Ruby - AD/LDAP auth - read user details

Question

I am trying LDAP/Active directory authentication. This code is working perfectly, I can authenticate. My question is - How do I retrieve user information from AD? I want to read firstname, lastname, fullname, email etc from AD for the authenticated user.

Answer 1

In LDAP, users do not authenticate, connections are authenticated. Once the authorization state of the connection has been established (by a successful bind request), code that desires to retrieve information from the directory must transmit a search request to the directory server and then interpret the response.

Search requests must contain a minimum the following parameters:

• the base object at which the search starts (no objects above the base objects are returned)
• the scope of the search: base is the base object itself, one is the base object and one level below thw base object, sub is the base object and all entries below the base object.
• a filter which limits the entries returned to those entries which match the assertion in the filter

A list of attributes can also be supplied, though many, but not all, LDAP APIs will request all user attributes if none are supplied in the search request.

see also

• LDAP: Mastering Search Filters
• LDAP: Search best practices
• LDAP: Programming practices