Look through a specified group in LDAP for members with a certain name

ldap-group-search.rb

## Change into the directory where we keep net-ldap
cd /opt/opscode/embedded/service/gem/ruby/1.9.1/gems/net-ldap-0.3.1

## then, startup an IRB shell
/opt/opscode/embedded/bin/irb -Ilib

## Keep the following stuff handy for pasting into the IRB shell
## Replace the values of the seven variables below with values appropriate for your site
## Everything can be copy/pasted into the IRB shell in bunches, except for the bindpass variable

require 'openssl'
require 'net/ldap'

fqdn = "pumpernickelcorp.com"
port = 389
binddn = "CN=Sean Horn,OU=Employees,OU=Domain users,DC=pumpernickelcorp,DC=com"
bindpass = "????"
## Where do we want to start in the tree? Should be pretty high, to catch groups and users.
## Add more specifics here if you want to decrease the range of the search
treebase = "DC=pumpernickelcorp,DC=com"
# This expression will define what attribute uniquely identifies our user
user_expression = "sAMAccountName=horns"
## This expression will define the group in which our user should be found
group_expression = "memberOf=CN=vpnusers,CN=Users,DC=pumpernickelcorp,DC=com"


ldap = Net::LDAP.new :host => fqdn,
     :port => port,
     :auth => {
           :method => :simple,
           :username => binddn,
           :password => bindpass
     }

filter = Net::LDAP::Filter.construct("(&(#{group_expression})(#{user_expression}))")


ldap.search(:base => treebase, :filter => filter) do |entry|
  puts "DN: #{entry.dn}"
  entry.each do |attribute, values|
    puts "   #{attribute}:"
    values.each do |value|
      puts "      --->#{value}"
    end
  end
end

p ldap.get_operation_result