class LdapFluff::ActiveDirectory::MemberService
Naughty bits of active directory ldap queries
Attributes
ldap[RW]
Public Class Methods
new(ldap, group_base)
click to toggle source
# File lib/ldap_fluff/ad_member_service.rb, line 8 def initialize(ldap, group_base) @ldap = ldap @group_base = group_base end
Public Instance Methods
_group_names_from_cn(grouplist)
click to toggle source
extract the group names from the LDAP style response, return string will be something like CN=bros,OU=bropeeps,DC=jomara,DC=redhat,DC=com
AD group proc from erniemiller.org/2008/04/04/simplified-active-directory-authentication/
I think we would normally want to just do the collect at the end, but we need the individual names for recursive queries
# File lib/ldap_fluff/ad_member_service.rb, line 79 def _group_names_from_cn(grouplist) p = proc { |g| g.sub(/.*?CN=(.*?),.*/, '\1') } grouplist.collect(&p) end
_groups_from_ldap_data(payload)
click to toggle source
return the :memberof attrs + parents, recursively
# File lib/ldap_fluff/ad_member_service.rb, line 33 def _groups_from_ldap_data(payload) data = [] if !payload.nil? first_level = _group_names_from_cn(payload[:memberof]) total_groups = _walk_group_ancestry(first_level) data = (first_level + total_groups).uniq end data end
_walk_group_ancestry(gids = [])
click to toggle source
recursively loop over the parent list
# File lib/ldap_fluff/ad_member_service.rb, line 44 def _walk_group_ancestry(gids = []) set = [] gids.each do |g| filter = group_filter(g) & class_filter search = @ldap.search(:filter => filter, :base => @group_base) if !search.nil? && !search.first.nil? group = search.first set += _group_names_from_cn(group[:memberof]) set += _walk_group_ancestry(set) end end set end
class_filter()
click to toggle source
# File lib/ldap_fluff/ad_member_service.rb, line 62 def class_filter Net::LDAP::Filter.eq("objectclass", "group") end
find_group(gid)
click to toggle source
# File lib/ldap_fluff/ad_member_service.rb, line 26 def find_group(gid) data = @ldap.search(:filter => group_filter(gid), :base => @group_base) raise GIDNotFoundException if (data.nil? || data.empty?) data end
find_user(uid)
click to toggle source
# File lib/ldap_fluff/ad_member_service.rb, line 20 def find_user(uid) data = @ldap.search(:filter => name_filter(uid)) raise UIDNotFoundException if (data.nil? || data.empty?) data end
find_user_groups(uid)
click to toggle source
get a list [] of ldap groups for a given user in active directory, this means a recursive lookup
# File lib/ldap_fluff/ad_member_service.rb, line 15 def find_user_groups(uid) data = find_user(uid) _groups_from_ldap_data(data.first) end
group_filter(gid)
click to toggle source
# File lib/ldap_fluff/ad_member_service.rb, line 58 def group_filter(gid) Net::LDAP::Filter.eq("cn", gid) end
name_filter(uid)
click to toggle source
# File lib/ldap_fluff/ad_member_service.rb, line 66 def name_filter(uid) Net::LDAP::Filter.eq("samaccountname", uid) end