-
-
Save alces/2e67dbb03f646a7e859c to your computer and use it in GitHub Desktop.
| import javax.naming.directory.* | |
| MYDOM = 'example.com' | |
| // convert DNS domain to a LDAP notation | |
| dns2ldap = {dom -> | |
| 'DC=' + dom.split(/\./).join(',DC=') | |
| } | |
| // base OU for our search | |
| GRP_OU = 'OU=users,' + dns2ldap(MYDOM) | |
| /* make a new InitialDirContext for LDAP search | |
| * an awful mess caused only by three not-so-groovy things: | |
| * 1. InitialDirContext's constructor wants Hashtable instead of HashMap as a parameter | |
| * 2. GStrings in the arguments of this constructor should be explicitly converted to java Strings | |
| * 3. groovy's HashMap square brackets constructor doesn't support dots or brackets in keys | |
| */ | |
| mkCtx = {param = [:] -> | |
| new InitialDirContext( | |
| (Hashtable)param.collect {k, v -> | |
| [InitialDirContext[k], v.toString()] | |
| }.collectEntries() | |
| ) | |
| } | |
| mkCtx(PROVIDER_URL: "ldap://ldap.$MYDOM", | |
| INITIAL_CONTEXT_FACTORY: 'com.sun.jndi.ldap.LdapCtxFactory', | |
| SECURITY_AUTHENTICATION: 'simple', | |
| SECURITY_PRINCIPAL: "CN=dummy,$GRP_OU", | |
| SECURITY_CREDENTIALS: 'aTerriblyStup1dPassW0rd', | |
| ).search( | |
| GRP_OU, '(objectclass=group)', new SearchControls([searchScope: SearchControls.SUBTREE_SCOPE]) | |
| ).collect { | |
| it.attributes['cn'] | |
| }.sort().join('\n') |
Just add println to the beginning of line 27.
Oyyy! Thank you!
Hi,
Great work! How can I retrieve more than one Attribute (e.g. cn, sAMAccountName, mail,....)
Thanks!
You can put a list or a map in the line 35 (e.g., [it.attributes['cn'], it.attributes['mail']]) or maybe simply return it.attributes itself (of course, in this case sorting and joining with LFs in the line 36 don't make much sense).
Hi, thanks for the quick reply. I found a workaround using
.collect { entry ->
def attributes = ['sn', 'givenName', 'sAMAccountName', 'mail', 'memberOf', 'objectGUID']
attributes.collect { entry.attributes.get(it) }
Any Idea on how to cast the objectGUID to something readable?
Sorry, no idea, I don't remember when I did something interesting with LDAP or AD for the last time ;)
Hi,
I have a big request. Can you help me to set:
com.sun.jndi.ldap.connect.timeout = 5000
for your groovy script at https://gist.github.com/alces/2e67dbb03f646a7e859c
I'm not a java boy. It is very difficult for me.
Thank you in advance for your help.
I'm not a Java boy too, but I believe it should work the same way as setting any property for any JVM-based application (i.e., just add -Dcom.sun.jndi.ldap.connect.timeout=5000 to the command line).
def response = (
mkCtx(PROVIDER_URL: "ldap://ldap.$MYDOM",
INITIAL_CONTEXT_FACTORY: 'com.sun.jndi.ldap.LdapCtxFactory',
SECURITY_AUTHENTICATION: 'simple',
SECURITY_PRINCIPAL: "yourAdminUser",
SECURITY_CREDENTIALS: 'YourAdminUserPassword',
).search(
GRP_OU, '(objectclass=group)', new SearchControls([searchScope: SearchControls.SUBTREE_SCOPE])
).collect {
it.attributes['cn']
}
)
return response.sort().join('\n')
def group_list = []
for(i = 0; i < response.size(); i++){
response[i] = response[i].toString().replaceAll("cn:", "")
group_list.add(response[i])
}
server_list = group_list.unique()
return group_list.sort()
Hi! How print result this searching?