Accessing users from inside a security group

93 views
Skip to first unread message

Matt Davies

unread,
Jul 2, 2014, 8:12:28 AM7/2/14
to ruby...@googlegroups.com
Hello everyone

I'm using net-ldap 6.1 and rials 4.1.2.

I'm trying to list the usernames of a security group, with no success at all :-(

The filter is combing properly, and I can run this code successfully from a windows machine.  Same access details

CSVDE -R "(&(objectCategory=user)(memberOf=CN=Interact Users,OU=Interact,DC=uni,DC=glam,DC=ac,DC=uk))" -L sAMAccountName -F c:\code\temp\usersingroup.txt

Here's my ruby code

    l = Net::LDAP.new
    l.host = 'DC'
    l.port = 389
    l.auth 'username','password'
    l.bind

    f = Net::LDAP::Filter.eq( "objectCategory", "user")
    g = Net::LDAP::Filter.eq("memberOf", "CN=Interact Users,OU=Interact,DC=uni,DC=glam,DC=ac,DC=uk")
    h = Net::LDAP::Filter.join(f, g)
    i = 
    puts h
    t=""
    puts l.get_operation_result.code
    puts l.get_operation_result.message
    attrs = ["samaccountname", "initials"]
    l.search(:filter=>h,:base=>t, :attributes => attrs) do |entry|
      puts entry.sAMAccountName

Whatever I do, and I've tried using different security groups, without spaces, and changed lots of things, I keep getting no results back.  It connects successfully.

If I put a load of garbage into the filters, I still get 0 back.

Does anyone have any ideas why this isn't working?

I wouldn't be surprised if I'm doing something incredibly stupid, please point it out to me though, I will take no offence.

Matt

Matt Davies

unread,
Jul 2, 2014, 8:45:50 AM7/2/14
to ruby...@googlegroups.com
A bit more information

Here's the output of inspecting the group

<Net::LDAP::Entry:0x007f9b67a86420 @myhash={:dn=>["CN=Interact Users,OU=Interact,DC=uni,DC=glam,DC=ac,DC=uk"], :samaccountname=>["Interact Users"]}>

How do I list the users in that dn?

Jeb Baxley

unread,
Jul 25, 2014, 9:25:29 AM7/25/14
to ruby...@googlegroups.com
This worked for me.

First, search for the group and pull member attribute.  This will give you the distinguishName which you can use to then search and pull sAMAccountName.

Matt Davies

unread,
Jul 25, 2014, 9:59:29 AM7/25/14
to ruby...@googlegroups.com
Hi Jeb, fancy sharing the code that worked?

Obviously removing the passwords :-)


--
You received this message because you are subscribed to the Google Groups "Ruby LDAP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ruby-ldap+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply all
Reply to author
Forward
0 new messages