haliphax

As discussed in an earlier post, LDAP can be a wonderful tool for centrally storing user information and credentials. I've written about how to authenticate against the LDAP repository… but what if you're just looking for information?

The following code will contact the LDAP server and retrieve all properties for a specific user record, designated by the uid supplied on the command line:

VB.NET 3.5 Code:

Imports System.DirectoryServices

Module ldapTest
	Sub Main()
		' pull uid to search for from command line
		Dim uidToSearch As String = Command()
		' uid with sufficient access to "browse" directory
		Dim uid As String = "uid=some_admin,ou=ExternalAdmins,dc=example,dc=com"
		' password for browser
		Dim password As String = "AdminPasswordGoesHere"
		' build directory entry with browser's credentials
		Dim root As DirectoryEntry = New DirectoryEntry( _
			"LDAP://directory.example.com/ou=people,dc=example,dc=com", uid, _
			password, AuthenticationTypes.None)
		' build directory searcher for root entry
		Dim searcher As DirectorySearcher = New DirectorySearcher(root)
		' filter down to requested uid
		searcher.Filter = "(uid=" & uidToSearch & ")"

		' iterate through found record's properties
		For Each prop As DictionaryEntry In searcher.FindOne().Properties
			Console.Write(prop.Key.ToString & " = ")

			' iterate through property's values
			For Each propVal In prop.Value
				If TypeOf propVal Is Byte() Then
					' convert byte arrays to strings (password hashes, etc.)
					Console.WriteLine(Convert.ToBase64String(propVal))
				Else
					Console.WriteLine(propVal)
				End If
			Next
		Next
	End Sub
End Module

With a little bit of work, this could easily be adapted to glean information about other Active Directory objects. The source may also prove useful in conjunction with the login script (linked-to above) for more comprehensive/interactive lookup scripts, etc.