It is very easy to retrieve TLS/SSL certificate bound to a web server. You can use any Internet browser to navigate to the site and then you can view the certificate.
How do you get a certificate details from a non-HTTP endpoints? like LDAP for example.
Fortunately, you can use OpenSSL to retrieve the certificate
> openssl s_client -connect address-of-the-endpoint:636
Enjoy!
Showing posts with label ldap. Show all posts
Showing posts with label ldap. Show all posts
Thursday, June 14, 2018
Monday, April 07, 2008
Find the users' OU from Active Directory
If you need to find the Active Directory user accounts' OU, run the following script:
Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
REM get the filename
If WSCript.Arguments.Count <> 1 Then
WScript.Echo "Text file contains user accounts must be supplied"
WScript.Quit 0
End If
dim filenamefilename = WScript.Arguments.Item(0)
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objDictionary = CreateObject("Scripting.Dictionary")
Const ForReading = 1
Set objFile = objFSO.OpenTextFile (filename, ForReading)
i = 0
Do Until objFile.AtEndOfStream
strNextLine = objFile.Readline
If strNextLine <> "" Then
getOu strNextLine
End If
i = i + 1
Loop
objFile.Close
REM Sub to get username OU
Sub getOu( username )
objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://dc=domain,dc=com'" & "WHERE objectCategory='user' " & "AND sAMAccountName='" & username & "'"
Set objRecordSet = objCommand.Execute
If objRecordSet.EOF Then
WScript.Echo username & " does not exist "
Else
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
strDN = objRecordSet.Fields("distinguishedName").Value
arrPath = Split(strDN, ",")
dim uOu
for each ou in arrPath
if Left( ou, 3 ) = "OU=" Then
if uOu = "" Then
uOu = ou
else
uOu = uOu & "," & ou
end if
end if
Next
uOu = username & " : " & uOu
Wscript.Echo uOu
objRecordSet.MoveNext
Loop
End If
End Sub
copy the above code to .vbs file (e.g. getOu.vbs). You also need to change the domain name from the LDAP query to your domain name in the code above.
Next, you need to create a text file just having a username per-line, e.g. users.txt
bgates
dduck
Next, run the the following:
cscript getOu.vbs c:\users.txt
Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
REM get the filename
If WSCript.Arguments.Count <> 1 Then
WScript.Echo "Text file contains user accounts must be supplied"
WScript.Quit 0
End If
dim filenamefilename = WScript.Arguments.Item(0)
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objDictionary = CreateObject("Scripting.Dictionary")
Const ForReading = 1
Set objFile = objFSO.OpenTextFile (filename, ForReading)
i = 0
Do Until objFile.AtEndOfStream
strNextLine = objFile.Readline
If strNextLine <> "" Then
getOu strNextLine
End If
i = i + 1
Loop
objFile.Close
REM Sub to get username OU
Sub getOu( username )
objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://dc=domain,dc=com'" & "WHERE objectCategory='user' " & "AND sAMAccountName='" & username & "'"
Set objRecordSet = objCommand.Execute
If objRecordSet.EOF Then
WScript.Echo username & " does not exist "
Else
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
strDN = objRecordSet.Fields("distinguishedName").Value
arrPath = Split(strDN, ",")
dim uOu
for each ou in arrPath
if Left( ou, 3 ) = "OU=" Then
if uOu = "" Then
uOu = ou
else
uOu = uOu & "," & ou
end if
end if
Next
uOu = username & " : " & uOu
Wscript.Echo uOu
objRecordSet.MoveNext
Loop
End If
End Sub
copy the above code to .vbs file (e.g. getOu.vbs). You also need to change the domain name from the LDAP query to your domain name in the code above.
Next, you need to create a text file just having a username per-line, e.g. users.txt
bgates
dduck
Next, run the the following:
cscript getOu.vbs c:\users.txt
Thursday, December 21, 2006
Get the users' memberOf from Active Directory
Sometime you need to do an audit of your Enterprise users and make sure they are a member of the proper security group and distribution list within your Active Directory.
Here is the code in VBScript and talking to AD with LDAP:
On Error Resume Next
Dim OutPutFileDim FileSystem
Set FileSystem = WScript.CreateObject("Scripting.FileSystemObject")
Set OutPutFile = FileSystem.CreateTextFile("users.txt", True)
'-- Number value of the error return by ADSI if the '-- memberOf attribute cannot be found.
'==================================================
Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D
'-- Bind to the Users container'==============================
Set objOU = GetObject("LDAP://OU=Users,dc=domain,dc=com")
'-- Initialize the array for user accounts.
'==========================================
ObjOU.Filter= Array("user")
'-- Control Loop
'===============
For Each objUser in objOU
OutPutFile.WriteLine objUser.cn & " is a member of: "
'-- Use the GetEX method to intialize the array for group
'-- membership. Get method cannot be used as it does not
'-- multivalued attributes (user can be member of many groups.)
'============================================================== arrMemberOf = objUser.GetEx("memberOf")
'-- If the error is not raised from ADSI, then list the
'-- groups that are entries within the arrMemberOf array.
'-- If error is raised, display notification on screen.
'========================================================
If Err.Number <> E_ADS_PROPERTY_NOT_FOUND Then
For Each Group in arrMemberOf
OutPutFile.WriteLine vbTab & Group
Next
Else
Err.Clear
End If
Next
'Clean up
OutPutFile.CloseSet
FileSystem = Nothing
Here is the code in VBScript and talking to AD with LDAP:
On Error Resume Next
Dim OutPutFileDim FileSystem
Set FileSystem = WScript.CreateObject("Scripting.FileSystemObject")
Set OutPutFile = FileSystem.CreateTextFile("users.txt", True)
'-- Number value of the error return by ADSI if the '-- memberOf attribute cannot be found.
'==================================================
Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D
'-- Bind to the Users container'==============================
Set objOU = GetObject("LDAP://OU=Users,dc=domain,dc=com")
'-- Initialize the array for user accounts.
'==========================================
ObjOU.Filter= Array("user")
'-- Control Loop
'===============
For Each objUser in objOU
OutPutFile.WriteLine objUser.cn & " is a member of: "
'-- Use the GetEX method to intialize the array for group
'-- membership. Get method cannot be used as it does not
'-- multivalued attributes (user can be member of many groups.)
'============================================================== arrMemberOf = objUser.GetEx("memberOf")
'-- If the error is not raised from ADSI, then list the
'-- groups that are entries within the arrMemberOf array.
'-- If error is raised, display notification on screen.
'========================================================
If Err.Number <> E_ADS_PROPERTY_NOT_FOUND Then
For Each Group in arrMemberOf
OutPutFile.WriteLine vbTab & Group
Next
Else
Err.Clear
End If
Next
'Clean up
OutPutFile.CloseSet
FileSystem = Nothing