C
Crossh
Is it possible to read the LDAP Active Directory within an Access Form?
T
Tony Toews [MVP]
Crossh said:
Yes.
It's a b*tch and hard to work with.
The following posting end up being what I needed.
http://groups.google.ca/groups?hl=e...=off&q=adsi+search+organizationalunit&spell=1
IIRC after I got the logic working I discovered VB6 allowed you to run
LDAP queries within it natively. Rather than just being allowed to
use them in code. But that was over two or three year or two ago and
my memory is rather hazy.
I created the app so that a client in the construction field could
create folders by job and subfolders within the job. However those
sub folders would each have different security depending on the
persons function. That is foremen could see the drawings folder but
not the invoices folder.
I kept a page of notes when I was working on this topic. Below is
every link I found useful or not. Some may or may not be useful to
you.
Internet resources
Programmatically Set NTFS File System Folder Permissions
Enumerating Local Groups and Descriptions with NetLocalGroupEnum
Pasted from
<http://vbnet.mvps.org/code/network/netlocalgroupenumdesc.htm>
Enumerating Members of a Group with NetLocalGroupGetMembers
Pasted from
<http://vbnet.mvps.org/code/network/netgocalgroupgetmembers.htm>
Xcacls.exe
Pasted from
<http://support.microsoft.com/default.aspx?scid=KB;EN-US;825751>
How To Use High-Level Access Control APIs from Visual Basic
Pasted from
<http://support.microsoft.com/default.aspx?scid=kb;EN-US;295004>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adsi/adsi/iadsgroup.asp
Organizational Unit - Edmonton
Active Directory
Server name is SEDMDC1, Domain name is PDEDM
Following might do everything I want.
http://groups.google.ca/groups?hl=e...=off&q=adsi+search+organizationalunit&spell=1
ldap
http://msdn.microsoft.com/library/d...ry/en-us/dnanchor/html/anch_activediradsi.asp
Active Directory Service Interfaces Quick-start Tutorials
Pasted from
<http://msdn.microsoft.com/library/en-us/adsi/adsi/adsi_quick-start_tutorials.asp?frame=true>
IADsAccessControlEntry
Pasted from
<http://msdn.microsoft.com/library/en-us/adsi/adsi/iadsaccesscontrolentry.asp?frame=true>
An ADSI Primer, Part 11: More on Scripting Permissions and Auditing
(Windows Scripting though)
Pasted from
<http://www.windowsitpro.com/WindowsScripting/Article/ArticleID/7456/7456.html>
HOWTO: Use ADsSecurity.dll to Remotely Add Local Account ACEs to an
NTFS File
Pasted from
<http://support.microsoft.com/default.aspx?scid=kb;en-us;Q285998>
How To Use ADSI to Set Automatic Inheritance of File/Folder
Permissions
Pasted from <http://support.microsoft.com/kb/266461/EN-US/>
http://groups.google.ca/groups?q=gr...ff&[email protected]&rnum=10
Various constants are at the following:
http://www.serverwatch.com/tutorials/article.php/1476721
Security and Access Rights
http://msdn.microsoft.com/library/d...leio/base/file_security_and_access_rights.asp
How To Use ADSI to Set Automatic Inheritance of File/Folder
Permissions
Pasted from
<http://support.microsoft.com/default.aspx?scid=kb;en-us;266461>
VBScript recursive changing of subfolders
IADsAccessControlEntry Property Methods
http://msdn.microsoft.com/library/d...i/iadsaccesscontrolentry_property_methods.asp
HOWTO: Use ADsSecurity.dll to Remotely Add Local Account ACEs to an
NTFS File
Pasted from
<http://support.microsoft.com/default.aspx?scid=kb;en-us;Q285998>
How To Use ADsSecurity.dll to Add an Access Control Entry to an NTFS
Folder
Pasted from
<http://support.microsoft.com/default.aspx?scid=kb;en-us;Q279682>
Also Richard is a fellow MVP and has lots of sample code at his
website. It's VBScript but should still work reasonably well.
http://www.rlmueller.net/products.htm
Tony
--
Tony Toews, Microsoft Access MVP
Please respond only in the newsgroups so that others can
read the entire thread of messages.
Microsoft Access Links, Hints, Tips & Accounting Systems at
http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/
G
Guest
Using ADO, you can use Provider=ADsDSOObject:
"Provider=ADSDSOObject;User ID=MyUserID;Password=MyPassword;"
and query using LDAP SQL:
SELECT ADsPath, cn FROM 'LDAP://OU=Sales,DC=Fabrikam,DC=COM' WHERE
objectCategory='person' AND objectClass ='user'
It is possible to bind a form to an ADO recordset, but it doesn't always
work.
(david)
"Provider=ADSDSOObject;User ID=MyUserID;Password=MyPassword;"
and query using LDAP SQL:
SELECT ADsPath, cn FROM 'LDAP://OU=Sales,DC=Fabrikam,DC=COM' WHERE
objectCategory='person' AND objectClass ='user'
It is possible to bind a form to an ADO recordset, but it doesn't always
work.
(david)
T
Tony Toews [MVP]
Thanks for that. Looks like it could be easier than what I went
through.
Tony
--
Tony Toews, Microsoft Access MVP
Please respond only in the newsgroups so that others can
read the entire thread of messages.
Microsoft Access Links, Hints, Tips & Accounting Systems at
http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/
C
Crossh
Thanks for your help. I tried this, but I get a "Type mismatch" at Set rst =
cnn.Execute(strSql). Any ideas?
Sub ldaplookup()
Dim cnn As New ADODB.Connection
Dim rst As DAO.Recordset
Dim strUserId, strPW, strSql, strLDAP As String
strUserId = "MyUserId"
strPW = "MyPassword"
strLDAP = "'LDAP://cn=users,dc=Mydc,dc=corp'"
cnn.ConnectionString = "Provider=ADsDSOObject;Password=" & strPW & ";User
ID=" & strUserId & ";Encrypt Password=True;" _
& "Mode=Read;Bind Flags=0;ADSI Flag=-2147483648"
cnn.Open
strSql = "SELECT displayName, telephoneNumber, mail" _
& " FROM " & strLDAP
Set rst = cnn.Execute(strSql)
cnn.Close
End Sub
cnn.Execute(strSql). Any ideas?
Sub ldaplookup()
Dim cnn As New ADODB.Connection
Dim rst As DAO.Recordset
Dim strUserId, strPW, strSql, strLDAP As String
strUserId = "MyUserId"
strPW = "MyPassword"
strLDAP = "'LDAP://cn=users,dc=Mydc,dc=corp'"
cnn.ConnectionString = "Provider=ADsDSOObject;Password=" & strPW & ";User
ID=" & strUserId & ";Encrypt Password=True;" _
& "Mode=Read;Bind Flags=0;ADSI Flag=-2147483648"
cnn.Open
strSql = "SELECT displayName, telephoneNumber, mail" _
& " FROM " & strLDAP
Set rst = cnn.Execute(strSql)
cnn.Close
End Sub
D
Douglas J. Steele
Since you're using ADO, you must declare rst as an ADO recordset:
Dim rst As ADODB.Recordset
I'd also strongly recommend not using the New keyword in your declaration of
cnn. Instead, use
Dim cnn As ADODB.Connection
Set cnn = New ADODB.Connection
(the Set statement must be before the statement where you assign a value to
cnn.ConnectionString)
It's seldom (if ever) appropriate to use the New keyword in declarations in
VBA.
Dim rst As ADODB.Recordset
I'd also strongly recommend not using the New keyword in your declaration of
cnn. Instead, use
Dim cnn As ADODB.Connection
Set cnn = New ADODB.Connection
(the Set statement must be before the statement where you assign a value to
cnn.ConnectionString)
It's seldom (if ever) appropriate to use the New keyword in declarations in
VBA.
C
Crossh
Thanks, that worked perfectly. I hope you don't mind if I ask you another
question
Using the following code, it takes at least thirty seconds to get each users
info and populate my form (the form allows for multiple users to be
selected). Is there a better(quicker) way to do this? Can I just open the
recordset., keep it open, and search each strUser individually?
cnn.Open
strSql = "SELECT DisplayName, TelephoneNumber, Mail" _
& " FROM " & strLDAP _
& " WHERE samAccountName='*" & strUser & "' AND
objectCategory='person' AND objectClass='user'"
Set rst = cnn.Execute(strSql)
Me.txtEmail = rst!mail
Me.txtPhone = rst!TelephoneNumber
Me.txtFirstName = rst!DisplayName
cnn.Close
question
Using the following code, it takes at least thirty seconds to get each users
info and populate my form (the form allows for multiple users to be
selected). Is there a better(quicker) way to do this? Can I just open the
recordset., keep it open, and search each strUser individually?
cnn.Open
strSql = "SELECT DisplayName, TelephoneNumber, Mail" _
& " FROM " & strLDAP _
& " WHERE samAccountName='*" & strUser & "' AND
objectCategory='person' AND objectClass='user'"
Set rst = cnn.Execute(strSql)
Me.txtEmail = rst!mail
Me.txtPhone = rst!TelephoneNumber
Me.txtFirstName = rst!DisplayName
cnn.Close
D
Douglas J. Steele
That SQL only retrieves the data for a single user, so keeping the recordset
open wouldn't buy you anything.
You could, I suppose, have it return the data for all users by changing the
condition to simply
& " WHERE objectCategory='person' AND objectClass='user'"
and then search the recordset, but I suspect that the recordset would take a
very long time to open.
open wouldn't buy you anything.
You could, I suppose, have it return the data for all users by changing the
condition to simply
& " WHERE objectCategory='person' AND objectClass='user'"
and then search the recordset, but I suspect that the recordset would take a
very long time to open.
G
Guest
Same stuff actually, isn't it: my post was just the executive summary.
The Microsoft reference I had is missing, and I think that this
method now has the same status as ADO and DAO: I don't
think that the ADsDSO object will ever see any further
development:
Actually, the whole AD thing is interesting too: There used
to be an attempt to make a generic Active Directory interface,
with tabs on the AD form for Exchange and Group Policy.
Both of those have moved back to having private interfaces.
It is possible that ADsDSO will be/has been replaced with
some DOT NET interface which returns a data object
instead of a recordset, but I also suspect that the idea of
having any kind or generic interface to AD is dead or sleeping.
(david)
The Microsoft reference I had is missing, and I think that this
method now has the same status as ADO and DAO: I don't
think that the ADsDSO object will ever see any further
development:
Actually, the whole AD thing is interesting too: There used
to be an attempt to make a generic Active Directory interface,
with tabs on the AD form for Exchange and Group Policy.
Both of those have moved back to having private interfaces.
It is possible that ADsDSO will be/has been replaced with
some DOT NET interface which returns a data object
instead of a recordset, but I also suspect that the idea of
having any kind or generic interface to AD is dead or sleeping.
(david)
G
Guest
Are you running actually on the Domain Controller? I expect that
data is returned from the server each time, and opening n small
recordsets would take n times as long as opening one large
recordset.
I think AD records time out fairly quickly, so if you aren't running
on the domain controller, the only user you have live data to start
with is for the logged in user.
(david)
data is returned from the server each time, and opening n small
recordsets would take n times as long as opening one large
recordset.
I think AD records time out fairly quickly, so if you aren't running
on the domain controller, the only user you have live data to start
with is for the logged in user.
(david)
C
Crossh
Yes, I am running on the Domain Controller. Is it possible to just run a
program, as needed, to create a local table, with all the users and their
respective info (only a few fields) that I need from the active directory and
then use this local table in my form?
program, as needed, to create a local table, with all the users and their
respective info (only a few fields) that I need from the active directory and
then use this local table in my form?
G
Guest
Is it possible to just run a
Possibly, but you should start a new thread to ask that question.
In DAO you might be able to use a "make table" query, which
might look something like this:
SELECT [database1].[Table1].* INTO [database2].[t2]
FROM [database1].[Table1];
but I don't know how to do that between different providers
in ADO.
So perhaps you might be able to create a table from a Recordset
in ADO -- I don't know how it is done.
(david)
Possibly, but you should start a new thread to ask that question.
In DAO you might be able to use a "make table" query, which
might look something like this:
SELECT [database1].[Table1].* INTO [database2].[t2]
FROM [database1].[Table1];
but I don't know how to do that between different providers
in ADO.
So perhaps you might be able to create a table from a Recordset
in ADO -- I don't know how it is done.
(david)