Most Active Directory access really just goes through LDAP and I don't
know if it's possible through LDAP -- and if it's possible, how to do
it, or who has implemented it in Ruby. I'd like to be able to get a list
of computers in a domain, in a OU, etc. using Ruby. I've looked around
(rubyforge, mainly, but google is also a good friend) but haven't found
promising gems.
Is my understanding just incorrect?
--Aldric
Hi Aldric,
Have you had a look at Ruby Net::LDAP?
http://rubyfurnace.com/docs/ruby-net-ldap-0.0.4/
On Thu, Nov 13, 2008 at 5:02 PM, Aldric Giacomoni <aldric@trevoke.net>wrote:
Most Active Directory access really just goes through LDAP and I don't
know if it's possible through LDAP -- and if it's possible, how to do
it, or who has implemented it in Ruby. I'd like to be able to get a list
of computers in a domain, in a OU, etc. using Ruby. I've looked around
(rubyforge, mainly, but google is also a good friend) but haven't found
promising gems.
Is my understanding just incorrect?--Aldric
(first hit on google for "ldap active directory query examples")
Filter for computers:
(objectCategory=computer)
To restrict to an OU, set the search base of the query to the OU.
For access from Ruby, look at net-ldap as suggested by Sammy Larbi.
On Thu, Nov 13, 2008 at 6:02 PM, Aldric Giacomoni <aldric@trevoke.net> wrote:
Most Active Directory access really just goes through LDAP and I don't
know if it's possible through LDAP -- and if it's possible, how to do
it, or who has implemented it in Ruby. I'd like to be able to get a list
of computers in a domain, in a OU, etc....
brabuhr@gmail.com wrote:
(first hit on google for "ldap active directory query examples")
Filter for computers:
(objectCategory=computer)
You can do this query using either objectClass or objectCategory.
objectClass is indexed but objectCategory is not indexed. If you
query a large domain using the unindexed attribute, the query
interrogates *every* object in the domain. Traps for the unwary 
If you want just the users, no computers, you need:
(&(objectCategory=person)(objectClass=user)(!objectClass=computer))
The rest of brabuhr's advice is good.
Clifford Heath.
Thank you to everyone - it's working like a charm!
Clifford Heath wrote:
brabuhr@gmail.com wrote:
(first hit on google for "ldap active directory query examples")
Filter for computers:
(objectCategory=computer)You can do this query using either objectClass or objectCategory.
objectClass is indexed but objectCategory is not indexed. If you
query a large domain using the unindexed attribute, the query
interrogates *every* object in the domain. Traps for the unwaryIf you want just the users, no computers, you need:
(&(objectCategory=person)(objectClass=user)(!objectClass=computer))The rest of brabuhr's advice is good.
Clifford Heath.
Aldric,
Any chance you would be willing to share the code you used to access AD via LDAP? I've tried the ActiveLdap and ActiveDirectory gems and so far have not had any success.
Thanks,
Matt
----- Original Message -----
From: "Aldric Giacomoni" <aldric@trevoke.net>
To: "ruby-talk ML" <ruby-talk@ruby-lang.org>
Sent: Friday, November 14, 2008 9:37:15 AM GMT -06:00 US/Canada Central
Subject: Re: Active Directory access - not just users, but computers too
Thank you to everyone - it's working like a charm!
Clifford Heath wrote:
brabuhr@gmail.com wrote:
(first hit on google for "ldap active directory query examples")
Filter for computers:
(objectCategory=computer)You can do this query using either objectClass or objectCategory.
objectClass is indexed but objectCategory is not indexed. If you
query a large domain using the unindexed attribute, the query
interrogates *every* object in the domain. Traps for the unwaryIf you want just the users, no computers, you need:
(&(objectCategory=person)(objectClass=user)(!objectClass=computer))The rest of brabuhr's advice is good.
Clifford Heath.
Hi Matt,
I pretty much followed the sample ruby-ldap documentation - here's how
it came out:
require 'rubygems'
require 'net/ldap'
ldap = Net::LDAP.new :host => "servername",
:port => 389,
:auth => {
:method => :simple,
:username => "user",
:password => "password"
}
The code worked without 'rubygems' for me but I figured I could afford
the RAM in exchange for peace of mind. I also had some issues connecting
properly at first, as the :username string is a lot more complex in the
ruby-ldap documentation.
HTH,
--Aldric
Matt Mencel wrote:
Aldric,
Any chance you would be willing to share the code you used to access AD via LDAP? I've tried the ActiveLdap and ActiveDirectory gems and so far have not had any success.
Thanks,
Matt----- Original Message -----
From: "Aldric Giacomoni" <aldric@trevoke.net>
To: "ruby-talk ML" <ruby-talk@ruby-lang.org>
Sent: Friday, November 14, 2008 9:37:15 AM GMT -06:00 US/Canada Central
Subject: Re: Active Directory access - not just users, but computers tooThank you to everyone - it's working like a charm!
Clifford Heath wrote:
brabuhr@gmail.com wrote:
(first hit on google for "ldap active directory query examples")
Filter for computers:
(objectCategory=computer)You can do this query using either objectClass or objectCategory.
objectClass is indexed but objectCategory is not indexed. If you
query a large domain using the unindexed attribute, the query
interrogates *every* object in the domain. Traps for the unwaryIf you want just the users, no computers, you need:
(&(objectCategory=person)(objectClass=user)(!objectClass=computer))The rest of brabuhr's advice is good.
Clifford Heath.
Hi,
In <93821991.1744261226699370463.JavaMail.root@zcs10>
"Re: Active Directory access - not just users, but computers too" on Sat, 15 Nov 2008 06:47:09 +0900,
Matt Mencel <MR-Mencel@wiu.edu> wrote:
Any chance you would be willing to share the code you used to access AD via LDAP? I've tried the ActiveLdap and ActiveDirectory gems and so far have not had any success.
Please show the detail for the ActiveLdap try.
I'm one of the ActiveLdap developers.
Thanks,
--
kou