Accessing Employee ID via LDAP in a Classic ASP/VBScript application

Question

I've got an older ASP/VBScript app that I'm maintaining/upgrading and its currently using the older/depreciated means of gathering profile information - like below:

strNTUser = Request.ServerVariables("AUTH_USER")
strNTUser = replace(strNTUser, "\", "/")
Set strNTUserInfo = GetObject("WinNT://"+strNTUser)
'You get the idea'

When all I needed was the full name and the description, this was fine. Now I need to access some additional profile information, but I need to use LDAP instead of WinNT. I've Google'd till I was blind, but for the life of me I just can't seem to wrap my brain around connecting via LDAP and getting the info that I need.

What do I need to do to get the First Name, Last Name, and Employee ID based on the AUTH_USER?

Update: I figured from the outset that ADSI or some similar interface would be required, but I am apparently an ADIdiot and am getting no useful hint - let alone help - from anything I have found on MSDN or TechNet. More explicit help would be nice...

Answer 1

You should use ADSI to connect to the directory provider (LDAP) in this case. Here is an example with classic ASP.

Answer 2

4GuysFromRolla has a pretty good article with a few code samples for ADSI, LDAP and ASP.

Answer 3

I'm sure there's probably a little more efficient way of doing this, but here's the code I ended up using after much searching, trying, and gnashing of teeth...

Dim strNTUser, strUser, strDN, strRootTDSE
Dim objRootDSE, objConnection, objCommand, objRecordSet, objUser, objNTUserInfo

strNTUser = Request.ServerVariables("AUTH_USER")
strUser = Mid(strNTUser,(instr(1,strNTUser,"\")+1),len(strNTUser))

Set objConnection = Server.CreateObject("ADODB.Connection")
Set objCommand = Server.CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection

'objCommand.Properties("Page Size") = 1000'
objCommand.Properties("Searchscope") = 2 'ADS_SCOPE_SUBTREE 

Set objRootDSE = GetObject("LDAP://rootDSE")
strRootTDSE = objRootDSE.Get("defaultNamingContext")
Set objRootDSE = Nothing

objCommand.CommandText = _
    "SELECT distinguishedName FROM 'LDAP://" & strRootTDSE & "' " & _
     "WHERE objectCategory='user' AND sAMAccountName = '" & strUser & "'" 

Set objRecordSet = objCommand.Execute

If Not objRecordSet.BOF Then objRecordSet.MoveFirst
If Not objRecordSet.EOF Then
    strDN = objRecordSet.Fields("distinguishedName").Value
End If

Set objConnection = Nothing
Set objCommand = Nothing
Set objRecordSet = Nothing

Set objUser = GetObject("LDAP://" & strDN)
'I can now use objUser to get the details'

I'll happily accept any refactored code, and a reason why I now have to lower the site to "Basic Authentication" in order for this to work.

As a side note, I've tried to hard-code as little as possible so I can send it back to the open source project I got the original code from.