out...
http://rulink.rutgers.edu/ldap-vb.html --------------------------------------------------
Dim con
Dim command
Dim rs
Dim dso
Dim cont
Dim path
Dim user
' The following path is the right search base for normal people, i.e. people
' with data in the PDB.
'ADsPath = "LDAP://ldap.rutgers.edu/ou=People,dc=rutgers,dc=edu"
' The following magic creates and opens a connection to the LDAP server.
' The userid and password should be replaced with the service DN and
' password that you are issued for your service. You might check it
' using your NetID as xxxx and your password as yyyy. That won't let you
' see all the data, but it will let you start making sure this works.
' The flag of 34 means to use SSL (which we require for any connection
' that sends passwords) and "fast bind". Note that in LDAP when you
' login, it wants a full dn, not just a username.
' Set con = CreateObject("ADODB.Connection")
' con.Provider = "ADsDSOObject"
' con.Properties("User ID") = "uid=xxxx,ou=people,dc=rutgers,dc=edu"
' con.Properties("Password") = "yyyy"
' con.Properties("ADSI Flag") = 34
ADsPath =
LDAP://ldap.mydomainname.com/ou=People,dc=rutgers,dc=edu ' Set con = CreateObject("ADODB.Connection")
' con.Provider = "ADsDSOObject"
' con.Properties("User ID") = "uid=xxxx,ou=people,dc=rutgers,dc=edu"
' con.Properties("Password") = "yyyy"
' con.Properties("ADSI Flag") = 34
' X400:c=US;a= ;p=First Organizati;o=Exchange;s=Abe;g=Lincoln;i=A;
' X400:c=US;a= ;p=First Organizati;o=Exchange;s=SC;
con.Open "ADSI"
' OK, now we're going to do 3 things: search for a user by uid (i.e. netid),
' check their password, and print some data that came from the directory.
Set com = CreateObject("ADODB.Command")
Set com.ActiveConnection = con
' Make up an LDAP query. the format is
' <ldap://ldap.rutgers.edu/ou=people,dc=rutgers,dc=edu>;(query);attrs;subtree
' The first defines the LDAP search base
' Then you have the actual query, using the usual LDAP filter format
' to look for someone by netid it is (uid=xxxx)
' attrs is a list of the attributes you want to be returned.
' You'll want to see the DN itself. Unfortunately they don't give you the
' actual DN. They give you the "adspath". E.g. if the dn is
' uid=hedrick,ou=people,dc=rutgers,dc=edu, they return an adspath of
' ldap://ldap.rutgers.edu/uid=hedrick,ou=people,dc=rutgers,dc=edu
' So the following query looks up a person by uid, and gets the
' adspath, cn and postaladdress. "netid" and "password" are presumed
' to be supplied by the user.
com.CommandText = "<" & ADsPath & ">;(uid=" & netid &
");Adspath,cn,postaladdress,rulinkRutgersEduIID;subtree"
Set rs = com.Execute
' Now you have to decide what to do with the results. It's returned as
' a result set, in this case rs. Several entries can match a query, although
' in this particular case there had better only be one person with a given netid.
' Anyway, you call rs.movenext to cycle through all the entries that matched
' your query. In the code below I look through all the entries, checking the
' password and displaying cn and postaladdress. Of course there should be
' only one entry in this case, but I thought you'd want to see how to process more
' general queries, e.g. (cn=*hedrick*), which might return more than one entry.
While Not (rs.EOF)
path = rs.fields("ADsPath")
results.AddItem path
' Ok, we have to convert the adspath to a DN, because password checking
' is done with a DN and password. Look for the last / and take everything
' after it. What we're trying to do here is set "user" to be the DN
' for the user. That's what we'll use to check the user's password.
user = InStrRev(path, "/")
user = Mid(path, user + 1)
results.AddItem user
' This actually opens a new connection to check the user's password.
' This opens the connection, checks the password, and doesn't do
' anything else. "user" is actually the dn that we got after looking
' up the user. As usual 34 means to do SSL and fast bind.
Set dso = GetObject("LDAP:")
Set cont = dso.OpenDSObject(ADsPath, user, password, 34)
' See if the user's password worked. If not print error message
If Err.Number <> 0 Then
results.AddItem Err.Description
Else
results.AddItem "Password OK"
End If
Err.Clear
' Now show three of the attributes
' Note that the IID is single-valued, so you don't want the (0).
' ADSI checks the schema to see which attributes are multivalued,
' and returns arrays only for them.
v = rs.fields("cn")
results.AddItem v(0)
v = rs.fields("postaladdress")
results.AddItem v(0)
v = rs.fields("rulinkRutgersEduIID")
results.AddItem v
' Here's another approach that may be safer:
v = rs.fields("rulinkRutgersEduIID")
If (isarray(v)) Then
results.AddItem v(0)
Else
results.AddItem v
End If
' Go look at the next entry returned from the directory.
' In this case there shouldn't be any, since there should
' only be one entry with a given NetID
rs.MoveNext
Wend