1. 首頁
  2. 問答
  3. 如何使用VBScript從Oracle LDAP服務器(OID)中獲取groupmembership屬性?

如何使用VBScript從Oracle LDAP服務器(OID)中獲取groupmembership屬性?

2011-06-06 64 views
1

我正在使用VBScript在應用程序與使用LDAP腳本的OID(Oracle Identity Directory)之間進行身份驗證。我在進行身份驗證方面取得了成功。涉及的下一步是獲取用戶所屬的所有組,並映射到我的應用程序中的組。由於某些原因,我無法從LDAP服務器獲取組信息。我知道我應該查詢的屬性是「groupmembership」。但我無法從此屬性獲取任何值。任何幫助都是必需的。這裏是什麼,我有一個代碼片段 -如何使用VBScript從Oracle LDAP服務器(OID)中獲取groupmembership屬性?

'ldapauth.vbs 
'Version: 1.0 
'Use: c:\cscript ldapauth.vbs <userName> [<password>] 
'Ex - Anonymous:  c:\>cscript ldapauth.vbs svc_testconsona 
'Ex - Authenticated: c:\>cscript ldapauth.vbs svc_testconsona [email protected] 

Dim oUser  'LDAP object holding user info 
Dim oDSP  'Directory Service Provider 
Dim oArgs  'Command line arguments 
Dim sCN  'search parameter - LDAP attribute: CN 
Dim sPWD  'CN's password parameter 
Dim sRoot  'Holds the root of the LDAP object 
Dim sDN  'Distinguished Name of authenticating account 
Dim sLDAPsrv 'LDAP server 
Dim sLDAPsb 'LDAP search base 
Dim bAuthQuery 'Query Type - True=Authenticated, False=Anonymous 

CONST ADS_SECURE_AUTHENTICATION = &H0001 
CONST ADS_USE_ENCRYPTION = &H0002 
CONST ADS_USE_SSL = &H0002 
CONST ADS_READONLY_SERVER = &H0004 
CONST ADS_NO_AUTHENTICATION = &H0010 
CONST ADS_FAST_BIND = &H0020 
CONST ADS_USE_SIGNING = &H0040 
CONST ADS_USE_SEALING = &H0080 
CONST ADS_USE_DELEGATION = &H0100 
CONST ADS_SERVER_BIND = &H0200 
Const ADS_PROPERTY_NOT_FOUND = &h8000500D 

sLDAPsrv = "myserver.domain.com:389" 
sLDAPsb = "ou=Active,o=CMI" 

'Get the command line args 
set oArgs=WScript.Arguments 

'Check command line args 
On Error Resume Next 
sCN = oArgs.item(0) 'username 
If Err.Number <> 0 Then 
    Echo "" 
    Echo "**** ERROR: No username supplied." 
    Echo "" 
    Echo "Use: c:\>cscript ldapauth.vbs <userName> [<password>]" 
    Echo "" 
    Echo "Aborting..." 
    Echo "" 
    WScript.Quit 
End If 

sRoot = "LDAP://" & sLDAPsrv & "/cn=" & sCN & "," & sLDAPsb 
sDN = "cn=" & sCN & "," & sLDAPsb 

wscript.echo "the query is:" 
wscript.echo sRoot 

On Error Resume Next 
sPWD = oArgs.item(1) 'password 
If Err.Number <> 0 Then 'This will be a non-authenticated query 
    bAuthQuery = False 
    Echo "" 
    Echo "Performing anonymous LDAP query..." 
    Echo "" 
Else 'This will be an authenticated query 
    bAuthQuery = True 
    Echo "" 
    Echo "Performing authenticated LDAP query..." 
    Echo "" 
End If 
'Done checking command line args 

'Set directory service provider 
Set oDSP = GetObject("LDAP:") 

'Perform requested type of query - anonymous or authenticated 
If bAuthQuery Then 'authenticated query requested 

    'Set the LDAP object query 
    On Error Resume Next 
    Set oUser = oDSP.OpenDSObject(sRoot,sDN,sPWD,ADS_SERVER_BIND) 
    If Err.Number <> 0 Then 
     If Err.Number = "-2147023570" Then 
      Echo "**** ERROR: Authentication failed. Check username, password and search base." 
     ElseIf Err.Number = "-2147016646" Then 
      Echo "**** ERROR: LDAP server not found." 
     Else 
      Echo "**** ERROR: Unable to bind to LDAP server. " & Err.Number 
     End If 
     Echo "" 
     Echo "Use: c:\>cscript ldapauth.vbs <username> <password>" 
     Echo "" 
     Echo "Aborting..." 
     Echo "" 
     WScript.Quit 
    End If 

Else     'anonymous query requested 

    'Set the LDAP object query 
    On Error Resume Next 
    Set oUser = oDSP.OpenDSObject(sRoot,vbNullString,vbNullString,ADS_SERVER_BIND AND ADS_NO_AUTHENTICATION) 
    If Err.Number <> 0 Then 
     If Err.Number = "-2147016656" Then 
      Echo "**** ERROR: Username not found." 
     ElseIf Err.Number = "-2147016646" Then 
      Echo "**** ERROR: LDAP server not found." 
     Else 
      Echo "**** ERROR: Unable to bind to LDAP server. " & Err.Number 
     End If 
     Echo "" 
     Echo "Use: c:\>cscript ldapauth.vbs <username [<password>]" 
     Echo "" 
     Echo "Aborting..." 
     Echo "" 
     WScript.Quit 
    End If 
End If 

'Populate the user property cache 
oUser.GetInfo 



'Iterate through available user attributes 
For count = 0 to (oUser.PropertyCount-1) 
    sAttribName = oUser.Item(CInt(count)).Name 
    -'This line fetches the attribute name poroperly. But values from groupmembership is not getting it. 
    if sAttribName = "groupmembership" then 
     sAttribVal = oUser.GetInfoEx(sAttribName) 
    else 
     sAttribVal = oUser.Get(sAttribName) 
    end if 

    If IsArray(sAttribVal) Then 
     For Each sMultiVal in oUser.GetEx(sAttribName) 
      sAttribList = sAttribList & sAttribName & Space(16-Len(sAttribName)) & ":: " & sMultiVal & vbCRLF 
     Next 
    Else 
     sAttribList = sAttribList & sAttribName & Space(16-Len(sAttribName)) & ": " & sAttribVal & vbCRLF 
    End If 
    sAttribName = "" 
    sAttribVal = "" 
    if err.number <> 0 then 
     err.Clear 
    end if 
Next 

Echo sAttribList 



'Clean up 
set oDSP=Nothing 
set oUser=Nothing 

wscript.Quit 

Sub Echo(byref message) 
    WScript.Echo message 
End Sub

來源

2011-06-06 Srinath

回答

2

OID通常不會有一種叫做groupmembership用戶屬性(除非你自己添加一個)。

如果您嘗試查找用戶所屬的組,則必須對組進行第二次ldap搜索。

OID中的組具有groupOfNamesgroupOfUniqueNames作爲其對象類。這些對象類中的每一個都具有用於存儲組成員名稱的多值屬性。當用戶被分配到一個組時,他們的DN被添加到相應的多值屬性中。在groupOfNames對象類中,此多值屬性爲成員,在groupOfUniqueNames對象類中爲uniqueMember

來源

2011-06-07 13:03:55

+0

哦,只是給他一個示例查詢已經。 :) – geoffc 2011-06-13 02:34:04

+0

感謝您的回覆。我會檢查一下並讓你知道我的反饋。 – Srinath 2011-06-13 04:23:00

+0

最後我解決了我的問題。在所有的手段VBScript沒有列舉groupmembership屬性。我通過編寫內部使用目錄服務LDAP命名空間的ASP.NET Web服務調用來切換我的實現。使用這個我能夠獲取所有的屬性並枚舉所有的組。謝謝Srinath – Srinath 2011-06-15 10:19:32

相關問題

 相關問題