1. 首页
  2. 问答
  3. 如何使用VBScript从Oracle LDAP服务器(OID)中获取groupmembership属性?

如何使用VBScript从Oracle LDAP服务器(OID)中获取groupmembership属性?

2011-06-06 23 views
1

我正在使用VBScript在应用程序与使用LDAP脚本的OID(Oracle Identity Directory)之间进行身份验证。我在进行身份验证方面取得了成功。涉及的下一步是获取用户所属的所有组,并映射到我的应用程序中的组。由于某些原因,我无法从LDAP服务器获取组信息。我知道我应该查询的属性是“groupmembership”。但我无法从此属性获取任何值。任何帮助都是必需的。这里是什么,我有一个代码片段 -如何使用VBScript从Oracle LDAP服务器(OID)中获取groupmembership属性?

'ldapauth.vbs 
'Version: 1.0 
'Use: c:\cscript ldapauth.vbs <userName> [<password>] 
'Ex - Anonymous:  c:\>cscript ldapauth.vbs svc_testconsona 
'Ex - Authenticated: c:\>cscript ldapauth.vbs svc_testconsona [email protected] 

Dim oUser  'LDAP object holding user info 
Dim oDSP  'Directory Service Provider 
Dim oArgs  'Command line arguments 
Dim sCN  'search parameter - LDAP attribute: CN 
Dim sPWD  'CN's password parameter 
Dim sRoot  'Holds the root of the LDAP object 
Dim sDN  'Distinguished Name of authenticating account 
Dim sLDAPsrv 'LDAP server 
Dim sLDAPsb 'LDAP search base 
Dim bAuthQuery 'Query Type - True=Authenticated, False=Anonymous 

CONST ADS_SECURE_AUTHENTICATION = &H0001 
CONST ADS_USE_ENCRYPTION = &H0002 
CONST ADS_USE_SSL = &H0002 
CONST ADS_READONLY_SERVER = &H0004 
CONST ADS_NO_AUTHENTICATION = &H0010 
CONST ADS_FAST_BIND = &H0020 
CONST ADS_USE_SIGNING = &H0040 
CONST ADS_USE_SEALING = &H0080 
CONST ADS_USE_DELEGATION = &H0100 
CONST ADS_SERVER_BIND = &H0200 
Const ADS_PROPERTY_NOT_FOUND = &h8000500D 

sLDAPsrv = "myserver.domain.com:389" 
sLDAPsb = "ou=Active,o=CMI" 

'Get the command line args 
set oArgs=WScript.Arguments 

'Check command line args 
On Error Resume Next 
sCN = oArgs.item(0) 'username 
If Err.Number <> 0 Then 
    Echo "" 
    Echo "**** ERROR: No username supplied." 
    Echo "" 
    Echo "Use: c:\>cscript ldapauth.vbs <userName> [<password>]" 
    Echo "" 
    Echo "Aborting..." 
    Echo "" 
    WScript.Quit 
End If 

sRoot = "LDAP://" & sLDAPsrv & "/cn=" & sCN & "," & sLDAPsb 
sDN = "cn=" & sCN & "," & sLDAPsb 

wscript.echo "the query is:" 
wscript.echo sRoot 

On Error Resume Next 
sPWD = oArgs.item(1) 'password 
If Err.Number <> 0 Then 'This will be a non-authenticated query 
    bAuthQuery = False 
    Echo "" 
    Echo "Performing anonymous LDAP query..." 
    Echo "" 
Else 'This will be an authenticated query 
    bAuthQuery = True 
    Echo "" 
    Echo "Performing authenticated LDAP query..." 
    Echo "" 
End If 
'Done checking command line args 

'Set directory service provider 
Set oDSP = GetObject("LDAP:") 

'Perform requested type of query - anonymous or authenticated 
If bAuthQuery Then 'authenticated query requested 

    'Set the LDAP object query 
    On Error Resume Next 
    Set oUser = oDSP.OpenDSObject(sRoot,sDN,sPWD,ADS_SERVER_BIND) 
    If Err.Number <> 0 Then 
     If Err.Number = "-2147023570" Then 
      Echo "**** ERROR: Authentication failed. Check username, password and search base." 
     ElseIf Err.Number = "-2147016646" Then 
      Echo "**** ERROR: LDAP server not found." 
     Else 
      Echo "**** ERROR: Unable to bind to LDAP server. " & Err.Number 
     End If 
     Echo "" 
     Echo "Use: c:\>cscript ldapauth.vbs <username> <password>" 
     Echo "" 
     Echo "Aborting..." 
     Echo "" 
     WScript.Quit 
    End If 

Else     'anonymous query requested 

    'Set the LDAP object query 
    On Error Resume Next 
    Set oUser = oDSP.OpenDSObject(sRoot,vbNullString,vbNullString,ADS_SERVER_BIND AND ADS_NO_AUTHENTICATION) 
    If Err.Number <> 0 Then 
     If Err.Number = "-2147016656" Then 
      Echo "**** ERROR: Username not found." 
     ElseIf Err.Number = "-2147016646" Then 
      Echo "**** ERROR: LDAP server not found." 
     Else 
      Echo "**** ERROR: Unable to bind to LDAP server. " & Err.Number 
     End If 
     Echo "" 
     Echo "Use: c:\>cscript ldapauth.vbs <username [<password>]" 
     Echo "" 
     Echo "Aborting..." 
     Echo "" 
     WScript.Quit 
    End If 
End If 

'Populate the user property cache 
oUser.GetInfo 



'Iterate through available user attributes 
For count = 0 to (oUser.PropertyCount-1) 
    sAttribName = oUser.Item(CInt(count)).Name 
    -'This line fetches the attribute name poroperly. But values from groupmembership is not getting it. 
    if sAttribName = "groupmembership" then 
     sAttribVal = oUser.GetInfoEx(sAttribName) 
    else 
     sAttribVal = oUser.Get(sAttribName) 
    end if 

    If IsArray(sAttribVal) Then 
     For Each sMultiVal in oUser.GetEx(sAttribName) 
      sAttribList = sAttribList & sAttribName & Space(16-Len(sAttribName)) & ":: " & sMultiVal & vbCRLF 
     Next 
    Else 
     sAttribList = sAttribList & sAttribName & Space(16-Len(sAttribName)) & ": " & sAttribVal & vbCRLF 
    End If 
    sAttribName = "" 
    sAttribVal = "" 
    if err.number <> 0 then 
     err.Clear 
    end if 
Next 

Echo sAttribList 



'Clean up 
set oDSP=Nothing 
set oUser=Nothing 

wscript.Quit 

Sub Echo(byref message) 
    WScript.Echo message 
End Sub

来源

2011-06-06 Srinath

回答

2

OID通常不会有一种叫做groupmembership用户属性(除非你自己添加一个)。

如果您尝试查找用户所属的组,则必须对组进行第二次ldap搜索。

OID中的组具有groupOfNamesgroupOfUniqueNames作为其对象类。这些对象类中的每一个都具有用于存储组成员名称的多值属性。当用户被分配到一个组时,他们的DN被添加到相应的多值属性中。在groupOfNames对象类中,此多值属性为成员,在groupOfUniqueNames对象类中为uniqueMember

来源

2011-06-07 13:03:55

+0

哦,只是给他一个示例查询已经。 :) – geoffc 2011-06-13 02:34:04

+0

感谢您的回复。我会检查一下并让你知道我的反馈。 – Srinath 2011-06-13 04:23:00

+0

最后我解决了我的问题。在所有的手段VBScript没有列举groupmembership属性。我通过编写内部使用目录服务LDAP命名空间的ASP.NET Web服务调用来切换我的实现。使用这个我能够获取所有的属性并枚举所有的组。谢谢Srinath – Srinath 2011-06-15 10:19:32

相关问题

 相关问题