The following is a step by step tour through the process I went through to get Ruby to talk to Window Server 2003’s ActiveDirectory. Disclaimer: I am not a Windows guy, and I’m CERTAINLY not an ActiveDirectory/LDAP guy, so … yeah ..

Getting the required files

First thing we need are the Ruby/LDAP bindings from http://sourceforge.net/projects/ruby-ldap/. Follow the README on how to build this, or for the lazy:

ruby extconf.rb
make
sudo make install

Lets test. Pop open irb and try:

require 'ldap'

If everything installed properly, this should return true. Now the tough part …

Deciphering LDAP

I am new to LDAP. This made it even tougher to decipher LDAP’s cryptic naming scheme. Here is a glossary of terms you should probably not reel at the site of.

Gathering the Necessary Information

Ok, lets get some basic information about your users and domains. This is an easy step, or at least it was for me. From your Windows machine, open up cmd and type:

dsquery user

This should give you some good information. such as the CN, OU, and DC values.

Establishing a Connection and Doing Fancy Things

Alrighty, fire up irb or an editor and try the following:

require 'ldap'

host = 'miro' # host name of the ldap server
port = 389

# NOTE! The order of the values in your BASE string is important!
base = 'ou=VoltaicUsers,dc=voltaiccommerce,dc=com'
name = 'Britt Selvitelle'
password = 'woohoo'

conn = LDAP::Conn.new(host, port)
conn.set_option( LDAP::LDAP_OPT_PROTOCOL_VERSION, 3 )
conn.bind("cn=#{name},ou=VoltaicUsers,dc=voltaiccommerce,dc=com", password)

# Now lests try a query!
results = conn.search2(base, LDAP::LDAP_SCOPE_SUBTREE, '(cn=*)',['cn', 'sAMAccountName'])
puts results.inspect

Unfortunately, error messages returned are not the most descriptive, so if your bind parameters are wrong it can be difficult to diagnose the problem. For example:

conn.bind("", "")

followed by a query will return:

LDAP::ResultError: Operations error
        from (irb):23:in `search2'
        from (irb):23

If you’re incredibly stubborn and keep trying like a monkey with a hammer, you should get it eventually.

Authenticating Based on Your Windows Login

You may have noticed that the only way to bind to a connection is via the CommonName. Not very handy when all your users are used to logging in with their regular logins. My solution has been to connect as an extremely unprivileged user, query for the sAMAccountName/CN pair, and reconnect with the appropriate CN. This is slightly (read ‘horribly’) ugly, so if anyone knows a better way to validate using a user’s normal login, please let me know!

High speed super clusters feverishly burning around the clock, relentlessly working at a painsakingly designed, yet unbelievably elegant image processing algorithm? Nah, just pay a 15 year old 3 cents to do it in 30 seconds.

Amazon has a soon to be released service called the “Mechanical Turk.” The name comes from the chess machine built in the 18th century that soundly beat almost every opponent it played, when in fact it was an apparently very small chessmaster, cleverly concealed.

The idea is that while computers are amazing at doing many things, there are still a number of tasks, often in the computer vision field, that are trivial for a person, but very difficult to solve algorithmically. For example,

Find the store most likely to sell me a cup of coffee in this photo of a strip mall.

Enter Mechanical Turk.

Turk is a web-api’d service that allows you to post Human Intelligence Tasks (HITs) and corresponding answers. The idea is that you make relatively nothing, a few cents, for one answer, but they take little to no time and can accumulate quickly.

Obviously, there are numerous super cool possibilities with a service like this, but I’d like to start simple .. so my first HIT, valued at 15 cents, is:

Can you or can you not, based on this photo, train a male Carolina Wren to do your dishes?