Better way to query an LDAP users via ruby net-ldap?

Question

Is there a better way to search for users and computers specifically using the Net-ldap gem?

Here is what I am currently having to do to get only users.

results = search :base => @base, :filter => Net::LDAP::Filter.eq("cn", "*")
  @results = Array.new

  results.each do |result|
    @results.push result if result[:objectclass].include? "person" unless result[:objectclass].include? "computer"

Seems like there would be a better way. I can't see anything obvious in the documentation.

Neil Hoff · Accepted Answer · 2013-01-04T19:55:17.640

5

You can use the Join filter functionality of net-ldap:

filter = Net::LDAP::Filter.eq("sAMAccountName", "*")
filter2 = Net::LDAP::Filter.eq("objectCategory", "organizationalPerson")

joined_filter = Net::LDAP::Filter.join(filter, filter2)

ldap.search(:base => treebase, :filter => joined_filter) do |entry|
    puts entry.sAMAccountName
end

edited Jan 04 '13 at 19:55

answered Jan 03 '13 at 19:38

Neil Hoff

2,025
4
29
53

Terry Gardner · Answer 2 · 2011-06-28T20:44:21.207

2

If you know the objectClass that is used for persons, you could use the filter '(objectClass=person)', replacing 'person' with the objectClass. Most implementations will use 'person' or an objectClass that inherits from 'person' such as 'inetOrgPerson'. Using the filter '(cn=*)' will most likely get entries that are not persons.

Try using Filter.eq("objectClass","person")

edited Jun 28 '11 at 20:44

answered Jun 23 '11 at 14:30

Terry Gardner

10,957
2
28
38

Unfortunately that was one of the first things I tried. I'll give it another go and show you what output I get later today. – Beaon Jun 24 '11 at 18:42

Better way to query an LDAP users via ruby net-ldap?

2 Answers2