本文介绍了搜索“已启用"net-ldap for Ruby 中的用户的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在使用 net-ldap gem 来搜索活动目录.
我可以使用过滤器搜索用户:

I am using the net-ldap gem to search active directory.
I can search for users by using filter:

filter = Net::LDAP::Filter.eq("sAMAccountName", "neil*")
filter2 = ~Net::LDAP::Filter.eq("objectclass", "computer")

joined_filter = Net::LDAP::Filter.join(filter, filter2)

ldap.search(:base => treebase, :filter => joined_filter) do |entry|
   puts entry.sAMAccountName
end

这给了我 sAMAccountName 以 neil 开头且不是计算机帐户的所有用户.

This gives me all the users whose sAMAccountName starts with neil and is not a computer account.

如何添加仅搜索已启用帐户的过滤器?

推荐答案

您可以使用 ruleOID LDAP_MATCHING_RULE_BIT_AND 规则来检查 UserAccountControl.

You can use the ruleOID LDAP_MATCHING_RULE_BIT_AND rule to check UserAccountControl.

我使用此过滤器来查找已启用的用户:

I use this filter to find users that are enabled:

(&(objectCategory=organizationalPerson)(objectClass=User)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

userAccountControl:1.2.840.113556.1.4.803 如果帐户被禁用,将设置第 2 位.

userAccountControl:1.2.840.113556.1.4.803 will have Bit 2 set if the account is disabled.

ruleOID 的值可以是以下之一:

•1.2.840.113556.1.4.803 - 这是 LDAP_MATCHING_RULE_BIT_AND 规则.仅当属性中的所有位都与值匹配时,匹配规则才为真.此规则类似于按位 AND 运算符.

•1.2.840.113556.1.4.803 - This is the LDAP_MATCHING_RULE_BIT_AND rule. The matching rule is true only if all bits from the property match the value. This rule is like the bitwise AND operator.

•1.2.840.113556.1.4.804 - 这是 LDAP_MATCHING_RULE_BIT_OR 规则.如果属性中的任何位与值匹配,则匹配规则为真.此规则类似于按位 OR 运算符.

•1.2.840.113556.1.4.804 - This is the LDAP_MATCHING_RULE_BIT_OR rule. The matching rule is true if any bits from the property match the value. This rule is like the bitwise OR operator.

一个例子是当您想要查询 Active Directory 以查找被禁用的用户类对象时.保存此信息的属性是 userAccountControl 属性.该属性由不同标志的组合组成.用于设置要禁用的对象的标志是 UF_ACCOUNTDISABLE,其值为 0x02(2 位十进制).使用 UF_ACCOUNTDISABLED 位集指定 userAccountControl 的按位比较过滤器将类似于:(UserAccountControl:1.2.840.113556.1.4.803:=2)

An example is when you want to query Active Directory for user class objects that are disabled. The attribute that holds this information is the userAccountControl attribute. This attribute is composed of a combination of different flags. The flag for setting the object that you want to disable is UF_ACCOUNTDISABLE, which has a value of 0x02 (2 decimal). The bitwise comparison filter that specifies userAccountControl with the UF_ACCOUNTDISABLED bit set would resemble this:(UserAccountControl:1.2.840.113556.1.4.803:=2)

这篇关于搜索“已启用"net-ldap for Ruby 中的用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-21 00:09