zmajstor/ldap_test.rb

## ldap_test.rb
# ---- edit data below ------------
LDAP_HOST = 'promdmnet.cloudapp.net'
LDAP_PORT = 636     # 636 or 389
LDAP_BASE = "dc=promdm, dc=net"
LDAP_BIND_USER = "ldapbind@promdm.net"  # format is username@domain
LDAP_BIND_PASS = "ldapbindpassword"
samaccountname = "zm"
password = "userpassword"
# ----- edit end ------------------

DEFAULT_ATTRIBUTES = [:dn, :cn, :givenname, :sn, :userprincipalname, :memberof, :displayname, :name, :samaccountname, :mail].freeze

require 'rubygems'
require 'net/ldap'
# https://github.com/ruby-ldap/ruby-net-ldap/blob/master/lib/net/ldap.rb
# https://github.com/ruby-ldap/ruby-net-ldap/blob/master/lib/net/ldap/filter.rb

puts "gem net/ldap version: " + Gem.loaded_specs["net-ldap"].version.to_s

def successful_ldap_operation?
  (ldap.get_operation_result.code == 0) || failed_operation
end

def failed_operation
  puts "LDAP get_operation_result was: #{ldap.get_operation_result.inspect}"
  false
end

def ldap
  @ldap ||= initialize_ldap
end

private

def initialize_ldap
  args = { host: LDAP_HOST, port: LDAP_PORT }
  args[:base]       = LDAP_BASE
  args[:auth]       = auth_hash
  args[:encryption] = encryption_hash
  Net::LDAP.new(args)
end

def auth_hash
  # a Hash containing authorization parameters
  # currently supported values include:
  #   :anonymous
  #   {:method => :simple, :username => your_user_name, :password => your_password }
  # The password parameter may be a Proc that returns a String.

  { method: :simple, username: LDAP_BIND_USER, password: LDAP_BIND_PASS }
end

def encryption_hash
  # specifies the encryption to be used in communicating with the LDAP server
  # { method: :simple_tls, tls_options: OpenSSL::SSL::SSLContext::DEFAULT_PARAMS }
    { method: :simple_tls }
  # { method: :start_tls,  tls_options: { ca_file: "cafile.pem", ssl_version: "TLSv1_1" } }
end

begin

  filter = Net::LDAP::Filter.eq("sAMAccountName", samaccountname)
  result = ldap.bind_as(base: LDAP_BASE, size: 1, filter: filter, password: password, attributes: DEFAULT_ATTRIBUTES)
  if successful_ldap_operation?
    puts "#bind_as success"
  else
    puts "#bind_as failed"
  end

  # find user by sAMAccountName
  filter = Net::LDAP::Filter.eq("sAMAccountName", samaccountname) # & Net::LDAP::Filter.eq("objectClass", "person")
    #=> CN=andrej,OU=Korisnici,DC=promdm,DC=net

  # find anything by cn
  # filter = Net::LDAP::Filter.eq("cn", "promdmadmins")

  # list all groups
  # filter = Net::LDAP::Filter.eq("objectClass", "group")
    #=> CN=promdmadmins,CN=Users,DC=promdm,DC=net

  # to find all the groups that "user1" is a member of,
  # set the base to the groups container DN; for example (OU=groupsOU, dc=x) and the scope to subtree, and use the following filter:
  # (member:1.2.840.113556.1.4.1941:=(cn=user1,cn=users,DC=x))
  # -------------
  # treebase = "CN=Users,DC=promdm,DC=net"
  # filter = Net::LDAP::Filter.ex("member:1.2.840.113556.1.4.1941", "CN=andrej,OU=Korisnici,DC=promdm,DC=net")


  # to check if a user "user1" is a member of group "group1",
  # set the base to the user DN (cn=user1, cn=users, dc=x) and the scope to base, and use the following query:
  # (memberof:1.2.840.113556.1.4.1941:=(cn=Group1,OU=groupsOU,DC=x))
  # http://msdn.microsoft.com/en-us/library/aa746475%28VS.85%29.aspx
  # ---------------
  # treebase = "CN=andrej,OU=Korisnici,DC=promdm,DC=net"
  # filter = Net::LDAP::Filter.ex("memberOf:1.2.840.113556.1.4.1941", "CN=promdmadmins,CN=Users,DC=promdm,DC=net")


  # sAMAccountName je član grupe promdmadmins (uključujući nested grupe)
  # filter = Net::LDAP::Filter.ex("memberOf:1.2.840.113556.1.4.1941", "CN=promdmadmins,CN=Users,DC=promdm,DC=net") & Net::LDAP::Filter.eq("sAMAccountName", samaccountname)

  p filter
  treebase = LDAP_BASE

  attrs = ["mail", "cn", "memberof", "userprincipalname", "displayname"]
  ldap.search(:base => treebase, :filter => filter, :attributes => attrs, :return_result => false) do |entry|
  # ldap.search(:base => treebase, :filter => filter) do |entry|
    puts "\n"
    entry.each do |attribute, values|
      puts "  #{attribute}:"
      values.each do |value|
        puts "    -->#{value}" # .class #-> Net::BER::BerIdentifiedString
      end
      puts "\n"
    end
  end
  puts "search: #{ldap.get_operation_result.message}"

end
	# ---- edit data below ------------
	LDAP_HOST = 'promdmnet.cloudapp.net'
	LDAP_PORT = 636 # 636 or 389
	LDAP_BASE = "dc=promdm, dc=net"
	LDAP_BIND_USER = "ldapbind@promdm.net" # format is username@domain
	LDAP_BIND_PASS = "ldapbindpassword"
	samaccountname = "zm"
	password = "userpassword"
	# ----- edit end ------------------

	DEFAULT_ATTRIBUTES = [:dn, :cn, :givenname, :sn, :userprincipalname, :memberof, :displayname, :name, :samaccountname, :mail].freeze

	require 'rubygems'
	require 'net/ldap'
	# https://github.com/ruby-ldap/ruby-net-ldap/blob/master/lib/net/ldap.rb
	# https://github.com/ruby-ldap/ruby-net-ldap/blob/master/lib/net/ldap/filter.rb

	puts "gem net/ldap version: " + Gem.loaded_specs["net-ldap"].version.to_s

	def successful_ldap_operation?
	(ldap.get_operation_result.code == 0) \|\| failed_operation
	end

	def failed_operation
	puts "LDAP get_operation_result was: #{ldap.get_operation_result.inspect}"
	false
	end

	def ldap
	@ldap \|\|= initialize_ldap
	end

	private

	def initialize_ldap
	args = { host: LDAP_HOST, port: LDAP_PORT }
	args[:base] = LDAP_BASE
	args[:auth] = auth_hash
	args[:encryption] = encryption_hash
	Net::LDAP.new(args)
	end

	def auth_hash
	# a Hash containing authorization parameters
	# currently supported values include:
	# :anonymous
	# {:method => :simple, :username => your_user_name, :password => your_password }
	# The password parameter may be a Proc that returns a String.

	{ method: :simple, username: LDAP_BIND_USER, password: LDAP_BIND_PASS }
	end

	def encryption_hash
	# specifies the encryption to be used in communicating with the LDAP server
	# { method: :simple_tls, tls_options: OpenSSL::SSL::SSLContext::DEFAULT_PARAMS }
	{ method: :simple_tls }
	# { method: :start_tls, tls_options: { ca_file: "cafile.pem", ssl_version: "TLSv1_1" } }
	end

	begin

	filter = Net::LDAP::Filter.eq("sAMAccountName", samaccountname)
	result = ldap.bind_as(base: LDAP_BASE, size: 1, filter: filter, password: password, attributes: DEFAULT_ATTRIBUTES)
	if successful_ldap_operation?
	puts "#bind_as success"
	else
	puts "#bind_as failed"
	end

	# find user by sAMAccountName
	filter = Net::LDAP::Filter.eq("sAMAccountName", samaccountname) # & Net::LDAP::Filter.eq("objectClass", "person")
	#=> CN=andrej,OU=Korisnici,DC=promdm,DC=net

	# find anything by cn
	# filter = Net::LDAP::Filter.eq("cn", "promdmadmins")

	# list all groups
	# filter = Net::LDAP::Filter.eq("objectClass", "group")
	#=> CN=promdmadmins,CN=Users,DC=promdm,DC=net

	# to find all the groups that "user1" is a member of,
	# set the base to the groups container DN; for example (OU=groupsOU, dc=x) and the scope to subtree, and use the following filter:
	# (member:1.2.840.113556.1.4.1941:=(cn=user1,cn=users,DC=x))
	# -------------
	# treebase = "CN=Users,DC=promdm,DC=net"
	# filter = Net::LDAP::Filter.ex("member:1.2.840.113556.1.4.1941", "CN=andrej,OU=Korisnici,DC=promdm,DC=net")


	# to check if a user "user1" is a member of group "group1",
	# set the base to the user DN (cn=user1, cn=users, dc=x) and the scope to base, and use the following query:
	# (memberof:1.2.840.113556.1.4.1941:=(cn=Group1,OU=groupsOU,DC=x))
	# http://msdn.microsoft.com/en-us/library/aa746475%28VS.85%29.aspx
	# ---------------
	# treebase = "CN=andrej,OU=Korisnici,DC=promdm,DC=net"
	# filter = Net::LDAP::Filter.ex("memberOf:1.2.840.113556.1.4.1941", "CN=promdmadmins,CN=Users,DC=promdm,DC=net")


	# sAMAccountName je član grupe promdmadmins (uključujući nested grupe)
	# filter = Net::LDAP::Filter.ex("memberOf:1.2.840.113556.1.4.1941", "CN=promdmadmins,CN=Users,DC=promdm,DC=net") & Net::LDAP::Filter.eq("sAMAccountName", samaccountname)

	p filter
	treebase = LDAP_BASE

	attrs = ["mail", "cn", "memberof", "userprincipalname", "displayname"]
	ldap.search(:base => treebase, :filter => filter, :attributes => attrs, :return_result => false) do \|entry\|
	# ldap.search(:base => treebase, :filter => filter) do \|entry\|
	puts "\n"
	entry.each do \|attribute, values\|
	puts " #{attribute}:"
	values.each do \|value\|
	puts " -->#{value}" # .class #-> Net::BER::BerIdentifiedString
	end
	puts "\n"
	end
	end
	puts "search: #{ldap.get_operation_result.message}"

	end