Delphi-PRAXiS - Einzelnen Beitrag anzeigen

**TigerLilly**

This is the Code to get the SID for an user and a domain:

Code:

			function GetSIDFromAD(sDomain, sUSername: string; var sError: string): string;

var

  adoConnectionData: TADOConnection;

  i:      integer;

  n:      integer;

  nDim:   integer;

  nUpper: integer;

  qQuery: TAdoQuery;

  s:      string;

  sName:  string;

  sResult: string;

  sSql:   string;

  v:      variant;

  oSID:   PSID;

begin

  Result := '';

  sError := '';

  try

    adoConnectionData := TADOConnection.Create(nil);

    qQuery := TADOQuery.Create(nil);

    qQuery.Connection := adoConnectionData;

    adoConnectionData.Name := 'adoConnectionData';

    adoConnectionData.ConnectionString := 'Mode=Read;';

    adoConnectionData.LoginPrompt := False;

    adoConnectionData.Provider := 'ADsDSOObject';

    adoConnectionData.Connected := True;

    o_Log.Log('SID aus dem AD' + ' - verbunden', llDebug);

    sSql := 'select objectSID from ''LDAP://' + sDomain + ''' where objectClass=''person'' and sAMAccountName=' +

      QuotedStr(sUSername);

    o_Log.Log(sSql, llDebug);

    qQuery.SQL.Text := sSql;

    qQuery.Open;

    o_Log.Log('SID aus dem AD' + ' - Abfrage erfolgreich geöffnet', llDebug);

    if (qQuery.EOF) then begin

      o_Log.Log('SID aus dem AD' + ' - kein Datensatz vorhanden', llDebug);

      s := '';

    end else begin

      o_Log.Log('SID aus dem AD' + ' - Datensatz vorhanden', llDebug);

      o_Log.Log('SID aus dem AD' + ' - Daten konvertieren - zuweisen', llDebug);

      v := qQuery.Fields[0].Value;

      o_Log.Log('SID aus dem AD' + ' - Daten konvertieren - Lock Array', llDebug);

      oSID := VarArrayLock(v);

      o_Log.Log('SID aus dem AD' + ' - Daten konvertieren - SID --> String', llDebug);

      s := SIDToString(oSID);

      o_Log.Log('SID aus dem AD' + ' - Daten konvertieren - Unlock Array', llDebug);

      VarArrayUnlock(v);

    end;

    Result := s;

    o_Log.Log('SID aus dem AD:' + s, llDebug);

  except

    on e: Exception do begin

      sError := e.Message;

      o_Log.Log('SID aus dem AD ' + 'Fehler: ' + sError, llDebug);

    end;

  end;

end;

These are the SQL statements for retrieving the groups for a user and for retrieving groups via a wildcard for a given domain:

markieren

Code:

			  sSql := 'select memberof from ''LDAP://' + sDomain + ''' where objectClass=''person'' and sAMAccountName=' +

        QuotedStr(sUSername);

  sSQL := 'select sAMAccountName,member from ''LDAP://' + sDomain +

        ''' where objectClass=''group'' and sAMAccountName = ''*' + sGroupBase + '*''';

And this is the core loop, iterating of the users/groups and outputting attributes, even the enumerating ones:

markieren

Code:

			    while not qQuery.EOF do begin

      o_Log.Log('>>> neue Zeile <<<', llDebug);

      for i := 0 to qQuery.FieldCount - 1 do begin

        o_Log.Log('Feld Nr: ' + IntToStr(i), llDebug);

        o_Log.Log('Name   : ' + qQuery.Fields[i].FieldName, llDebug);

        try

          v := qQuery.Fields[i].Value;

          o_Log.Log('Typ  : ' + VarTypeAsText(VarType(v)), llDebug);

          nDim := VarArrayDimCount(v);

          if (nDim = 0) then begin

            o_Log.Log('Als String:' + VarToStr(v), llDebug);

          end else begin

            nUpper := VarArrayHighBound(v, 1);

            nLower := VarArrayLowBound(v, 1);

            o_Log.Log('Lower: ' + IntToStr(nLower), llDebug);

            o_Log.Log('Upper: ' + IntToStr(nUpper), llDebug);

            s1 := '';

            for n := nLower to nUpper do begin

              try

                s  := s + ', ' + v[n];

                s1 := s1 + ', ' + v[n];

              except

                on e: Exception do begin

                  o_Log.Log(e.message, llDebug);

                end;

              end;

            end;

            o_Log.Log('Feldinhalt: ' + s1, llDebug);

          end;

        except

          on e: Exception do begin

            o_Log.Log(e.message, llDebug);

          end;

        end;

      end;

      o_Log.Log('Satzinhalt gesamt: ' + s, llDebug);

The last step is to extract CN= entries to get the names and compare either the name of the group or the name or the SID (if trusted domain) of the members.

Einzelnen Beitrag anzeigen

AW: Active Directory und Trusted Domain