Fatal编程技术网
  • asp-classic/
  • Asp classic 来自AD的经典ASP组织结构

Asp classic 来自AD的经典ASP组织结构

asp-classic active-directory ldap

Asp classic 来自AD的经典ASP组织结构,asp-classic,active-directory,ldap,Asp Classic,Active Directory,Ldap,我有以下代码从Active Directory中提取组织结构: <%@ Language="VBScript"%> <% response.Buffer = True 'Define the AD OU that contains our users dim department %> <!--#include file="includes/functions.asp"--> <!--#include file="includes/displa

我有以下代码从Active Directory中提取组织结构:

<%@ Language="VBScript"%>
<% response.Buffer = True
 'Define the AD OU that contains our users
 dim department
 %>
 <!--#include file="includes/functions.asp"-->
 <!--#include file="includes/display.asp"-->
 <h1>Organisational Structure</h1>
 <div class="commandspace">
 <p class="infotext">The org structure can be viewed with or without staff, indented or left justified.</p>
 </div>
 <div class="Structure_Item_1">
 <% 
 ADUser = "LDAP://OU=Staff,OU=Users,DC=DOMAIN,DC=internal"
 ' Make AD connection and run query
 Set objCon = Server.CreateObject("ADODB.Connection")
 objCon.provider ="ADsDSOObject"
 objCon.Properties("User ID") = "DOMAIN\example_user"
 objCon.Properties("Password") = "password"
 objCon.Properties("Encrypt Password") = TRUE
 objCon.open "Active Directory Provider"
 Set objCom = CreateObject("ADODB.Command")
 Set objCom.ActiveConnection = objCon
 objCom.CommandText ="select company FROM '"& ADUser &"' where company ='*' ORDER by company ASC"
 Set objRS = objCom.Execute
 ' Loop over returned recordset and output HTML
 Do While Not objRS.EOF Or objRS.BOF
      Response.Write "<div id='Structure_Item_Field'>" & objRS("company") & "</div>"
      Set objCom = CreateObject("ADODB.Command")
      Set objCom.ActiveConnection = objCon
      objCom.CommandText ="select department FROM '"& ADUser &"' where company ='*" & objRS("company") & "*' ORDER BY company ASC"
      Set department = objCom.Execute
      ' Loop over returned recordset and output HTML
           Do While Not department.EOF Or department.BOF
           Response.Write "&nbsp;&nbsp;&nbsp;&nbsp;" & department("department") & "<br>"
           '&nbsp is the HTML entity of a space character. I put &nbsp four times so that the department is indented four spaces
           Set objCom = CreateObject("ADODB.Command")
           Set objCom.ActiveConnection = objCon
           objCom.CommandText ="select givenName, sn FROM '"& ADUser &"' where department ='*" & department("department") & "*' ORDER by givenName ASC"
           Set names = objCom.Execute
           Do While Not names.EOF Or names.BOF

                Response.Write "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;" & names("givenName") & " " & names("sn") & "<br>"
                names.MoveNext
                Response.Flush
           Loop
           department.MoveNext
           Response.Flush
      Loop

      objRS.MoveNext
      Response.Flush
 Loop
 ' Clean up
 objRS.Close
 objCon.Close
 Set objRS = Nothing
 Set objCon = Nothing
 Set objCom = Nothing
 %>



如果您提供更多信息,比如一些关于代码不同部分所花时间的跟踪/计时信息,您将在这里获得更好的帮助。同样,你也对SQL注入攻击开放,想想看。@G.Stoynev:这段代码究竟如何对SQL注入开放????他没有从用户那里得到任何信息。我厌倦了无用的恐惧宣传。我并不是故意让其他用户那么不高兴:-)@Martha,你认为大多数倾向于SQL注入的代码都是这样的吗:“我知道如何编写糟糕风格的即席查询,所以我会故意这么做!”。我想,如果我注意到了什么,我和你都有责任提及。格式错误的公司或部门如何?公司或部门名称中只有一个撇号如何?编码风格如何?顺便说一句,我是在电话上读到这篇文章的,所以我完全不知道ADUser来自哪里,但就是因为缺乏风格,我说“我想”