 |
Forums |
Admin Discussion Forums: help Start New Thread
By: James Hunt
 RE: Retrieve logon names from an AD grupo [ reply ]
2008-02-11 14:47
|
Pretty much. You'll have to loop over values in the group's `member' and launch a new LDAP search for each member, unless you can figure out a suitable way of queuing the dn's and running one big query with a huge OR filter.
Unfortunately, since LDAP isn't relational, concepts like SQL joins don't apply. On the upside, LDAP directories (including AD) are optimized for multiple reads.
|
By: James Hunt
RE: Retrieve logon names from an AD grupo [ reply ]
2008-02-11 14:35
|
|
Once you have the distinguished names of the members of the groups (which is stored in the `member' attribute of the group), you should do a search on them to retrieve the actual person object and from it, the sAMAccountName.
|
By: ax plains
Retrieve logon names from an AD grupo [ reply ]
2008-02-11 11:49
|
Hello everyone,
Does anyone know how to get a list of logon names ("samaccountname") belonging to a group?
I already figured out how to get the names (but not the logons) this way:
groupname = "G-GROUPNAME"
treebase = "OU=Application,OU=Groups,DC=company,DC=com"
user_filter = Net::LDAP::Filter.eq( "CN", groupname )
op_filter = Net::LDAP::Filter.eq( "objectClass", "group" )
dn = Array.new
member = Array.new
cn = Array.new
attrs = ["cn", "member"]
ldap_con.search( :base => treebase, :filter => op_filter & user_filter, :attributes=> attrs) do |entry|
entry.each do |attr, values|
if "#{attr}" == "member" # THIS RETRIEVES THE "NAME" FIELD
members_of = Array.new
values.each { |str| members_of << str.split(',')[0].split('=')[1] }
for element in members_of
member << element
end
end
etc...
Thanks a lot in advance
axplains@yahoo.com
|
|
|
