Most Active Directory access really just goes through LDAP and I don’t
know if it’s possible through LDAP – and if it’s possible, how to do
it, or who has implemented it in Ruby. I’d like to be able to get a list
of computers in a domain, in a OU, etc. using Ruby. I’ve looked around
(rubyforge, mainly, but google is also a good friend) but haven’t found
promising gems.
Is my understanding just incorrect?
–Aldric
On Thu, Nov 13, 2008 at 5:02 PM, Aldric G.
[email protected]wrote:
Most Active Directory access really just goes through LDAP and I don’t
know if it’s possible through LDAP – and if it’s possible, how to do
it, or who has implemented it in Ruby. I’d like to be able to get a list
of computers in a domain, in a OU, etc. using Ruby. I’ve looked around
(rubyforge, mainly, but google is also a good friend) but haven’t found
promising gems.
Is my understanding just incorrect?–Aldric
Hi Aldric,
Have you had a look at Ruby Net::LDAP?
http://rubyfurnace.com/docs/ruby-net-ldap-0.0.4/
[email protected] wrote:
(first hit on google for “ldap active directory query examples”)
Filter for computers:
(objectCategory=computer)
You can do this query using either objectClass or objectCategory.
objectClass is indexed but objectCategory is not indexed. If you
query a large domain using the unindexed attribute, the query
interrogates every object in the domain. Traps for the unwary 
If you want just the users, no computers, you need:
(&(objectCategory=person)(objectClass=user)(!objectClass=computer))
The rest of brabuhr’s advice is good.
Clifford H…
Thank you to everyone - it’s working like a charm!
On Thu, Nov 13, 2008 at 6:02 PM, Aldric G. [email protected]
wrote:
Most Active Directory access really just goes through LDAP and I don’t
know if it’s possible through LDAP – and if it’s possible, how to do
it, or who has implemented it in Ruby. I’d like to be able to get a list
of computers in a domain, in a OU, etc…
http://www.petri.co.il/ldap_search_samples_for_windows_2003_and_exchange.htm
(first hit on google for “ldap active directory query examples”)
Filter for computers:
(objectCategory=computer)
To restrict to an OU, set the search base of the query to the OU.
For access from Ruby, look at net-ldap as suggested by Sammy L…
Aldric,
Any chance you would be willing to share the code you used to access AD
via LDAP? I’ve tried the ActiveLdap and ActiveDirectory gems and so far
have not had any success.
Thanks,
Matt
----- Original Message -----
From: “Aldric G.” [email protected]
To: “ruby-talk ML” [email protected]
Sent: Friday, November 14, 2008 9:37:15 AM GMT -06:00 US/Canada Central
Subject: Re: Active Directory access - not just users, but computers too
Thank you to everyone - it’s working like a charm!
Hi,
In 93821991.1744261226699370463.JavaMail.root@zcs10
“Re: Active Directory access - not just users, but computers too” on
Sat, 15 Nov 2008 06:47:09 +0900,
Matt M. [email protected] wrote:
Any chance you would be willing to share the code you used to access AD via LDAP? I’ve tried the ActiveLdap and ActiveDirectory gems and so far have not had any success.
Please show the detail for the ActiveLdap try.
I’m one of the ActiveLdap developers.
Thanks,
Hi Matt,
I pretty much followed the sample ruby-ldap documentation - here’s how
it came out:
require ‘rubygems’
require ‘net/ldap’
ldap = Net::LDAP.new :host => “servername”,
:port => 389,
:auth => {
:method => :simple,
:username => “user”,
:password => “password”
}
The code worked without ‘rubygems’ for me but I figured I could afford
the RAM in exchange for peace of mind. I also had some issues connecting
properly at first, as the :username string is a lot more complex in the
ruby-ldap documentation.
HTH,
–Aldric
Hi Kouhei,
I know you from the ActiveLdap list and probably should have asked my
question there first. 
My AD server requires secure LDAP so I have
to use 636.
ad.rb<<<
require ‘myconstants’
class AdUser < ActiveLdap::Base
ldap_mapping :dn_attribute => ‘sAMAccountName’, :prefix => ‘dc=ad’,
:classes => [‘top’,‘person’,‘user’]
end
class AdGroup < ActiveLdap::Base
ldap_mapping :dn_attribute => ‘cn’, :prefix => ‘’,
:classes => [‘top’,‘group’]
end
ActiveLdap::Base.establish_connection(:host => ‘ldap.dom.edu’,
:port => 636,
:base => ‘dc=dom,dc=edu’,
:bind_dn => AdAdmin,
:password => AdPW,
:allow_anonymous => false )
def ad_user_search(attribute, value, returns)
AdUser.find(
:all,
:attribute => attribute,
:value => value,
:attributes => returns
)
end
test.rb<<<
#!/usr/local/bin/ruby
$LOAD_PATH << ‘…/dom_ruby_libs’
require ‘rubygems’
require ‘active_ldap’
require ‘ad’
require ‘myconstants’
puts “===AD===”
ad_user = ad_user_search(‘sAMAccountName’, ‘myusername’, [‘cn’,‘sn’])
ad_user.each do |user|
puts user.inspect
end
----- Original Message -----
From: “Kouhei S.” [email protected]
To: “ruby-talk ML” [email protected]
Sent: Friday, November 14, 2008 8:59:48 PM GMT -06:00 US/Canada Central
Subject: Re: Active Directory access - not just users, but computers too
Hi,
In 93821991.1744261226699370463.JavaMail.root@zcs10
“Re: Active Directory access - not just users, but computers too” on
Sat, 15 Nov 2008 06:47:09 +0900,
Matt M. [email protected] wrote:
Any chance you would be willing to share the code you used to access AD via LDAP? I’ve tried the ActiveLdap and ActiveDirectory gems and so far have not had any success.
Please show the detail for the ActiveLdap try.
I’m one of the ActiveLdap developers.
Thanks,
Hi,
In 1177410494.1808491226769419255.JavaMail.root@zcs10
“Re: Active Directory access - not just users, but computers too” on
Sun, 16 Nov 2008 02:14:42 +0900,
Matt M. [email protected] wrote:
end
:password => AdPW,
end
require ‘active_ldap’
require ‘ad’
require ‘myconstants’puts “===AD===”
ad_user = ad_user_search(‘sAMAccountName’, ‘myusername’, [‘cn’,‘sn’])
ad_user.each do |user|
puts user.inspect
end
It seems that you miss :method => :ssl option in
establish_connection options. And did you get what error
message?
Thanks,
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs