RE: [ActiveDir] Query for user AD info from web application
I would start them on the various LDAP primers out on the net or get the O'Reilly AD books. The cookbook, my Active Directory 3E book, etc. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway Sent: Friday, June 02, 2006 10:21 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Query for user AD info from web application Sorry, I've been out a few days and haven't been able to respond. I see X500 address for new users not the users that where moved from our exchange 55 servers. We did a in place install of our exchange 2003, we joined the 55 org when we did the install. I know our web developers are very use to using SQL format for their databases. Do you have a good place I could direct them to use another format? Thanks,jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Tuesday, May 30, 2006 10:42 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Query for user AD info from web application Third, an X500 address would be unusual,... Not an everyday occurrence, I agree, but I see these pretty frequently with organizations that have migrated within Exchange 5.5 and then have migrated to Exchange 2000/2003 (or an ADC is in place). Typically, they are used to support replies to emails in situations where the sender's DN has changed. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, 31 May 2006 11:48 a.m. To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Query for user AD info from web application First off I generally try to dissuade folks from using the SQL format for querying LDAP directories, it makes developers think capability exists that doesn't. Second, mail attribute is not going to have any type of address other than SMTP. Third, an X500 address would be unusual, do you mean X400 address? Every mailbox has an X400 address by default, that will be maintained in proxyAddresses and textEncodedOrAddress (same value in both). The only default X500 address in Exchange would be what is used for the legacyExchangeDN which is not maintained in proxyAddresses. The only time you would have an X500 in proxyAddresses is if you manually added it (say you modified the LEDN and wanted to keep the old one around for routing, permissions, etc). joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway Sent: Tuesday, May 30, 2006 2:59 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Query for user AD info from web application Our internet web application use AD to pull user information. They start with the users email address and then look up other information. We've notice today that if a user has a X500 address our query doesn't work. Here's what the web developer sent me SELECT displayName FROM 'GC://DOMAIN.COM' WHERE objectCategory='organizationalPerson' AND ((mail = '[EMAIL PROTECTED]')) I don't know why a X500 address would mess this up, ideas? Thanks,jb -- Jason Benway Network Services Manager [EMAIL PROTECTED] GHSP 1250 S.Beechtree Grand Haven, MI 49417 616-847-8474 Fax: 616-850-1208 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] Query for user AD info from web application
Sorry, I've been out a few days and haven't been able to respond. I see X500 address for new users not the users that where moved from our exchange 55 servers. We did a in place install of our exchange 2003, we joined the 55 org when we did the install. I know our web developers are very use to using SQL format for their databases. Do you have a good place I could direct them to use another format? Thanks,jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Tuesday, May 30, 2006 10:42 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Query for user AD info from web application Third, an X500 address would be unusual,... Not an everyday occurrence, I agree, but I see these pretty frequently with organizations that have migrated within Exchange 5.5 and then have migrated to Exchange 2000/2003 (or an ADC is in place). Typically, they are used to support replies to emails in situations where the sender's DN has changed. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, 31 May 2006 11:48 a.m. To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Query for user AD info from web application First off I generally try to dissuade folks from using the SQL format for querying LDAP directories, it makes developers think capability exists that doesn't. Second, mail attribute is not going to have any type of address other than SMTP. Third, an X500 address would be unusual, do you mean X400 address? Every mailbox has an X400 address by default, that will be maintained in proxyAddresses and textEncodedOrAddress (same value in both). The only default X500 address in Exchange would be what is used for the legacyExchangeDN which is not maintained in proxyAddresses. The only time you would have an X500 in proxyAddresses is if you manually added it (say you modified the LEDN and wanted to keep the old one around for routing, permissions, etc). joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway Sent: Tuesday, May 30, 2006 2:59 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Query for user AD info from web application Our internet web application use AD to pull user information. They start with the users email address and then look up other information. We've notice today that if a user has a X500 address our query doesn't work. Here's what the web developer sent me SELECT displayName FROM 'GC://DOMAIN.COM' WHERE objectCategory='organizationalPerson' AND ((mail = '[EMAIL PROTECTED]')) I don't know why a X500 address would mess this up, ideas? Thanks,jb -- Jason Benway Network Services Manager [EMAIL PROTECTED] GHSP 1250 S.Beechtree Grand Haven, MI 49417 616-847-8474 Fax: 616-850-1208 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] Query for user AD info from web application
The search filter shown below would not be the cause of any issues associated with an X.500 address. We probably need to see more of the code. The attribute mail is single-valued, so the X500 address is stored in the proxyAddresses attribute. Once the displayName attribute is returned from the search what happens next? What follows is more likely to be where the issue lies, as you say that the web application then looks up other information. Does this include proxyAddresses? Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway Sent: Wednesday, 31 May 2006 6:59 a.m. To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Query for user AD info from web application Our internet web application use AD to pull user information. They start with the users email address and then look up other information. We've notice today that if a user has a X500 address our query doesn't work. Here's what the web developer sent me SELECT displayName FROM 'GC://DOMAIN.COM' WHERE objectCategory='organizationalPerson' AND ((mail = '[EMAIL PROTECTED]')) I don't know why a X500 address would mess this up, ideas? Thanks,jb -- Jason Benway Network Services Manager [EMAIL PROTECTED] GHSP 1250 S.Beechtree Grand Haven, MI 49417 616-847-8474 Fax: 616-850-1208 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] Query for user AD info from web application
I assume you mean an X.400 address? I would guess that the translation between PseudoSQL and LDAP doesn't properly escape the literal strings. Try using the LDAP escaping rules on the X.400 email address, e.g. instead of 'g=john,s=smith,o=foo,prmd=bar' etc., try 'g\3djohn\3bs\3dsmith\3b' etc... where \3d represents the '=' and \3b represents the ';'. Just a guess... -gil From: [EMAIL PROTECTED] on behalf of Jason Benway Sent: Tue 5/30/2006 11:58 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Query for user AD info from web application Our internet web application use AD to pull user information. They start with the users email address and then look up other information. We've notice today that if a user has a X500 address our query doesn't work. Here's what the web developer sent me SELECT displayName FROM 'GC://DOMAIN.COM' WHERE objectCategory='organizationalPerson' AND ((mail = '[EMAIL PROTECTED]')) I don't know why a X500 address would mess this up, ideas? Thanks,jb -- Jason Benway Network Services Manager [EMAIL PROTECTED] GHSP 1250 S.Beechtree Grand Haven, MI 49417 616-847-8474 Fax: 616-850-1208 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx winmail.dat
RE: [ActiveDir] Query for user AD info from web application
First off I generally try to dissuade folks from using the SQL format for querying LDAP directories, it makes developers think capability exists that doesn't. Second, mail attribute is not going to have any type of address other than SMTP. Third, an X500 address would be unusual, do you mean X400 address? Every mailbox has an X400 address by default, that will be maintained in proxyAddresses and textEncodedOrAddress (same value in both). The only default X500 address in Exchange would be what is used for the legacyExchangeDN which is not maintained in proxyAddresses. The only time you would have an X500 in proxyAddresses is if you manually added it (say you modified the LEDN and wanted to keep the old one around for routing, permissions, etc). joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway Sent: Tuesday, May 30, 2006 2:59 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Query for user AD info from web application Our internet web application use AD to pull user information. They start with the users email address and then look up other information. We've notice today that if a user has a X500 address our query doesn't work. Here's what the web developer sent me SELECT displayName FROM 'GC://DOMAIN.COM' WHERE objectCategory='organizationalPerson' AND ((mail = '[EMAIL PROTECTED]')) I don't know why a X500 address would mess this up, ideas? Thanks,jb -- Jason Benway Network Services Manager [EMAIL PROTECTED] GHSP 1250 S.Beechtree Grand Haven, MI 49417 616-847-8474 Fax: 616-850-1208 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] Query for user AD info from web application
Third, an X500 address would be unusual,... Not an everyday occurrence, I agree, but I see these pretty frequently with organizations that have migrated within Exchange 5.5 and then have migrated to Exchange 2000/2003 (or an ADC is in place). Typically, they are used to support replies to emails in situations where the sender's DN has changed. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, 31 May 2006 11:48 a.m. To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Query for user AD info from web application First off I generally try to dissuade folks from using the SQL format for querying LDAP directories, it makes developers think capability exists that doesn't. Second, mail attribute is not going to have any type of address other than SMTP. Third, an X500 address would be unusual, do you mean X400 address? Every mailbox has an X400 address by default, that will be maintained in proxyAddresses and textEncodedOrAddress (same value in both). The only default X500 address in Exchange would be what is used for the legacyExchangeDN which is not maintained in proxyAddresses. The only time you would have an X500 in proxyAddresses is if you manually added it (say you modified the LEDN and wanted to keep the old one around for routing, permissions, etc). joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway Sent: Tuesday, May 30, 2006 2:59 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Query for user AD info from web application Our internet web application use AD to pull user information. They start with the users email address and then look up other information. We've notice today that if a user has a X500 address our query doesn't work. Here's what the web developer sent me SELECT displayName FROM 'GC://DOMAIN.COM' WHERE objectCategory='organizationalPerson' AND ((mail = '[EMAIL PROTECTED]')) I don't know why a X500 address would mess this up, ideas? Thanks,jb -- Jason Benway Network Services Manager [EMAIL PROTECTED] GHSP 1250 S.Beechtree Grand Haven, MI 49417 616-847-8474 Fax: 616-850-1208 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx