Active Directory

Active Directory [1 ] is Microsoft's implementation of, among other things, LDAP services.

Two approaches to AD work [2 ] are:

  • through standard LDAP tools
  • through Microsoft's own ADSI-based utilities, which often involve extra-LDAP functionality.

I like this [6 ] reference to Microsoft's own AD Searches [sic] Tools. Note, though, that the previous page fails to mention ldifde and csvde, which, despite the appearance of their documentation [5 ] [4 ], are available for Windows Server 2000. Also significant is schemadocfile [3 ].


LV 2009-Sep-15 So, does anyone have an example of interacting with Active Directory from Tcl? In particular, what I'd like to be able to do is find a simple way to get information about the users on AD so that I can audit the information (to determine whether the user's attributes like department, room number, etc. are correct).


Little example. LDAP authentication function.

package require ldap
                
foreach SERVER [list ad1 ad2] {
                    
        if {[catch {set handle [ldap::connect $SERVER $ad_tcp_port]} err]} {
                puts "ldap::connect: $err"
                continue
        }
        if {[catch {set tok [ldap::bind $handle $User $Passwd]} err]} {
                # Auth problem, skip next ad server
                catch {ldap::disconnect $handle} err
                continue
        } else  {
                # User/Passwd OK
                break
        }
}

catch {ldap::unbind $handle} err
catch {ldap::disconnect $handle} err