First, install adminpak.msi from windows\system32 and then add the following registry key:
Key: HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
Value: "Schema Update Allowed" = 0x1
Then run schmmgmt.msc. Right click on "Attributes" and "Create Attribute" as the "imsid" attribute, specifiying the x500 oid as created from oidgen.exe. Index it, activate it, and allow it to be shown in advanced view.
Lastly, go to the properties of the "user" class, select the "Attributes" tab. Add an "optional" attribute by finding the "imsid" attribute.
Now, using ADAM-adsiedit.msc, the Administrator can connect to the AD tree and update users' attributes with the appropriate imsids:
Right-click on ADAM ADSI Edit, select "Connect to..."
select "Distinguished name or naming context"
enter "cn=users,dc=devdomain,dc=it,dc=vital" (adjust dc values as necessary)
click "Ok"
expand the tree, find the CN of the user to edit
right-click on user, select "Properties"
find the "imsid" attribute, edit, apply
Done.
Here's the ultra-basic Ruby code that will lookup and print the imsid attribute:
require 'ldap'
host = "192.168.88.20"
port = 389
username = "servuser"
login = "servuser@devdomain.it.vital"
password = "mypassword"
found_imsid = "not_found"
dn = "cn=users,dc=devdomain,dc=it,dc=vital"
connection = LDAP::Conn.new(host,port)
connection.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION,3)
connection.bind(login, password)
result = connection.search2( dn, LDAP::LDAP_SCOPE_SUBTREE, "cn=#{username}", ["imsid"])
if(result.size == 1)
found_imsid = result.first["imsid"][0]
end
p found_imsid
No comments:
Post a Comment