Asp classic 来自AD的经典ASP组织结构
我有以下代码从Active Directory中提取组织结构:Asp classic 来自AD的经典ASP组织结构,asp-classic,active-directory,ldap,Asp Classic,Active Directory,Ldap,我有以下代码从Active Directory中提取组织结构: <%@ Language="VBScript"%> <% response.Buffer = True 'Define the AD OU that contains our users dim department %> <!--#include file="includes/functions.asp"--> <!--#include file="includes/displa
<%@ Language="VBScript"%>
<% response.Buffer = True
'Define the AD OU that contains our users
dim department
%>
<!--#include file="includes/functions.asp"-->
<!--#include file="includes/display.asp"-->
<h1>Organisational Structure</h1>
<div class="commandspace">
<p class="infotext">The org structure can be viewed with or without staff, indented or left justified.</p>
</div>
<div class="Structure_Item_1">
<%
ADUser = "LDAP://OU=Staff,OU=Users,DC=DOMAIN,DC=internal"
' Make AD connection and run query
Set objCon = Server.CreateObject("ADODB.Connection")
objCon.provider ="ADsDSOObject"
objCon.Properties("User ID") = "DOMAIN\example_user"
objCon.Properties("Password") = "password"
objCon.Properties("Encrypt Password") = TRUE
objCon.open "Active Directory Provider"
Set objCom = CreateObject("ADODB.Command")
Set objCom.ActiveConnection = objCon
objCom.CommandText ="select company FROM '"& ADUser &"' where company ='*' ORDER by company ASC"
Set objRS = objCom.Execute
' Loop over returned recordset and output HTML
Do While Not objRS.EOF Or objRS.BOF
Response.Write "<div id='Structure_Item_Field'>" & objRS("company") & "</div>"
Set objCom = CreateObject("ADODB.Command")
Set objCom.ActiveConnection = objCon
objCom.CommandText ="select department FROM '"& ADUser &"' where company ='*" & objRS("company") & "*' ORDER BY company ASC"
Set department = objCom.Execute
' Loop over returned recordset and output HTML
Do While Not department.EOF Or department.BOF
Response.Write " " & department("department") & "<br>"
'  is the HTML entity of a space character. I put   four times so that the department is indented four spaces
Set objCom = CreateObject("ADODB.Command")
Set objCom.ActiveConnection = objCon
objCom.CommandText ="select givenName, sn FROM '"& ADUser &"' where department ='*" & department("department") & "*' ORDER by givenName ASC"
Set names = objCom.Execute
Do While Not names.EOF Or names.BOF
Response.Write " " & names("givenName") & " " & names("sn") & "<br>"
names.MoveNext
Response.Flush
Loop
department.MoveNext
Response.Flush
Loop
objRS.MoveNext
Response.Flush
Loop
' Clean up
objRS.Close
objCon.Close
Set objRS = Nothing
Set objCon = Nothing
Set objCom = Nothing
%>
如果您提供更多信息,比如一些关于代码不同部分所花时间的跟踪/计时信息,您将在这里获得更好的帮助。同样,你也对SQL注入攻击开放,想想看。@G.Stoynev:这段代码究竟如何对SQL注入开放????他没有从用户那里得到任何信息。我厌倦了无用的恐惧宣传。我并不是故意让其他用户那么不高兴:-)@Martha,你认为大多数倾向于SQL注入的代码都是这样的吗:“我知道如何编写糟糕风格的即席查询,所以我会故意这么做!”。我想,如果我注意到了什么,我和你都有责任提及。格式错误的公司或部门如何?公司或部门名称中只有一个撇号如何?编码风格如何?顺便说一句,我是在电话上读到这篇文章的,所以我完全不知道ADUser来自哪里,但就是因为缺乏风格,我说“我想”