Wednesday, October 04, 2006

Adding a custom attribute to the user class in Active Directory, then fetching it via Ruby


First, install adminpak.msi from windows\system32 and then add the following registry key:

Key: HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
Value: "Schema Update Allowed" = 0x1

Then run schmmgmt.msc. Right click on "Attributes" and "Create Attribute" as the "imsid" attribute, specifiying the x500 oid as created from oidgen.exe. Index it, activate it, and allow it to be shown in advanced view.

Lastly, go to the properties of the "user" class, select the "Attributes" tab. Add an "optional" attribute by finding the "imsid" attribute.

Now, using ADAM-adsiedit.msc, the Administrator can connect to the AD tree and update users' attributes with the appropriate imsids:

Right-click on ADAM ADSI Edit, select "Connect to..."
select "Distinguished name or naming context"
enter "cn=users,dc=devdomain,dc=it,dc=vital" (adjust dc values as necessary)
click "Ok"
expand the tree, find the CN of the user to edit
right-click on user, select "Properties"
find the "imsid" attribute, edit, apply


Here's the ultra-basic Ruby code that will lookup and print the imsid attribute:

require 'ldap'

host = ""
port = 389
username = "servuser"
login = ""
password = "mypassword"
found_imsid = "not_found"
dn = "cn=users,dc=devdomain,dc=it,dc=vital"

connection =,port)
connection.bind(login, password)

result = connection.search2( dn, LDAP::LDAP_SCOPE_SUBTREE, "cn=#{username}", ["imsid"])

if(result.size == 1)
found_imsid = result.first["imsid"][0]

p found_imsid

No comments: