问题描述
我正在使用 net-ldap gem搜索活动目录.
我可以使用过滤器搜索用户:
I am using the net-ldap gem to search active directory.
I can search for users by using filter:
filter = Net::LDAP::Filter.eq("sAMAccountName", "neil*")
filter2 = ~Net::LDAP::Filter.eq("objectclass", "computer")
joined_filter = Net::LDAP::Filter.join(filter, filter2)
ldap.search(:base => treebase, :filter => joined_filter) do |entry|
puts entry.sAMAccountName
end
这给我所有sAMAccountName以neil开头而不是计算机帐户的用户.
This gives me all the users whose sAMAccountName starts with neil and is not a computer account.
如何添加仅搜索已启用帐户的过滤器?
推荐答案
您可以使用ruleOID LDAP_MATCHING_RULE_BIT_AND规则来检查UserAccountControl.
You can use the ruleOID LDAP_MATCHING_RULE_BIT_AND rule to check UserAccountControl.
我使用此过滤器查找已启用的用户:
I use this filter to find users that are enabled:
(&(objectCategory=organizationalPerson)(objectClass=User)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
如果帐户被禁用,
userAccountControl:1.2.840.113556.1.4.803将设置第2位.
userAccountControl:1.2.840.113556.1.4.803 will have Bit 2 set if the account is disabled.
•1.2.840.113556.1.4.803-这是LDAP_MATCHING_RULE_BIT_AND规则.仅当属性中的所有位均与值匹配时,匹配规则才为true.此规则类似于按位AND运算符.
•1.2.840.113556.1.4.803 - This is the LDAP_MATCHING_RULE_BIT_AND rule. The matching rule is true only if all bits from the property match the value. This rule is like the bitwise AND operator.
•1.2.840.113556.1.4.804-这是LDAP_MATCHING_RULE_BIT_OR规则.如果属性中的任何位与该值匹配,则匹配规则为true.此规则类似于按位OR运算符.
•1.2.840.113556.1.4.804 - This is the LDAP_MATCHING_RULE_BIT_OR rule. The matching rule is true if any bits from the property match the value. This rule is like the bitwise OR operator.
一个示例是当您要在Active Directory中查询已禁用的用户类对象时.包含此信息的属性是userAccountControl属性.此属性由不同标志的组合组成.用于设置要禁用的对象的标志是UF_ACCOUNTDISABLE,其值为0x02(十进制2).用UF_ACCOUNTDISABLED设置位来指定userAccountControl的按位比较过滤器将类似于以下内容:(UserAccountControl:1.2.840.113556.1.4.803:= 2)
An example is when you want to query Active Directory for user class objects that are disabled. The attribute that holds this information is the userAccountControl attribute. This attribute is composed of a combination of different flags. The flag for setting the object that you want to disable is UF_ACCOUNTDISABLE, which has a value of 0x02 (2 decimal). The bitwise comparison filter that specifies userAccountControl with the UF_ACCOUNTDISABLED bit set would resemble this:(UserAccountControl:1.2.840.113556.1.4.803:=2)
这篇关于搜索“已启用"; net-ldap中的Ruby用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!