Active Directory access - not just users, but computers too

Most Active Directory access really just goes through LDAP and I don’t
know if it’s possible through LDAP – and if it’s possible, how to do
it, or who has implemented it in Ruby. I’d like to be able to get a list
of computers in a domain, in a OU, etc. using Ruby. I’ve looked around
(rubyforge, mainly, but google is also a good friend) but haven’t found
promising gems.
Is my understanding just incorrect?

–Aldric

On Thu, Nov 13, 2008 at 5:02 PM, Aldric G.
[email protected]wrote:

Most Active Directory access really just goes through LDAP and I don’t
know if it’s possible through LDAP – and if it’s possible, how to do
it, or who has implemented it in Ruby. I’d like to be able to get a list
of computers in a domain, in a OU, etc. using Ruby. I’ve looked around
(rubyforge, mainly, but google is also a good friend) but haven’t found
promising gems.
Is my understanding just incorrect?

–Aldric

Hi Aldric,

Have you had a look at Ruby Net::LDAP?
http://rubyfurnace.com/docs/ruby-net-ldap-0.0.4/

[email protected] wrote:

(first hit on google for “ldap active directory query examples”)
Filter for computers:
(objectCategory=computer)

You can do this query using either objectClass or objectCategory.
objectClass is indexed but objectCategory is not indexed. If you
query a large domain using the unindexed attribute, the query
interrogates every object in the domain. Traps for the unwary :wink:

If you want just the users, no computers, you need:
(&(objectCategory=person)(objectClass=user)(!objectClass=computer))

The rest of brabuhr’s advice is good.

Clifford H…

Thank you to everyone - it’s working like a charm!

On Thu, Nov 13, 2008 at 6:02 PM, Aldric G. [email protected]
wrote:

Most Active Directory access really just goes through LDAP and I don’t
know if it’s possible through LDAP – and if it’s possible, how to do
it, or who has implemented it in Ruby. I’d like to be able to get a list
of computers in a domain, in a OU, etc…

http://www.petri.co.il/ldap_search_samples_for_windows_2003_and_exchange.htm

(first hit on google for “ldap active directory query examples”)

Filter for computers:
(objectCategory=computer)

To restrict to an OU, set the search base of the query to the OU.

For access from Ruby, look at net-ldap as suggested by Sammy L…

Aldric,

Any chance you would be willing to share the code you used to access AD
via LDAP? I’ve tried the ActiveLdap and ActiveDirectory gems and so far
have not had any success.

Thanks,
Matt

----- Original Message -----
From: “Aldric G.” [email protected]
To: “ruby-talk ML” [email protected]
Sent: Friday, November 14, 2008 9:37:15 AM GMT -06:00 US/Canada Central
Subject: Re: Active Directory access - not just users, but computers too

Thank you to everyone - it’s working like a charm!

Hi,

In [email protected]
“Re: Active Directory access - not just users, but computers too” on
Sat, 15 Nov 2008 06:47:09 +0900,
Matt M. [email protected] wrote:

Any chance you would be willing to share the code you used to access AD via LDAP? I’ve tried the ActiveLdap and ActiveDirectory gems and so far have not had any success.

Please show the detail for the ActiveLdap try.
I’m one of the ActiveLdap developers.

Thanks,

Hi Matt,
I pretty much followed the sample ruby-ldap documentation - here’s how
it came out:
require ‘rubygems’
require ‘net/ldap’
ldap = Net::LDAP.new :host => “servername”,
:port => 389,
:auth => {
:method => :simple,
:username => “user”,
:password => “password”
}

The code worked without ‘rubygems’ for me but I figured I could afford
the RAM in exchange for peace of mind. I also had some issues connecting
properly at first, as the :username string is a lot more complex in the
ruby-ldap documentation.

HTH,

–Aldric

Hi Kouhei,

I know you from the ActiveLdap list and probably should have asked my
question there first. :slight_smile: My AD server requires secure LDAP so I have
to use 636.

ad.rb<<<

require ‘myconstants’

class AdUser < ActiveLdap::Base
ldap_mapping :dn_attribute => ‘sAMAccountName’, :prefix => ‘dc=ad’,
:classes => [‘top’,‘person’,‘user’]
end

class AdGroup < ActiveLdap::Base
ldap_mapping :dn_attribute => ‘cn’, :prefix => ‘’,
:classes => [‘top’,‘group’]
end

ActiveLdap::Base.establish_connection(:host => ‘ldap.dom.edu’,
:port => 636,
:base => ‘dc=dom,dc=edu’,
:bind_dn => AdAdmin,
:password => AdPW,
:allow_anonymous => false )

Retrieve all users with some attribute

def ad_user_search(attribute, value, returns)
AdUser.find(
:all,
:attribute => attribute,
:value => value,
:attributes => returns
)
end

test.rb<<<

#!/usr/local/bin/ruby

NOTE…RUBY TIME CLASS MAY BE FASTER THAN DATE CLASS???

$LOAD_PATH << ‘…/dom_ruby_libs’
require ‘rubygems’
require ‘active_ldap’
require ‘ad’
require ‘myconstants’

puts “===AD===”
ad_user = ad_user_search(‘sAMAccountName’, ‘myusername’, [‘cn’,‘sn’])
ad_user.each do |user|
puts user.inspect
end

----- Original Message -----
From: “Kouhei S.” [email protected]
To: “ruby-talk ML” [email protected]
Sent: Friday, November 14, 2008 8:59:48 PM GMT -06:00 US/Canada Central
Subject: Re: Active Directory access - not just users, but computers too

Hi,

In [email protected]
“Re: Active Directory access - not just users, but computers too” on
Sat, 15 Nov 2008 06:47:09 +0900,
Matt M. [email protected] wrote:

Any chance you would be willing to share the code you used to access AD via LDAP? I’ve tried the ActiveLdap and ActiveDirectory gems and so far have not had any success.

Please show the detail for the ActiveLdap try.
I’m one of the ActiveLdap developers.

Thanks,

Hi,

In [email protected]
“Re: Active Directory access - not just users, but computers too” on
Sun, 16 Nov 2008 02:14:42 +0900,
Matt M. [email protected] wrote:

end
:password => AdPW,
end
require ‘active_ldap’
require ‘ad’
require ‘myconstants’

puts “===AD===”
ad_user = ad_user_search(‘sAMAccountName’, ‘myusername’, [‘cn’,‘sn’])
ad_user.each do |user|
puts user.inspect
end

It seems that you miss :method => :ssl option in
establish_connection options. And did you get what error
message?

Thanks,

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs