Access LDAP from HTML using clientside Javascript.

Batch, ASP, JScript, Kixtart, etc.
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Locked
User avatar
Mysterio
Posts: 1
Joined: Fri Sep 02, 2011 12:37 am

Access LDAP from HTML using clientside Javascript.

Post by Mysterio » Mon Sep 05, 2011 11:50 pm

Hi,I am coding a HTML with Javascript that needs to get the detail from HTML page(user ID) and then the script needs to get it's LDAP details.The problem is I am unable to get the object rootDSE using the following code. I need this rootDSE to get defaultNamingContext's value.rootDSE = GetObject("LDAP://rootDSE");dncontext = rootDSE.Get("defaultNamingContext");alert (dncontext);I get following error on GetObject line when I run the script,"Automation server can't create object"But I am able to connect to the LDAP by hardcoding the default naming context. And am even able to query the details.Now I have following doubts, 1. Is the error due to GetObject method(bcause with out that my code runs by hardcoding defaultnamingcontext)?, If so, is there a workaround to get rootDSE and defaultNamingContext dynamically instead of hardcoding the value?I have read somewhere that GetObject method is not supported from scripts inside webpage? Is that true?2. Is the defaultNamingContext of LDAP subjected to change often? If so, When will it change?3. For example, If I need to get displayName and title of the users in html page, Then will all the users' details be present in same defaultNamingContext?Could some one please help me with this problem? I started working on LDAP only a few days ago, so please bear with my naive questions, I am still trying to understand the concepts.Thanks in advance.

User avatar
jvierra
Posts: 13790
Joined: Tue May 22, 2007 9:57 am
Contact:

Access LDAP from HTML using clientside Javascript.

Post by jvierra » Tue Sep 06, 2011 4:31 am

Hi,I am coding a HTML with Javascript that needs to get the detail from HTML page(user ID) and then the script needs to get it's LDAP details.


rasimmer. Tis statement is pure server generated HTML page with client side script. It pops up constantly. The server cannot get teh client with ckientside script. It is impossible. It cannot even be done with an HTA. An HTA delieverd by a web server reverts to an HTML page running in MSHTA and it has no privileges on the client the same as a standard browser.

The only solution is to use server side code. If the page is set to use integrated security or if it is using forms based authentication we can get the server to retrieve the AD objects.

This is much easier in ASP.NET than it is in ASP.





User avatar
jvierra
Posts: 13790
Joined: Tue May 22, 2007 9:57 am
Contact:

Access LDAP from HTML using clientside Javascript.

Post by jvierra » Tue Sep 06, 2011 4:57 am

Here is a serverside ASP file that I have used to demo this in the past.

Run it on any ASP enabled site and it will give you the user who launched the site. If it is the anonymous user that will be shown.

IIS7 does not enable ASP by default.

Code: Select all

<%@ language="vbscript" codepage="1252"%>
       <%
const ADS_SECURE_AUTHENTICATION=&h0001
const ADS_SERVER_BIND=&h0201
       set ons=GetObject("LDAP:")
On Error Resume Next
       Set oADSysInfo = CreateObject("ADSystemInfo")
       If Err.Number <> 0 Then
    Response.Write("ADSSYSTEMINFO_ERROR: 0x" & Hex(Err.Number) & "<br />" ) 
Else 
    Set oUser = GetObject("LDAP://" & oADSysInfo.UserName)
    If Err.Number <> 0 Then
        errMsg="<span style='color: red; font-weight: bolder; font-size: 14pt;'>" _
              & "LDAP_ERROR: 0x" & Hex(Err.Number) & "</span>"
        Response.Write(errMsg)
    End If 
End If 
%>
       <html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>An ASP Testbed</title>
<style type="text/css">
     label{
         font-weight: bolder;
         color: darkblue;
         width: 100;
         text-align: right;
     }
     input{
         background-color: cyan;
     }
     body{ background-color: lightblue;
</style>
</head>
<body>
       <h2>Test of ASP to ADSI/LDAP</h2>
       <label>Firstname:</label>
 <input type="Text" Value=<%=oUser.FirstName%>><br />
<label>Lastname:</label>
 <input type="Text" Value=<%=oUser.SN%>><br />
<label>DN:</label>
 <input type="Text" style="width: 600;" Value=<%=oADSysInfo.UserName%>><br />
<label>Email:</label>
 <input type="Text" style="width: 600;" Value=<%=oUser.mail%>><br />
       </body>
</html>
jvierra2011-09-06 12:56:07

User avatar
rasimmer
Posts: 182
Joined: Fri Jan 30, 2009 12:37 am

Access LDAP from HTML using clientside Javascript.

Post by rasimmer » Wed Sep 07, 2011 3:31 am

If you are running it from the local client, then it should be an HTA. The setting above is under Security > Custom > Miscellaneos > Access Data across domains, which is ActiveX security now allowing the browser to access AD (otherwise a website could crawl your AD infrastructure, not good). So, you don't want to change your Internet security settings in your domain just so you can run this. Try just changing the extension from .HTML.HTM to .HTA

Locked