Setting "memberOf" attribute of the User Object with LDAP

Setting "memberOf" attribute of the User Object with LDAP

Post by Jesse Jone » Wed, 30 Jan 2002 23:43:31



I am using the code below to get and set the "memberOF"
 attribute of the User Object using the LDAP provider.
 When I try to get the value, nothing is returned for "varElement".
When I try to set this value using the Array parameter, it also fails.
Can someone tell me what I am doing incorrectly?

Set objADs = GetObject("LDAP://CN=Tim _
     Huckaby,CN=Users,DC=timhuck,DC=com")
   Response.Write("Display Name: " & objADs.Get("displayName"))
  varAttribute = objADs.Get("memberOf")
       for each varElement in varAttribute
       Response.Write(varElement) & "<BR>"
       next  objADs.Put("memberOf", Array("Group1", "Group2", "Group3"))

 
 
 

Setting "memberOf" attribute of the User Object with LDAP

Post by Jamie Vachon [MVP » Thu, 31 Jan 2002 00:11:37


You need to use the PutEx and GetEx methods for multi-valued attributes.

--
--------------------------------------------------------
Jamie M. Vachon
[MVP]
--------------------------------------------------------

Quote:> I am using the code below to get and set the "memberOF"
>  attribute of the User Object using the LDAP provider.
>  When I try to get the value, nothing is returned for "varElement".
> When I try to set this value using the Array parameter, it also fails.
> Can someone tell me what I am doing incorrectly?

> Set objADs = GetObject("LDAP://CN=Tim _
>      Huckaby,CN=Users,DC=timhuck,DC=com")
>    Response.Write("Display Name: " & objADs.Get("displayName"))
>   varAttribute = objADs.Get("memberOf")
>        for each varElement in varAttribute
>        Response.Write(varElement) & "<BR>"
>        next  objADs.Put("memberOf", Array("Group1", "Group2", "Group3"))


 
 
 

Setting "memberOf" attribute of the User Object with LDAP

Post by Jesse Jone » Thu, 31 Jan 2002 01:50:25


I tried both GetEx and PutEx, neither works.
When I print the contents of "memberOf", the values are blank.

The Microsoft documentation states that this property is not stored -
 but is a computed back-link attribute.
What does this mean? Does it have something to do with the type DC I am
binding to?



> You need to use the PutEx and GetEx methods for multi-valued attributes.

> --
> --------------------------------------------------------
> Jamie M. Vachon
> [MVP]
> --------------------------------------------------------


> > I am using the code below to get and set the "memberOF"
> >  attribute of the User Object using the LDAP provider.
> >  When I try to get the value, nothing is returned for "varElement".
> > When I try to set this value using the Array parameter, it also fails.
> > Can someone tell me what I am doing incorrectly?

> > Set objADs = GetObject("LDAP://CN=Tim _
> >      Huckaby,CN=Users,DC=timhuck,DC=com")
> >    Response.Write("Display Name: " & objADs.Get("displayName"))
> >   varAttribute = objADs.Get("memberOf")
> >        for each varElement in varAttribute
> >        Response.Write(varElement) & "<BR>"
> >        next  objADs.Put("memberOf", Array("Group1", "Group2", "Group3"))

 
 
 

Setting "memberOf" attribute of the User Object with LDAP

Post by Kevin Stanu » Thu, 31 Jan 2002 09:43:26


Unfortunately, you can't set this particular attribute.  The only way
to manage user group memberships is through the group itself
(IADsGroup) and ::Add or ::Remove individual members.  You can manage
the Member attribute for a Group, but not for a user.  I don't like
this limitation, as the old 'Net did not have it.  You might want to
take a look at the WinNT provider, since it appears to be built on the
Net API framework.

Kevin Stanush
SystemTools Software Inc.
http://www.systemtools.com
Home of 'Hyena' for Windows NT/2000 System Administration


> I tried both GetEx and PutEx, neither works.
> When I print the contents of "memberOf", the values are blank.

> The Microsoft documentation states that this property is not stored -
>  but is a computed back-link attribute.
> What does this mean? Does it have something to do with the type DC I am
> binding to?



> > You need to use the PutEx and GetEx methods for multi-valued attributes.

> > --
> > --------------------------------------------------------
> > Jamie M. Vachon
> > [MVP]
> > --------------------------------------------------------


> > > I am using the code below to get and set the "memberOF"
> > >  attribute of the User Object using the LDAP provider.
> > >  When I try to get the value, nothing is returned for "varElement".
> > > When I try to set this value using the Array parameter, it also fails.
> > > Can someone tell me what I am doing incorrectly?

> > > Set objADs = GetObject("LDAP://CN=Tim _
> > >      Huckaby,CN=Users,DC=timhuck,DC=com")
> > >    Response.Write("Display Name: " & objADs.Get("displayName"))
> > >   varAttribute = objADs.Get("memberOf")
> > >        for each varElement in varAttribute
> > >        Response.Write(varElement) & "<BR>"
> > >        next  objADs.Put("memberOf", Array("Group1", "Group2", "Group3"))

 
 
 

Setting "memberOf" attribute of the User Object with LDAP

Post by Max L. Vaug » Thu, 31 Jan 2002 10:31:19


The memberOf attribute is back linked to Member attribute of the user.  The link is maintained by the AD, this is why you cannot modify user to change the
memberof collection.

As kevin stated, you will need to bind to the group and use the IADsGroup::Add or IADs::PutEx method.  The backlink to the user will be updated by the
provider.  The only exception is when you are adding user or groups from a trusted domain and a Foreign Security Principals needs to be created.  In this
case, you will need to use the IADsGroup::Add method.

Sincerely,
Max Vaughn [MS]
Microsoft Developer Support

Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. You assume all risk for your use.