Check if Active Directory user account disabled
53 views
Skip to first unread message
ZBoT ZBoT
Sep 24, 2014, 2:03:38 PM9/24/14
to rubyonra...@googlegroups.com
Hi all,
I am new to Rails and in my app I need to check if a user account is
disabled in Active Directory. I am not using AD for Rails
authentication. I've searched around and I'm getting overwhelmed with
the answers. What would be the easiest way to go about this? Should I
just do some type of LDAP query?
Later on I will probably need the ability to enable/disable the Active
Directory account.
Thanks!!
--
Posted via http://www.ruby-forum.com/.
I am new to Rails and in my app I need to check if a user account is
disabled in Active Directory. I am not using AD for Rails
authentication. I've searched around and I'm getting overwhelmed with
the answers. What would be the easiest way to go about this? Should I
just do some type of LDAP query?
Later on I will probably need the ability to enable/disable the Active
Directory account.
Thanks!!
--
Posted via http://www.ruby-forum.com/.
Jason Fleetwood-Boldt
Sep 24, 2014, 2:11:25 PM9/24/14
to rubyonra...@googlegroups.com
here are some options
https://www.ruby-toolbox.com/search?utf8=%E2%9C%93&q=active+directory
> You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-ta...@googlegroups.com.
> To post to this group, send email to rubyonra...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/7344f7ad7af4b3bcbf9661b090af5f00%40ruby-forum.com.
> For more options, visit https://groups.google.com/d/optout.
>
ZBoT ZBoT
Oct 6, 2014, 1:10:28 PM10/6/14
to rubyonra...@googlegroups.com
Thanks Jason! I ended up using net-ldap and just querying for
userAccountControl and comparing against this list:
http://www.netvision.com/ad_useraccountcontrol.php
def new_ldap_connection
Net::LDAP.new(
host: ENV['ad_host'],
port: ENV['ad_port'],
encryption: :simple_tls,
base: ENV['ad_base'],
auth: {
method: :simple,
username: ENV['ad_username'],
password: ENV['ad_password'] })
end
def ldap_account_status(user)
userAccountControl = new_ldap_connection().search(
filter: Net::LDAP::Filter.eq('sAMAccountName', user.uniqname),
attributes: %w[ userAccountControl ],
return_result: true)
if userAccountControl.nil? || userAccountControl.length == 0
return 'no account'
else
case userAccountControl.first.userAccountControl.first
when ('512' || '544' || '66048') then return 'enabled'
when ('514' || '546' || '66050') then return 'disabled'
else return 'unknown'
end
end
end
userAccountControl and comparing against this list:
http://www.netvision.com/ad_useraccountcontrol.php
def new_ldap_connection
Net::LDAP.new(
host: ENV['ad_host'],
port: ENV['ad_port'],
encryption: :simple_tls,
base: ENV['ad_base'],
auth: {
method: :simple,
username: ENV['ad_username'],
password: ENV['ad_password'] })
end
def ldap_account_status(user)
userAccountControl = new_ldap_connection().search(
filter: Net::LDAP::Filter.eq('sAMAccountName', user.uniqname),
attributes: %w[ userAccountControl ],
return_result: true)
if userAccountControl.nil? || userAccountControl.length == 0
return 'no account'
else
case userAccountControl.first.userAccountControl.first
when ('512' || '544' || '66048') then return 'enabled'
when ('514' || '546' || '66050') then return 'disabled'
else return 'unknown'
end
end
end
Reply all
Reply to author
Forward
0 new messages