Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
PowerShell Connect to Oracle Internet Directory and return object as Text. Associated blogpost https://blog.darrenjrobinson.com/querying-oracle-internet-directory-ldap-with-powershell/
# Needs reference to .NET assembly used in the script.
Add-Type -AssemblyName System.DirectoryServices.Protocols
function Get-LdapObject {
[CmdletBinding()]
param(
[Parameter(Mandatory)]
[ValidateNotNull()]
[System.DirectoryServices.Protocols.LdapConnection] $LdapConnection,
[Parameter(ParameterSetName = 'DistinguishedName',
Mandatory)]
[String] $Identity,
[Parameter(ParameterSetName = 'LdapFilter',
Mandatory)]
[Alias('Filter')]
[String] $LdapFilter,
[Parameter(ParameterSetName = 'LdapFilter',
Mandatory)]
[String] $SearchBase,
[Parameter(ParameterSetName = 'LdapFilter')]
[System.DirectoryServices.Protocols.SearchScope] $Scope = [System.DirectoryServices.Protocols.SearchScope]::Subtree,
[Parameter()]
[String[]] $Property,
[Parameter()]
[ValidateSet('String', 'ByteArray')]
[String] $AttributeFormat = 'String',
# Do not attempt to clean up the LDAP output - provide the output as-is
[Parameter()]
[Switch] $Raw
)
begin {
if ($AttributeFormat -eq 'String') {
$attrType = [string]
}
else {
$attrType = [byte[]]
}
}
process {
$request = New-Object -TypeName System.DirectoryServices.Protocols.SearchRequest
if ($PSCmdlet.ParameterSetName -eq 'DistinguishedName') {
$request.DistinguishedName = $Identity
}
else {
$request.Filter = $LdapFilter
$request.DistinguishedName = $SearchBase
}
if (-not $Property -or $Property -contains '*') {
Write-Output "Get-LdapObject Returning all properties"
}
else {
foreach ($p in $Property) {
[void] $request.Attributes.Add($p)
}
}
Write-Output "Get-LdapObject Sending LDAP request"
$response = $LdapConnection.SendRequest($request)
if (-not $response) {
Write-Verbose "No response was returned from the LDAP server."
return
}
if ($response.ResultCode -eq 'Success') {
if ($Raw) {
Write-Output ($response.Entries)
}
else {
# Convert results to a PSCustomObject.
foreach ($e in $response.Entries) {
$hash = @{
PSTypeName = 'LdapObject'
DistinguishedName = $e.DistinguishedName
# Controls = $e.Controls # Not actually sure what this is
}
# Attributes are returned as an instance of the class
# System.DirectoryServices.Protocols.DirectoryAttribute.
# Translate that to a more PowerShell-friendly format here.
foreach ($a in $e.Attributes.Keys | Sort-Object) {
Write-Output "Get-LdapObject Adding type [$a]"
$hash[$a] = $e.Attributes[$a].GetValues($attrType) | Expand-Collection
}
Write-Output ([PSCustomObject] $hash)
}
return
}
}
Write-Output $response
}
}
function Expand-Collection {
# Simple helper function to expand a collection into a PowerShell array.
# The advantage to this is that if it's a collection with a single element,
# PowerShell will automatically parse that as a single entry.
[CmdletBinding()]
param(
[Parameter(Mandatory,
Position = 0,
ValueFromPipeline,
ValueFromRemainingArguments)]
[ValidateNotNull()]
[Object[]] $InputObject
)
process {
foreach ($i in $InputObject) {
ForEach-Object -InputObject $i -Process { Write-Output $_ }
}
}
}
$username = 'cn=ldapUser'
$pwd = 'S3cur3P@$$W0rd'
$server = "ldap.customer.com.au"
$port = "80001"
$password = $pwd | ConvertTo-SecureString -asPlainText -Force
# Top Level OU under which users are located
$ldapSearchBase = "cn=users,dc=customer,dc=com,dc=au"
# Filter to find the user we are connecting with
$ldapSearchFilter = "(&(objectClass=Person)($($username)))"
# Username and Password
$ldapCredentials = New-Object System.Net.NetworkCredential($username,$password)
# Create a Connection
$ldapConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection("$($server):$($port)",$ldapCredentials,"Basic")
# Connect and Search
$ldapConnection.Timeout = new-timespan -Seconds 1800
$ldapResponse = Get-LdapObject -LdapConnection $ldapConnection -LdapFilter $ldapSearchFilter -SearchBase $ldapSearchBase -Scope OneLevel
$ldapResponse
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.