Question : LDAP Help

I am trying to get a handle on writing what should be relatively easy vb.net code to retrieve assorted objects and attributes from an LDAP Server and am doing a lot of random walks trying to pull the nuggets of gold I need.

I have been experimenting with ADO as well as system.directory.services and other directory imports and have had a reasonable time guessing my way through Active Directory queries (although representing the data I want to extract is still not clear).  But LDAP and the query expressions and filters are just a tad out of reach and I would really appreciate a bit of real example type guidance.  Something like: here is a sample tree.  here is how to contruct the ldap for ADO and .net namespaces for AD/LDAP

First,  the structure of LDAP directories is unique within certain constraints to the organization being represented.  So,  all the examples I have found so far are vague or use very generic names and leave me to guess and experiment the rest.

Using ADO to query and return objects and attributes and assorted directory functions to return objects and attributes.

a. How can I look at a tree and know how to build an ADO style query to return some object(s) attribute(s)?
b. How do I construct the queries?  
c. Do the order of the elements I want back from the query matter (must they traverse the tree in order)?
d. What is the general tree structure and elements within a given tree?  What's the OU by looking at the tree? etc...
e. How limited am I to pull the data as some anonymous connection?

Answer : LDAP Help


Great, okay, that makes for a very reasonable set of requests :) Each of these are, or can be, variations on a theme.

My examples will be System.DirectoryServices, I tend not to bother with the ADO option personally. I hope that's okay!

Anyway, we have this to start with :)

Chris
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
' Imports System.DirectoryServices
 
' Establish a connection to AD
' Not always necessary, you can pass Null in with the constructor for DirectorySearcher and 
' achieve the same adDomain setting I have below
 
' Assuming authentication and serverless binding
Dim adDomain As New DirectoryEntry()
' If those aren't good assumptions then one of these is better:
 
' 1. Assuming authentication, connection to server "domain.com", connection to default Naming Context (NC)
' Dim adDomain As New DirectoryEntry("LDAP://domain.com")
 
' 2. Assuming Authentication, connection to server "domain.com", connection to DC=domain,DC=com NC
' Dim adDomain As New DirectoryEntry("LDAP://domain.com/DC=domain,DC=com") 
 
' 3. Passing Authentication, connection to server "domain.com", connection to DC=domain,DC=com NC
' Dim adDomain As New DirectoryEntry("LDAP://domain.com/DC=domain,DC=com", "Username", "Password")
 
' The LDAP Filter.
' To return all users:
Dim ldapFilter As String = "(&(objectClass=user)(objectCategory=person))"
 
' 1. To return all groups:
' Dim ldapFilter As String = "(objectClass=group)"
 
' 2. To return all users in a specific group (note the group's distinguished name (DN) must be specified):
' Dim ldapFilter As String = String.Format("(&(objectClass=user)(objectCategory=person)(memberOf={0}))", _
' "CN=Group Name,OU=Somewhere,DC=domain,DC=com")
' Another search may be required to get from a group name to the distinguished name
 
' 3. To return all users in a specific group, including nested members (requires AD on at least Windows 2003 SP2):
' Dim ldapFilter As String = String.Format("(&(objectClass=user)(objectCategory=person)(member:1.2.840.113556.1.4.1941:={0}))", _
' "CN=Group Name,OU=Somewhere,DC=domain,DC=com")
' To return all members of a group:
 
' 4. To return the groups a user belongs to (can also enumerate the "memberOf" property, 
' full DN of user must be specified):
' Dim ldapFilter As String = String.Format("(&(objectClass=group)(member={0}))", _
' "CN=User Name,OU=Somewhere,DC=domain,DC=com")
 
' 5. To return the groups a user belongs to, including nested membership (requires AD on at least Windows 2003 SP2):
' Dim ldapFilter As String = String.Format("(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={0}))", _
' "CN=User Name,OU=Somewhere,DC=domain,DC=com")
 
' Creating the searcher
Dim adSearch As New DirectorySearcher(adDomain, ldapFilter)
' Enabling Paging, otherwise result set is limited to 1000
adSearch.PageSize = 1000
' Specific properties can be requested (optional, but good for efficient searching):
adSearch.PropertiesToLoad.AddRange(New String() {"name", "mail", "proxyAddresses", "msExchHomeServerName"})
 
' Executing the search
Dim adSearchResults As SearchResultCollection = adSearch.FindAll()
' If filter will produce a unique result this can be used:
' Dim adSearchResult As SearchResult = adSearch.FindOne()
 
' Loop through the results
For Each adSearchResult As SearchResult In adSearchResults
  ' Get the name attribute from the object (whether it is a user or group or computer or ...)
  Console.WriteLine(adSearchResult.Properties("name")(0).ToString()
  ' mail is single-valued, can be accessed via the first element in the property value collection
  Console.WriteLine(adSearchResult.Properties("mail")(0).ToString())
  ' proxyAddresses is multi-valued, contains each mail address assigned to the account. Loop or join.
  For Each Address As String In adSearchResult.Properties("proxyaddresses")
    Console.WriteLine(Address)
  Next
  ' msExchHomeServerName is a single-valued attribute containing a reference string to the Exchange server
  Console.WriteLine(adSearchResult.Properties("msexchhomeservername")(0).ToString()
Next
Random Solutions  
 
programming4us programming4us