Forum: Ruby Active Directory access - not just users, but computers too

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
76d5176f2419e5984d7680d1951c0b5e?d=identicon&s=25 Aldric Giacomoni (Guest)
on 2008-11-14 00:05
(Received via mailing list)
Most Active Directory access really just goes through LDAP and I don't
know if it's possible through LDAP -- and if it's possible, how to do
it, or who has implemented it in Ruby. I'd like to be able to get a list
of computers in a domain, in a OU, etc. using Ruby. I've looked around
(rubyforge, mainly, but google is also a good friend) but haven't found
promising gems.
Is my understanding just incorrect?

--Aldric
C765e688005e538c144a30c552fbcd22?d=identicon&s=25 Sammy Larbi (Guest)
on 2008-11-14 00:16
(Received via mailing list)
On Thu, Nov 13, 2008 at 5:02 PM, Aldric Giacomoni
<aldric@trevoke.net>wrote:

> Most Active Directory access really just goes through LDAP and I don't
> know if it's possible through LDAP -- and if it's possible, how to do
> it, or who has implemented it in Ruby. I'd like to be able to get a list
> of computers in a domain, in a OU, etc. using Ruby. I've looked around
> (rubyforge, mainly, but google is also a good friend) but haven't found
> promising gems.
> Is my understanding just incorrect?
>
> --Aldric


Hi Aldric,

Have you had a look at Ruby Net::LDAP?
http://rubyfurnace.com/docs/ruby-net-ldap-0.0.4/
E0c987f680cd640c14912ebfbf0f0f07?d=identicon&s=25 unknown (Guest)
on 2008-11-14 03:05
(Received via mailing list)
On Thu, Nov 13, 2008 at 6:02 PM, Aldric Giacomoni <aldric@trevoke.net>
wrote:
> Most Active Directory access really just goes through LDAP and I don't
> know if it's possible through LDAP -- and if it's possible, how to do
> it, or who has implemented it in Ruby. I'd like to be able to get a list
> of computers in a domain, in a OU, etc....

http://www.petri.co.il/ldap_search_samples_for_win...

(first hit on google for "ldap active directory query examples")

Filter for computers:
    (objectCategory=computer)

To restrict to an OU, set the search base of the query to the OU.

For access from Ruby, look at net-ldap as suggested by Sammy Larbi.
163755a5d3a5c57bd79c4f41bdda7a22?d=identicon&s=25 Clifford Heath (Guest)
on 2008-11-14 10:10
(Received via mailing list)
brabuhr@gmail.com wrote:
> (first hit on google for "ldap active directory query examples")
> Filter for computers:
>     (objectCategory=computer)

You can do this query using either objectClass or objectCategory.
objectClass is indexed but objectCategory is not indexed. If you
query a large domain using the unindexed attribute, the query
interrogates *every* object in the domain. Traps for the unwary ;-)

If you want just the users, no computers, you need:
(&(objectCategory=person)(objectClass=user)(!objectClass=computer))

The rest of brabuhr's advice is good.

Clifford Heath.
76d5176f2419e5984d7680d1951c0b5e?d=identicon&s=25 Aldric Giacomoni (Guest)
on 2008-11-14 16:40
(Received via mailing list)
Thank you to everyone - it's working like a charm!
C64627536f7fd653ba3f8019b0d93a43?d=identicon&s=25 Matt Mencel (Guest)
on 2008-11-14 22:51
(Received via mailing list)
Aldric,

Any chance you would be willing to share the code you used to access AD
via LDAP?  I've tried the ActiveLdap and ActiveDirectory gems and so far
have not had any success.

Thanks,
Matt


----- Original Message -----
From: "Aldric Giacomoni" <aldric@trevoke.net>
To: "ruby-talk ML" <ruby-talk@ruby-lang.org>
Sent: Friday, November 14, 2008 9:37:15 AM GMT -06:00 US/Canada Central
Subject: Re: Active Directory access - not just users, but computers too

Thank you to everyone - it's working like a charm!
76d5176f2419e5984d7680d1951c0b5e?d=identicon&s=25 Aldric Giacomoni (Guest)
on 2008-11-15 00:05
(Received via mailing list)
Hi Matt,
I pretty much followed the sample ruby-ldap documentation - here's how
it came out:
require 'rubygems'
require 'net/ldap'
ldap = Net::LDAP.new :host => "servername",
  :port => 389,
  :auth => {
    :method => :simple,
    :username => "user",
    :password => "password"
}

The code worked without 'rubygems' for me but I figured I could afford
the RAM in exchange for peace of mind. I also had some issues connecting
properly at first, as the :username string is a lot more complex in the
ruby-ldap documentation.

HTH,

--Aldric
Ee6ffca720cc428d70247dcd7377dd48?d=identicon&s=25 Kouhei Sutou (Guest)
on 2008-11-15 04:03
(Received via mailing list)
Hi,

In <93821991.1744261226699370463.JavaMail.root@zcs10>
  "Re: Active Directory access - not just users, but computers too" on
Sat, 15 Nov 2008 06:47:09 +0900,
  Matt Mencel <MR-Mencel@wiu.edu> wrote:

> Any chance you would be willing to share the code you used to access AD via LDAP?  I've 
tried the ActiveLdap and ActiveDirectory gems and so far have not had any success.

Please show the detail for the ActiveLdap try.
I'm one of the ActiveLdap developers.


Thanks,
C64627536f7fd653ba3f8019b0d93a43?d=identicon&s=25 Matt Mencel (Guest)
on 2008-11-16 11:20
(Received via mailing list)
Hi Kouhei,

I know you from the ActiveLdap list and probably should have asked my
question there first.  :)  My AD server requires secure LDAP so I have
to use 636.


>>>ad.rb<<<

require 'myconstants'

class AdUser < ActiveLdap::Base
  ldap_mapping :dn_attribute => 'sAMAccountName', :prefix => 'dc=ad',
          :classes => ['top','person','user']
end

class AdGroup < ActiveLdap::Base
  ldap_mapping :dn_attribute => 'cn', :prefix => '',
               :classes => ['top','group']
end

ActiveLdap::Base.establish_connection(:host => 'ldap.dom.edu',
                         :port => 636,
                         :base => 'dc=dom,dc=edu',
                         :bind_dn => AdAdmin,
                         :password => AdPW,
                         :allow_anonymous => false )

# Retrieve all users with some attribute
def ad_user_search(attribute, value, returns)
  AdUser.find(
    :all,
    :attribute => attribute,
    :value => value,
    :attributes => returns
  )
end


>>>test.rb<<<

#!/usr/local/bin/ruby


# NOTE...RUBY TIME CLASS MAY BE FASTER THAN DATE CLASS???
$LOAD_PATH << '../dom_ruby_libs'
require 'rubygems'
require 'active_ldap'
require 'ad'
require 'myconstants'

puts "===AD==="
ad_user = ad_user_search('sAMAccountName', 'myusername', ['cn','sn'])
ad_user.each do |user|
  puts user.inspect
end






----- Original Message -----
From: "Kouhei Sutou" <kou@cozmixng.org>
To: "ruby-talk ML" <ruby-talk@ruby-lang.org>
Sent: Friday, November 14, 2008 8:59:48 PM GMT -06:00 US/Canada Central
Subject: Re: Active Directory access - not just users, but computers too

Hi,

In <93821991.1744261226699370463.JavaMail.root@zcs10>
  "Re: Active Directory access - not just users, but computers too" on
Sat, 15 Nov 2008 06:47:09 +0900,
  Matt Mencel <MR-Mencel@wiu.edu> wrote:

> Any chance you would be willing to share the code you used to access AD via LDAP?  I've 
tried the ActiveLdap and ActiveDirectory gems and so far have not had any success.

Please show the detail for the ActiveLdap try.
I'm one of the ActiveLdap developers.


Thanks,
Ee6ffca720cc428d70247dcd7377dd48?d=identicon&s=25 Kouhei Sutou (Guest)
on 2008-11-16 12:27
(Received via mailing list)
Hi,

In <1177410494.1808491226769419255.JavaMail.root@zcs10>
  "Re: Active Directory access - not just users, but computers too" on
Sun, 16 Nov 2008 02:14:42 +0900,
  Matt Mencel <MR-Mencel@wiu.edu> wrote:

> end
>                          :password => AdPW,
> end
> require 'active_ldap'
> require 'ad'
> require 'myconstants'
>
> puts "===AD==="
> ad_user = ad_user_search('sAMAccountName', 'myusername', ['cn','sn'])
> ad_user.each do |user|
>   puts user.inspect
> end

It seems that you miss :method => :ssl option in
establish_connection options. And did you get what error
message?


Thanks,
This topic is locked and can not be replied to.