Thanks Jason! I ended up using net-ldap and just querying for
userAccountControl and comparing against this list:
http://www.netvision.com/ad_useraccountcontrol.php
def new_ldap_connection
Net::LDAP.new(
host: ENV['ad_host'],
port: ENV['ad_port'],
encryption: :simple_tls,
base: ENV['ad_base'],
auth: {
method: :simple,
username: ENV['ad_username'],
password: ENV['ad_password'] })
end
def ldap_account_status(user)
userAccountControl = new_ldap_connection().search(
filter: Net::LDAP::Filter.eq('sAMAccountName', user.uniqname),
attributes: %w[ userAccountControl ],
return_result: true)
if userAccountControl.nil? || userAccountControl.length == 0
return 'no account'
else
case userAccountControl.first.userAccountControl.first
when ('512' || '544' || '66048') then return 'enabled'
when ('514' || '546' || '66050') then return 'disabled'
else return 'unknown'
end
end
end
--
Posted via http://www.ruby-forum.com/.
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/7d7196033208d829ab80e964742d5b25%40ruby-forum.com.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment