I can get the full name of the user from their username without any problems.
What I can't do is find out which groups the user belongs to. The end result will hopefully be a method to ascertain whether the current user is a member of the 'mod' group, the 'admin' group, or neither.
I've tried a few different things, but I just can't find the lookup query for it. Most of the sites I've found so far seem to be aimed at ASP.NET, but my directory/database access skills really aren't good enough to understand what they're doing, why they're doing it, or how to port it back to Classic ASP.
Here's the current code (slightly modified).
Expand|Select|Wrap|Line Numbers
- Dim adoCommand, conn, adoRecordSet, currentUser
- currentUser = Request.ServerVariables("LOGON_USER")
- Set conn = Server.CreateObject("ADODB.Connection")
- conn.Provider = "ADsDSOObject"
- conn.Properties("User ID") = "xxx"
- conn.Properties("Password") = "yyy"
- conn.Properties("Encrypt Password") = True
- conn.Open
- Set adoCommand = Server.CreateObject("ADODB.Command")
- adoCommand.ActiveConnection = conn
- adoCommand.CommandText = "SELECT cn FROM 'LDAP://ou=USERS,ou=PRNTEST,dc=domain,dc=extension' WHERE ObjectClass='User' AND sAMAccountName='" & currentUser & "' ORDER By cn"
- Set adoRecordSet = adoCommand.Execute
- Session("currentUser") = adoRecordSet(0)
Some of the sites I've seen seem to imply there is a 'memberof' attribute of the user record, but the entire query above (SELECT * FROM) doesn't show anything like that, just the hierarchy of OUs to the CN.
So, how should I go about checking the AD group memberships for a given user? Is the SQL-type query going to work, or do I need to try a different approach?
Thanks in advance.