Updated 2011-11-10 01:07:50 by AMG

Active Directory [1] is Microsoft's implementation of, among other things, LDAP services.

Two approaches to AD work [2] are:

  • through standard LDAP tools
  • through Microsoft's own ADSI-based utilities, which often involve extra-LDAP functionality.

I like this [3] reference to Microsoft's own AD Searches [sic] Tools. Note, though, that the previous page fails to mention ldifde and csvde, which, despite the appearance of their documentation [4] [5], are available for Windows Server 2000. Also significant is schemadocfile [6].

LV 2009-Sep-15 So, does anyone have an example of interacting with Active Directory from Tcl? In particular, what I'd like to be able to do is find a simple way to get information about the users on AD so that I can audit the information (to determine whether the user's attributes like department, room number, etc. are correct).

Little example. LDAP authentication function.
package require ldap
foreach SERVER [list ad1 ad2] {
        if {[catch {set handle [ldap::connect $SERVER $ad_tcp_port]} err]} {
                puts "ldap::connect: $err"
        if {[catch {set tok [ldap::bind $handle $User $Passwd]} err]} {
                # Auth problem, skip next ad server
                catch {ldap::disconnect $handle} err
        } else  {
                # User/Passwd OK

catch {ldap::unbind $handle} err
catch {ldap::disconnect $handle} err