Created
May 22, 2014 22:42
-
-
Save sean-horn/bc277e49c16d80b94485 to your computer and use it in GitHub Desktop.
Look through a specified group in LDAP for members with a certain name
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Change into the directory where we keep net-ldap | |
cd /opt/opscode/embedded/service/gem/ruby/1.9.1/gems/net-ldap-0.3.1 | |
## then, startup an IRB shell | |
/opt/opscode/embedded/bin/irb -Ilib | |
## Keep the following stuff handy for pasting into the IRB shell | |
## Replace the values of the seven variables below with values appropriate for your site | |
## Everything can be copy/pasted into the IRB shell in bunches, except for the bindpass variable | |
require 'openssl' | |
require 'net/ldap' | |
fqdn = "pumpernickelcorp.com" | |
port = 389 | |
binddn = "CN=Sean Horn,OU=Employees,OU=Domain users,DC=pumpernickelcorp,DC=com" | |
bindpass = "????" | |
## Where do we want to start in the tree? Should be pretty high, to catch groups and users. | |
## Add more specifics here if you want to decrease the range of the search | |
treebase = "DC=pumpernickelcorp,DC=com" | |
# This expression will define what attribute uniquely identifies our user | |
user_expression = "sAMAccountName=horns" | |
## This expression will define the group in which our user should be found | |
group_expression = "memberOf=CN=vpnusers,CN=Users,DC=pumpernickelcorp,DC=com" | |
ldap = Net::LDAP.new :host => fqdn, | |
:port => port, | |
:auth => { | |
:method => :simple, | |
:username => binddn, | |
:password => bindpass | |
} | |
filter = Net::LDAP::Filter.construct("(&(#{group_expression})(#{user_expression}))") | |
ldap.search(:base => treebase, :filter => filter) do |entry| | |
puts "DN: #{entry.dn}" | |
entry.each do |attribute, values| | |
puts " #{attribute}:" | |
values.each do |value| | |
puts " --->#{value}" | |
end | |
end | |
end | |
p ldap.get_operation_result |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment