rubyactive-directoryldapnetldap

How to query list of objects in an Active Directory OU from Ruby


I'm trying to query a list of obejcts in a specific OU from our organizations Active Directory from within a Ruby-based application.

I've been trying out the net/ldap gem (docs here) starting with the basic example provided. Here's my edited version:

require 'rubygems'
require 'net/ldap'

ldap = Net::LDAP.new :host => <server_ip_address>,
     :port => 389,
     :auth => {
           :method => :simple,
           :username => <username>,
           :password => <password>
     }

filter = Net::LDAP::Filter.eq("OU", "ServerGroups")
treebase = "OU=ServerGroups,OU=Unix,OU=RBAC,OU=Role Groups,OU=Resource Administration,DC=corp,DC=our-company,DC=com"

ldap.search(:base => treebase, :filter => filter) do |entry|
  puts("inpsect entry: #{entry}")
  puts("DN: #{entry.dn}")
  entry.each do |attribute, values|
    puts("   #{attribute}:")
    values.each do |value|
      puts("      --->#{value}")
    end
  end
end

puts("#{ldap.get_operation_result}")

I'm not doing something right as I'm not getting a list of objects found in the ServerGroups OU.

I'm getting:


 DN: OU=ServerGroups,OU=Unix,OU=RBAC,OU=Role Groups,OU=Resource Administration,DC=corp,DC=our-company,DC=com
    dn:
       --->OU=ServerGroups,OU=Unix,OU=RBAC,OU=Role Groups,OU=Resource Administration,DC=corp,DC=our-company,DC=com
    objectclass:
       --->top
       --->organizationalUnit
    ou:
       --->ServerGroups
    distinguishedname:
       --->OU=ServerGroups,OU=Unix,OU=RBAC,OU=Role Groups,OU=Resource Administration,DC=corp,DC=our-company,DC=com
    instancetype:
       --->4
    whencreated:
       --->20210119235409.0Z
    whenchanged:
       --->20210120000040.0Z
    usncreated:
       --->81770269
    usnchanged:
       --->81770269
    name:
       --->ServerGroups
    objectguid:
    objectcategory:
       --->CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=corp,DC=our-company,DC=com
    dscorepropagationdata:
       --->16010101000000.0Z

Can anyone spot my error or suggest a better Ruby-relevant solution?

Thanks!


Solution

  • I think this is because you're setting the Net::LDAP::Filter.eq("OU", "ServerGroups") filter which only matches the ServerGroups object itself.

    To get all the objects, try searching without specifying a filter. When there's no filter specified, Net::LDAP uses Net::LDAP::Filter.eq("objectClass", "*") as the default filter which matches all of the objects.