Doofenshmirtz
(Just in Town)
2012-08-17 03:29 PM
Unable to query LDAP unless a domain admin

I have a login script I wrote years ago and have used with minor tweaking at two different jobs/domains. Now, at the new job, the following code only works when I use my domain admin credentials:

 Code:
$objSys = CreateObject("ADSystemInfo") 
$objUser = GetObject("LDAP://"+$objSys.UserName)

select
	case @time <= "11:59:59" ? " Good morning, " ($objUser.givenName) + " " + ($objUser.sn)
	case @time >= "12:00:00" and @time <= "16:59:59" ? " Good afternoon, " ($objUser.givenName) + " " + ($objUser.sn)
	case @time >= "17:00:00" ? " Good evening, " ($objUser.givenName) + " " + ($objUser.sn)
endselect


With my regular domain user account, I get an error right after the "Good morning, " (or whatever the time case works out to) greeting. With domain admin, it runs just fine.

What could be causing this to not work for the average user?

Thanks!

LonkeroAdministrator
(KiX Master Guru)
2012-08-17 03:43 PM
Re: Unable to query LDAP unless a domain admin

permissions.

start from the beginning, add error lines and run:
 Code:
$objSys = CreateObject("ADSystemInfo") 
"objsys: " @error ?
$objUser = GetObject("LDAP://"+$objSys.UserName)
"objuser: " @error ?
get $


LonkeroAdministrator
(KiX Master Guru)
2012-08-17 03:44 PM
Re: Unable to query LDAP unless a domain admin

just a silly question... is there a reason why @fullname-macro doesn't work for you?

Doofenshmirtz
(Just in Town)
2012-08-17 04:50 PM
Re: Unable to query LDAP unless a domain admin

The results of the error lines as a user:
objsys: 0
objuser: -2147024843

The results of the error lines as a domain admin:
objsys: 0
objuser: 0

@fullname works just fine. The users full names here are lastName, firstName. Saying "Good morning, Doe, John" just looks bad. Concatenating their first name (givenName) and last name (sn) looks better. There are other LDAP attributes I am looking to display, too, at some point.

Glenn BarnasAdministrator
(KiX Supporter)
2012-08-17 04:57 PM
Re: Unable to query LDAP unless a domain admin

Try
 Code:
$Fullname = @FULLNAME
If InStr(@FULLNAME, ',')                   ; if last, first
  $aName=Split(@FULLNAME, ',')             ; split
  $FullName = @Name[1] + ' ' + $Name[0]    ; in reverse order
EndIf
Also, replace @ERROR with @SERROR for human-readable messages.

Glenn

AllenAdministrator
(KiX Supporter)
2012-08-17 05:08 PM
Re: Unable to query LDAP unless a domain admin

Converting the com error to a standard error...

 Code:
? VAL("&"+Right(DecToHex(-2147024843),4))


...returns 53... "The network path was not found."

Not sure that applies here, but it definitely feels like permissions.

Doofenshmirtz
(Just in Town)
2012-08-17 07:12 PM
Re: Unable to query LDAP unless a domain admin

Wow, never thought of splitting the full name. That will work nicely for now.

Thanks, Glenn!