Function GetLDAPObject {
<#
.DESCRIPTION
Returns an LDAP object (which contains a collection of attributes), or objects depending on the the search Filter.
Query uses Anonymous Authentication, Function will need to altered for different Credentials, information contained with Commented out Code.
.EXAMPLES
GetLDAPObject -LDAPServer "LDAPSERVER" -LDAPPort 389 -SSL $false -baseDN "o=BASEDN" -Filter "(uid=smithj01)"
#>
param([string]$LDAPServer,[int]$LDAPPort,[boolean]$SSL,[string]$baseDN, [string]$Filter)
#Load the assemblies
[System.Reflection.Assembly]::LoadWithPartialName("System.DirectoryServices.Protocols") | Out-Null
[System.Reflection.Assembly]::LoadWithPartialName("System.Net") | Out-Null
#Connects to myopenldap.mikesblog.lan using SSL on a non-standard port
$c = New-Object System.DirectoryServices.Protocols.LdapConnection "$($LDAPServer):$($LDAPPort)"
#Set session options
$c.SessionOptions.SecureSocketLayer = $SSL;
# Pick Authentication type:
# Anonymous, Basic, Digest, DPA (Distributed Password Authentication),
# External, Kerberos, Msn, Negotiate, Ntlm, Sicily
$c.AuthType = [System.DirectoryServices.Protocols.AuthType]::Anonymous
# Gets username and password. Required for Authentication Types requiring Credentials
#$user = Read-Host -Prompt "Username"
#$pass = Read-Host -AsSecureString "Password"
#Creates a credential object to pass to bind to LDAP Connection Object
#$NovellCredentials = new-object "System.Net.NetworkCredential" -ArgumentList $user,$pass
# Bind with the network credentials. Depending on the type of server,
# the username will take different forms. Authentication type is controlled
# above with the AuthType
#$c.Bind($NovellCredentials);
$scope = [System.DirectoryServices.Protocols.SearchScope]::Subtree
$attrlist = ,"*" #Returns all Attributes
$r = New-Object System.DirectoryServices.Protocols.SearchRequest -ArgumentList `
$baseDN,$Filter,$scope,$attrlist
#$re is a System.DirectoryServices.Protocols.SearchResponse
$re = $c.SendRequest($r);
#How many results do we have?
"A Total of $($re.Entries.Count) Entry(s) found in LDAP Search"
If ($re.Entries.Count -eq 1) #Returns the Only Single Entry
{
Return $Re.Entries[0]
}
elseIf ($re.Entries.Count -eq 0) #Returns Null, No match found on Filter, or problems with LDAP
{
Return $null
}
else # Returns the Entire Collection of Entries
{
#foreach ($i in $re.Entries) { #Do something with each entry here, such as read attributes }
Return $re.Entries
}
} #End Function
-----
#Example useage:
$EDIRLDAPServer = "LDAPSERVER"
$EDIRBaseDN = "O=TEST"
$userID = "SMITHJ"
$LDAPObj = GetLDAPObject -LDAPServer $EDIRLDAPServer -LDAPPort 389 -SSL $false -baseDN $EDIRBaseDN -Filter "(uid=$($userID))"
"Fullname is: $($LDAPObj.attributes["fullname"].getValues([string]))" #sometimes this is 'gecos' attribute not fullname
$strACL = $LDAPObj.Attributes["acl"].GetValues([string]) #sets variable to the ACL attribute returned
Dear Corey,
ReplyDeleteYour script is awesome.
Perfect.
Unfortunately, I stuck in a problem with the $attrlist for several month and I cannot solve it.
I would like to retrieve only a few attributes but it results to some error messages.
I tried several methods:
$attrlist = ,"cn","sn","givenName"
$attrlist @("sn","giveName")
To retrieve only one attribute with $attrlist = ,"cn" or all attributes with ,"*" everything is working find.
I hope you can help me.
Kind regards,
Christian
For specifying attributes this worked for me:
ReplyDelete[string[]]$attr = “cn”,”mail”
ReplyDeleteThank you for this!
[string[]]$attr = “cn”,”mail”