我正在使用VBScript在应用程序与使用LDAP脚本的OID(Oracle Identity Directory)之间进行身份验证。我在进行身份验证方面取得了成功。涉及的下一步是获取用户所属的所有组,并映射到我的应用程序中的组。由于某些原因,我无法从LDAP服务器获取组信息。我知道我应该查询的属性是“groupmembership”。但我无法从此属性获取任何值。任何帮助都是必需的。这里是什么,我有一个代码片段 -如何使用VBScript从Oracle LDAP服务器(OID)中获取groupmembership属性?
'ldapauth.vbs
'Version: 1.0
'Use: c:\cscript ldapauth.vbs <userName> [<password>]
'Ex - Anonymous: c:\>cscript ldapauth.vbs svc_testconsona
'Ex - Authenticated: c:\>cscript ldapauth.vbs svc_testconsona [email protected]
Dim oUser 'LDAP object holding user info
Dim oDSP 'Directory Service Provider
Dim oArgs 'Command line arguments
Dim sCN 'search parameter - LDAP attribute: CN
Dim sPWD 'CN's password parameter
Dim sRoot 'Holds the root of the LDAP object
Dim sDN 'Distinguished Name of authenticating account
Dim sLDAPsrv 'LDAP server
Dim sLDAPsb 'LDAP search base
Dim bAuthQuery 'Query Type - True=Authenticated, False=Anonymous
CONST ADS_SECURE_AUTHENTICATION = &H0001
CONST ADS_USE_ENCRYPTION = &H0002
CONST ADS_USE_SSL = &H0002
CONST ADS_READONLY_SERVER = &H0004
CONST ADS_NO_AUTHENTICATION = &H0010
CONST ADS_FAST_BIND = &H0020
CONST ADS_USE_SIGNING = &H0040
CONST ADS_USE_SEALING = &H0080
CONST ADS_USE_DELEGATION = &H0100
CONST ADS_SERVER_BIND = &H0200
Const ADS_PROPERTY_NOT_FOUND = &h8000500D
sLDAPsrv = "myserver.domain.com:389"
sLDAPsb = "ou=Active,o=CMI"
'Get the command line args
set oArgs=WScript.Arguments
'Check command line args
On Error Resume Next
sCN = oArgs.item(0) 'username
If Err.Number <> 0 Then
Echo ""
Echo "**** ERROR: No username supplied."
Echo ""
Echo "Use: c:\>cscript ldapauth.vbs <userName> [<password>]"
Echo ""
Echo "Aborting..."
Echo ""
WScript.Quit
End If
sRoot = "LDAP://" & sLDAPsrv & "/cn=" & sCN & "," & sLDAPsb
sDN = "cn=" & sCN & "," & sLDAPsb
wscript.echo "the query is:"
wscript.echo sRoot
On Error Resume Next
sPWD = oArgs.item(1) 'password
If Err.Number <> 0 Then 'This will be a non-authenticated query
bAuthQuery = False
Echo ""
Echo "Performing anonymous LDAP query..."
Echo ""
Else 'This will be an authenticated query
bAuthQuery = True
Echo ""
Echo "Performing authenticated LDAP query..."
Echo ""
End If
'Done checking command line args
'Set directory service provider
Set oDSP = GetObject("LDAP:")
'Perform requested type of query - anonymous or authenticated
If bAuthQuery Then 'authenticated query requested
'Set the LDAP object query
On Error Resume Next
Set oUser = oDSP.OpenDSObject(sRoot,sDN,sPWD,ADS_SERVER_BIND)
If Err.Number <> 0 Then
If Err.Number = "-2147023570" Then
Echo "**** ERROR: Authentication failed. Check username, password and search base."
ElseIf Err.Number = "-2147016646" Then
Echo "**** ERROR: LDAP server not found."
Else
Echo "**** ERROR: Unable to bind to LDAP server. " & Err.Number
End If
Echo ""
Echo "Use: c:\>cscript ldapauth.vbs <username> <password>"
Echo ""
Echo "Aborting..."
Echo ""
WScript.Quit
End If
Else 'anonymous query requested
'Set the LDAP object query
On Error Resume Next
Set oUser = oDSP.OpenDSObject(sRoot,vbNullString,vbNullString,ADS_SERVER_BIND AND ADS_NO_AUTHENTICATION)
If Err.Number <> 0 Then
If Err.Number = "-2147016656" Then
Echo "**** ERROR: Username not found."
ElseIf Err.Number = "-2147016646" Then
Echo "**** ERROR: LDAP server not found."
Else
Echo "**** ERROR: Unable to bind to LDAP server. " & Err.Number
End If
Echo ""
Echo "Use: c:\>cscript ldapauth.vbs <username [<password>]"
Echo ""
Echo "Aborting..."
Echo ""
WScript.Quit
End If
End If
'Populate the user property cache
oUser.GetInfo
'Iterate through available user attributes
For count = 0 to (oUser.PropertyCount-1)
sAttribName = oUser.Item(CInt(count)).Name
-'This line fetches the attribute name poroperly. But values from groupmembership is not getting it.
if sAttribName = "groupmembership" then
sAttribVal = oUser.GetInfoEx(sAttribName)
else
sAttribVal = oUser.Get(sAttribName)
end if
If IsArray(sAttribVal) Then
For Each sMultiVal in oUser.GetEx(sAttribName)
sAttribList = sAttribList & sAttribName & Space(16-Len(sAttribName)) & ":: " & sMultiVal & vbCRLF
Next
Else
sAttribList = sAttribList & sAttribName & Space(16-Len(sAttribName)) & ": " & sAttribVal & vbCRLF
End If
sAttribName = ""
sAttribVal = ""
if err.number <> 0 then
err.Clear
end if
Next
Echo sAttribList
'Clean up
set oDSP=Nothing
set oUser=Nothing
wscript.Quit
Sub Echo(byref message)
WScript.Echo message
End Sub
哦,只是给他一个示例查询已经。 :) – geoffc 2011-06-13 02:34:04
感谢您的回复。我会检查一下并让你知道我的反馈。 – Srinath 2011-06-13 04:23:00
最后我解决了我的问题。在所有的手段VBScript没有列举groupmembership属性。我通过编写内部使用目录服务LDAP命名空间的ASP.NET Web服务调用来切换我的实现。使用这个我能够获取所有的属性并枚举所有的组。谢谢Srinath – Srinath 2011-06-15 10:19:32