#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2012
    Posts
    10
    Rep Power
    0

    Cant Create activeX object


    Hello everyone, i have a block of code i've been working with for awhile now that adds the user to a LDAP group. while the code works perfectly as a .vbs file i'm having some trouble when i move it to a .asp page. How could i alter the format of my script to run on an .asp page?

    asp Code:
     
    Function getsAMAccountName(name)
    	On Error Resume Next
    	Dim adoCommand, adoConnection, strBase, strFilter, strAttributes
    	Dim objRootDSE, strDNSDomain, strQuery, adoRecordset, strsAM, objUser
     
    	Set adoCommand = CreateObject("ADODB.Command")
    	Set adoConnection = server.CreateObject("ADODB.Connection")
     
    	adoConnection.Provider = "ADsDSOObject"
    	adoConnection.Open "Active Directory Provider"
    	Set adoCommand.ActiveConnection = adoConnection
     
    	Set objRootDSE = GetObject("LDAP://RootDSE")
    	strDNSDomain = objRoo
    	tDSE.Get("defaultNamingContext")
    	strBase = "<LDAP://" & strDNSDomain & ">"
     
    	strFilter = "(cn=" & name & ")"
     
    	strAttributes = "distinguishedName"
     
    	strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
    	adoCommand.CommandText = strQuery
    	adoCommand.Properties("Page Size") = 100
    	adoCommand.Properties("Timeout") = 30
    	adoCommand.Properties("Cache Results") = False
     
    	Set adoRecordset = adoCommand.Execute
     
    	Do Until adoRecordset.EOF
     
    		strsAM = adoRecordset.Fields("distinguishedName").Value
    		Set objUser = GetObject("LDAP://" & strsAM)
    		getsAMAccountName = objUser.sAMAccountName
    		adoRecordset.MoveNext
    	Loop
     
    	adoRecordset.Close
    	adoConnection.Close
    End Function


    When i attempt to run the page with the code on it, i get errors displayed by IE first saying the script could be malicious and then saying it cannot create the activeX object (line 72).
    Last edited by Samuel J Link; June 12th, 2012 at 01:00 PM. Reason: format changes
  2. #2
  3. No Profile Picture
    Grumpier old Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2003
    Posts
    14,440
    Rep Power
    4539
    First, take out the on error resume next statement and see what error messages show up.

    In classic asp you should use Server.CreateObject() to instantiate external objects.

    I don't know what if anything to do about the script could be malicious message.
    ======
    Doug G
    ======
    Bartender to Rene Descartes "have another beer?" Descartes: "I think not" and he vanished.
    --Alfred Bester
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2012
    Posts
    10
    Rep Power
    0

    vbscript to asp?


    Hello Doug, thankyou for the quick reply. This is one of my first times using ASP classic and I guess what i'm looking to do is just translate a VBScript so that it would be usable between asp tags. I know to use the request, response, session, application, and server cmds but am just having trouble with where to use them. Im just starting to segment out the code and go through it function by function but any insight you have would be much appreciated.



    relevant error is:
    asp Code:
     
    Set adoRecordset = adoCommand.Execute
     
    	Do Until adoRecordset.EOF
     
    		strsAM = adoRecordset.Fields("distinguishedName").Value
    		Set objUser = GetObject("LDAP://" & strsAM)
    		getsAMAccountName = objUser.sAMAccountName
    		adoRecordset.MoveNext
    	Loop
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2012
    Posts
    10
    Rep Power
    0

    Isolated the error to:


    Isolated the error (I think) to the fact that the strBase is not being passed to the query.. attempted to test it with a response out and it looks like it will write the entire query path from when run as a vbs, but in asp will not output the strBase to the query... any ideas?

    asp Code:
     
    	strBase = "<LDAP://" & strDNSDomain & ">"
     
    	Response.Write(strBase)
     
    	strFilter = "(cn=" & name & ")"
     
    	strAttributes = "distinguishedName"
     
    	strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
     
    	Response.Write(strQuery)


    output is

    ;(cn=Samuel J Link);distinguishedName;subtree
    Provider error '80040e37'

    Table does not exist.
  8. #5
  9. No Profile Picture
    Grumpier old Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2003
    Posts
    14,440
    Rep Power
    4539
    I have never tried using ldap from asp, I don't know what the correct syntax for using ldap is. I'm not used to seeing any prefix like ldap:// in an object identifier, so I'd recommend you find the appropriate docs and verify the syntax for your ldap object is correct.

    asp objects are created by the asp iis server so that the objects are available to your asp code which is running under the iis server. So again, you should use server.createobject() to create your objects, not getobject().

    http://msdn.microsoft.com/en-us/libr...=vs.90%29.aspx
    ======
    Doug G
    ======
    Bartender to Rene Descartes "have another beer?" Descartes: "I think not" and he vanished.
    --Alfred Bester
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2012
    Posts
    10
    Rep Power
    0

    pass asp variables


    Thanks again Doug, I think what i'll have to end up doing is keeping the script between
    Code:
    <script type="vbscript">
    tags. This allows the script to run, but do you know of a way that i could pass asp variables values like <%=AuthUser.name%> to the script between the tags?
  12. #7
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2012
    Posts
    10
    Rep Power
    0

    update


    Originally Posted by Samuel J Link
    Thanks again Doug, I think what i'll have to end up doing is keeping the script between
    Code:
    <script type="vbscript">
    tags. This allows the script to run, but do you know of a way that i could pass asp variables values like <%=AuthUser.name%> to the script between the tags?
    looks as though i can use >

    vbscript Code:
     
    <% if staff="No" then %>
    	<script type="text/vbscript">
    		personFor = "Samuel J Link"
    		personBy = "Samuel J Link"
    	</script>
    <% ELSE %>
    	<script type="text/vbscript">
    		personFor = "Samuel J Link"
    		personBy = "Samuel J Link"
    	</script>
    <%End If%>
     
    	<script type="text/vbscript">
     
    		Set objSystemInfo = CreateObject("ADSystemInfo") 
    		strDomain = objSystemInfo.DomainShortName
     
    		strUser = getsAMAccountName(personFor)
  14. #8
  15. No Profile Picture
    Grumpier old Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2003
    Posts
    14,440
    Rep Power
    4539
    Originally Posted by Samuel J Link
    Thanks again Doug, I think what i'll have to end up doing is keeping the script between
    Code:
    <script type="vbscript">
    tags. This allows the script to run, but do you know of a way that i could pass asp variables values like <%=AuthUser.name%> to the script between the tags?
    this script tag is for the browser, not server-side asp code, so apparently since it allows your script to run the browser is what's running it successfully.
    ======
    Doug G
    ======
    Bartender to Rene Descartes "have another beer?" Descartes: "I think not" and he vanished.
    --Alfred Bester
  16. #9
  17. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2012
    Posts
    10
    Rep Power
    0

    one more thing


    Looks like you're correct again Doug, while the script is able to run on the client side, to work around the activeX warning/error i've had to shift the script serverside (which makes much more sense anyway) for some reason though, after my first LDAP query i have the piece of code "Set objUser = GetObject("LDAP://" & strsAM)" that is causing my page not to load. Do you have any idea if this is a "double hop" problem?

    current code:
    asp Code:
     
    <%
    		personFor="Samuel J Link"
    		personBy="Samuel J Link"
     
    		Set objSystemInfo = server.CreateObject("ADSystemInfo") 
    		strDomain = objSystemInfo.DomainShortName
     
    		strUser = getsAMAccountName(personFor)
     
    		response.write(strUser)
     
    	'getSAMAccount given 
    		Function getsAMAccountName(name)
     
    			Dim adoCommand, adoConnection, strBase, strFilter, strAttributes
    			Dim objRootDSE, strDNSDomain, strQuery, adoRecordset, strsAM, objUser
     
     
    			Set adoConnection = CreateObject("ADODB.Connection")				
    				adoConnection.Provider = "ADsDSOObject"
    					With adoConnection
    						.Properties("User ID") = ProcessID
    						.Properties("Password") = PW           'password
    						.Properties("encrypt password") = True
    					End With
     
    			adoConnection.Open "Active Directory Provider"
    			Set adoCommand = CreateObject("ADODB.Command")
    			Set adoCommand.ActiveConnection = adoConnection
     
     
    			Set objRootDSE = GetObject("LDAP://RootDSE")
    			strDNSDomain = objRootDSE.Get("defaultNamingContext")	
     
    			adoCommand.CommandText = "<LDAP://SERVERNAME>;(&(objectCategory=user)(CN=" & name & "));distinguishedName;subtree"
    			adoCommand.Properties("Page Size") = 100
    			adoCommand.Properties("Timeout") = 30
    			adoCommand.Properties("Cache Results") = False
     
    			Set adoRecordset = adoCommand.Execute
    			strsAM = adoRecordset.Fields("distinguishedName").Value
    			Set objUser = GetObject("LDAP://" & strsAM)
    			getsAMAccountName = objUser.sAMAccountName
     
     
     
    			adoRecordset.Close
    			adoConnection.Close
    		End Function
     
    %>

    possibly permissions since i'm currently using a corp\anon PID
    thanks so much for all of your assistance Doug.
  18. #10
  19. No Profile Picture
    Grumpier old Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2003
    Posts
    14,440
    Rep Power
    4539
    I don't know the answer. One guess, does LDAP access use some tcp port that might be blocked by a firewall on the server network?
    ======
    Doug G
    ======
    Bartender to Rene Descartes "have another beer?" Descartes: "I think not" and he vanished.
    --Alfred Bester

IMN logo majestic logo threadwatch logo seochat tools logo