Hi all,
I am new to Rails and in my app I need to check if a user account is disabled in Active Directory. I am not using AD for Rails authentication. I've searched around and I'm getting overwhelmed with the answers. What would be the easiest way to go about this? Should I just do some type of LDAP query?
Later on I will probably need the ability to enable/disable the Active Directory account.
Thanks!!
here are some options
Thanks Jason! I ended up using net-ldap and just querying for userAccountControl and comparing against this list:
http://www.netvision.com/ad_useraccountcontrol.php
def new_ldap_connection Net::LDAP.new( host: ENV['ad_host'], port: ENV['ad_port'], encryption: :simple_tls, base: ENV['ad_base'], auth: { method: :simple, username: ENV['ad_username'], password: ENV['ad_password'] }) end
def ldap_account_status(user) userAccountControl = new_ldap_connection().search( filter: Net::LDAP::Filter.eq('sAMAccountName', user.uniqname), attributes: %w[ userAccountControl ], return_result: true)
if userAccountControl.nil? || userAccountControl.length == 0 return 'no account' else case userAccountControl.first.userAccountControl.first when ('512' || '544' || '66048') then return 'enabled' when ('514' || '546' || '66050') then return 'disabled' else return 'unknown' end end end
Keep up to date with Rails on Twitter and This Week in Rails
Policies: Conduct, License, Maintenance, Security, Trademarks