Retrieving user properties from LDAP with VB.NETTags:
As discussed in an earlier post, LDAP can be a wonderful tool for centrally storing user information and credentials. I've written about how to authenticate against the LDAP repository… but what if you're just looking for information?
The following code will contact the LDAP server and retrieve all properties for a specific user record, designated by the uid supplied on the command line:
VB.NET 3.5 Code:
' pull uid to search for from command line
Dim uidToSearch As String = Command()
' uid with sufficient access to "browse" directory
Dim uid As String = "uid=some_admin,ou=ExternalAdmins,dc=example,dc=com"
' password for browser
Dim password As String = "AdminPasswordGoesHere"
' build directory entry with browser's credentials
Dim root As DirectoryEntry = New DirectoryEntry( _
"LDAP://directory.example.com/ou=people,dc=example,dc=com", uid, _
' build directory searcher for root entry
Dim searcher As DirectorySearcher = New DirectorySearcher(root)
' filter down to requested uid
searcher.Filter = "(uid=" & uidToSearch & ")"
' iterate through found record's properties
For Each prop As DictionaryEntry In searcher.FindOne().Properties
Console.Write(prop.Key.ToString & " = ")
' iterate through property's values
For Each propVal In prop.Value
If TypeOf propVal Is Byte() Then
' convert byte arrays to strings (password hashes, etc.)
With a little bit of work, this could easily be adapted to glean information about other Active Directory objects. The source may also prove useful in conjunction with the login script (linked-to above) for more comprehensive/interactive lookup scripts, etc.