Satya's blog - ldapsearch and a couple of other things

Jan 03 2008 13:14 ldapsearch and a couple of other things

First, because I keep forgetting, here's ldapsearch: ldapsearch -vvv -Hldaps://[host] -D "uid=...,ou=People,dc=...,dc=..." -b "dc=....,dc=..." -x -S ??? "(uid=...)" -W (-S sorts by given attribute, -x is simple auth, -W is prompt for password to bind with)

Now, in a Ruby script, here's how to authenticate someone:

require 'ldap'

class LdapUser
    @@host= '[host]'
    @@port= xxx
    @@base= 'ou=People,dc=...,dc=.'
    def self.authenticated?(user, pass)
        return false if (user.blank? or pass.blank?)
        name=false
        begin
            conn = LDAP::SSLConn.new(@@host, @@port, false)
            if conn.bind("uid=#{user},#{@@base}",pass)
                i=0
                conn.search(@@base, LDAP::LDAP_SCOPE_ONELEVEL, "(uid=#{user})", ['cn']) {|entry|
                    i+=1
                    return false if i> 1
                    name=entry.vals('cn')[0]
                }
            end
        rescue 
            return false
        end
        return name
    end
end

This uses.... libldap-ruby? I think. According to mcg, anyway.

Update: to search ldap without having to log in, use this: ldapsearch -vvv -Hldaps://[host] -D "ou=...,dc=...,dc=..." -x "(uid=...)"

Last updated: May 01 2008 13:01

Tag: geeky howto