Getting user and group information from Active Directory via LDAP is nearly easy, but I came across one hurdle. If you retrieve a user, you might get something like this:
{ :smaccountname => ['jeremy'], :dn => ‘["CN=Jeremy Wells,CN=Users,DC=domain,DC=boost,DC=co,DC=nz"], :primarygroupid => ['1114'], :objectsid => ["010500000000000525000000\210B ?\23302r\255ոT040000"] }
If you then wanted to get the users primary group, you’d need to search using that primary group id. But you’d find there is no corresponding id on the group object, which looks as thus:
{ :samaccountname=>["Students"], :dn=>["CN=Students,OU=Groups,DC=domain,DC=boost,DC=co,DC=nz"], :objectsid=>["010500000000000525000000\210B ?\23302r\255ոZ040000"], :name=>["Students"] }
But notice the binary field :objectsid. This is the binary form of the string you may see sometimes when using AD, called SID, and it looks something like “S-1-5-21-123-456-789″. In order to find the users group you would take the :primarygroupid and the users :objectsid to generate the groups SID.
Space Intruder Detector (SID) UFO © ITV Global Entertainment
