Last active
April 16, 2021 08:25
-
-
Save zmajstor/7320595 to your computer and use it in GitHub Desktop.
LDAP test
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ---- edit data below ------------ | |
| LDAP_HOST = 'promdmnet.cloudapp.net' | |
| LDAP_PORT = 636 # 636 or 389 | |
| LDAP_BASE = "dc=promdm, dc=net" | |
| LDAP_BIND_USER = "[email protected]" # format is username@domain | |
| LDAP_BIND_PASS = "ldapbindpassword" | |
| samaccountname = "zm" | |
| password = "userpassword" | |
| # ----- edit end ------------------ | |
| DEFAULT_ATTRIBUTES = [:dn, :cn, :givenname, :sn, :userprincipalname, :memberof, :displayname, :name, :samaccountname, :mail].freeze | |
| require 'rubygems' | |
| require 'net/ldap' | |
| # https://github.com/ruby-ldap/ruby-net-ldap/blob/master/lib/net/ldap.rb | |
| # https://github.com/ruby-ldap/ruby-net-ldap/blob/master/lib/net/ldap/filter.rb | |
| puts "gem net/ldap version: " + Gem.loaded_specs["net-ldap"].version.to_s | |
| def successful_ldap_operation? | |
| (ldap.get_operation_result.code == 0) || failed_operation | |
| end | |
| def failed_operation | |
| puts "LDAP get_operation_result was: #{ldap.get_operation_result.inspect}" | |
| false | |
| end | |
| def ldap | |
| @ldap ||= initialize_ldap | |
| end | |
| private | |
| def initialize_ldap | |
| args = { host: LDAP_HOST, port: LDAP_PORT } | |
| args[:base] = LDAP_BASE | |
| args[:auth] = auth_hash | |
| args[:encryption] = encryption_hash | |
| Net::LDAP.new(args) | |
| end | |
| def auth_hash | |
| # a Hash containing authorization parameters | |
| # currently supported values include: | |
| # :anonymous | |
| # {:method => :simple, :username => your_user_name, :password => your_password } | |
| # The password parameter may be a Proc that returns a String. | |
| { method: :simple, username: LDAP_BIND_USER, password: LDAP_BIND_PASS } | |
| end | |
| def encryption_hash | |
| # specifies the encryption to be used in communicating with the LDAP server | |
| # { method: :simple_tls, tls_options: OpenSSL::SSL::SSLContext::DEFAULT_PARAMS } | |
| { method: :simple_tls } | |
| # { method: :start_tls, tls_options: { ca_file: "cafile.pem", ssl_version: "TLSv1_1" } } | |
| end | |
| begin | |
| filter = Net::LDAP::Filter.eq("sAMAccountName", samaccountname) | |
| result = ldap.bind_as(base: LDAP_BASE, size: 1, filter: filter, password: password, attributes: DEFAULT_ATTRIBUTES) | |
| if successful_ldap_operation? | |
| puts "#bind_as success" | |
| else | |
| puts "#bind_as failed" | |
| end | |
| # find user by sAMAccountName | |
| filter = Net::LDAP::Filter.eq("sAMAccountName", samaccountname) # & Net::LDAP::Filter.eq("objectClass", "person") | |
| #=> CN=andrej,OU=Korisnici,DC=promdm,DC=net | |
| # find anything by cn | |
| # filter = Net::LDAP::Filter.eq("cn", "promdmadmins") | |
| # list all groups | |
| # filter = Net::LDAP::Filter.eq("objectClass", "group") | |
| #=> CN=promdmadmins,CN=Users,DC=promdm,DC=net | |
| # to find all the groups that "user1" is a member of, | |
| # set the base to the groups container DN; for example (OU=groupsOU, dc=x) and the scope to subtree, and use the following filter: | |
| # (member:1.2.840.113556.1.4.1941:=(cn=user1,cn=users,DC=x)) | |
| # ------------- | |
| # treebase = "CN=Users,DC=promdm,DC=net" | |
| # filter = Net::LDAP::Filter.ex("member:1.2.840.113556.1.4.1941", "CN=andrej,OU=Korisnici,DC=promdm,DC=net") | |
| # to check if a user "user1" is a member of group "group1", | |
| # set the base to the user DN (cn=user1, cn=users, dc=x) and the scope to base, and use the following query: | |
| # (memberof:1.2.840.113556.1.4.1941:=(cn=Group1,OU=groupsOU,DC=x)) | |
| # http://msdn.microsoft.com/en-us/library/aa746475%28VS.85%29.aspx | |
| # --------------- | |
| # treebase = "CN=andrej,OU=Korisnici,DC=promdm,DC=net" | |
| # filter = Net::LDAP::Filter.ex("memberOf:1.2.840.113556.1.4.1941", "CN=promdmadmins,CN=Users,DC=promdm,DC=net") | |
| # sAMAccountName je član grupe promdmadmins (uključujući nested grupe) | |
| # filter = Net::LDAP::Filter.ex("memberOf:1.2.840.113556.1.4.1941", "CN=promdmadmins,CN=Users,DC=promdm,DC=net") & Net::LDAP::Filter.eq("sAMAccountName", samaccountname) | |
| p filter | |
| treebase = LDAP_BASE | |
| attrs = ["mail", "cn", "memberof", "userprincipalname", "displayname"] | |
| ldap.search(:base => treebase, :filter => filter, :attributes => attrs, :return_result => false) do |entry| | |
| # ldap.search(:base => treebase, :filter => filter) do |entry| | |
| puts "\n" | |
| entry.each do |attribute, values| | |
| puts " #{attribute}:" | |
| values.each do |value| | |
| puts " -->#{value}" # .class #-> Net::BER::BerIdentifiedString | |
| end | |
| puts "\n" | |
| end | |
| end | |
| puts "search: #{ldap.get_operation_result.message}" | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment