class LdapFluff::ActiveDirectory::MemberService

Naughty bits of active directory ldap queries

Attributes

ldap[RW]

Public Class Methods

new(ldap, group_base) click to toggle source
# File lib/ldap_fluff/ad_member_service.rb, line 8
def initialize(ldap, group_base)
  @ldap       = ldap
  @group_base = group_base
end

Public Instance Methods

_group_names_from_cn(grouplist) click to toggle source

extract the group names from the LDAP style response, return string will be something like CN=bros,OU=bropeeps,DC=jomara,DC=redhat,DC=com

AD group proc from erniemiller.org/2008/04/04/simplified-active-directory-authentication/

I think we would normally want to just do the collect at the end, but we need the individual names for recursive queries

# File lib/ldap_fluff/ad_member_service.rb, line 79
def _group_names_from_cn(grouplist)
  p = proc { |g| g.sub(/.*?CN=(.*?),.*/, '\1') }
  grouplist.collect(&p)
end
_groups_from_ldap_data(payload) click to toggle source

return the :memberof attrs + parents, recursively

# File lib/ldap_fluff/ad_member_service.rb, line 33
def _groups_from_ldap_data(payload)
  data = []
  if !payload.nil?
    first_level  = _group_names_from_cn(payload[:memberof])
    total_groups = _walk_group_ancestry(first_level)
    data         = (first_level + total_groups).uniq
  end
  data
end
_walk_group_ancestry(gids = []) click to toggle source

recursively loop over the parent list

# File lib/ldap_fluff/ad_member_service.rb, line 44
def _walk_group_ancestry(gids = [])
  set = []
  gids.each do |g|
    filter = group_filter(g) & class_filter
    search = @ldap.search(:filter => filter, :base => @group_base)
    if !search.nil? && !search.first.nil?
      group = search.first
      set  += _group_names_from_cn(group[:memberof])
      set  += _walk_group_ancestry(set)
    end
  end
  set
end
class_filter() click to toggle source
# File lib/ldap_fluff/ad_member_service.rb, line 62
def class_filter
  Net::LDAP::Filter.eq("objectclass", "group")
end
find_group(gid) click to toggle source
# File lib/ldap_fluff/ad_member_service.rb, line 26
def find_group(gid)
  data = @ldap.search(:filter => group_filter(gid), :base => @group_base)
  raise GIDNotFoundException if (data.nil? || data.empty?)
  data
end
find_user(uid) click to toggle source
# File lib/ldap_fluff/ad_member_service.rb, line 20
def find_user(uid)
  data = @ldap.search(:filter => name_filter(uid))
  raise UIDNotFoundException if (data.nil? || data.empty?)
  data
end
find_user_groups(uid) click to toggle source

get a list [] of ldap groups for a given user in active directory, this means a recursive lookup

# File lib/ldap_fluff/ad_member_service.rb, line 15
def find_user_groups(uid)
  data = find_user(uid)
  _groups_from_ldap_data(data.first)
end
group_filter(gid) click to toggle source
# File lib/ldap_fluff/ad_member_service.rb, line 58
def group_filter(gid)
  Net::LDAP::Filter.eq("cn", gid)
end
name_filter(uid) click to toggle source
# File lib/ldap_fluff/ad_member_service.rb, line 66
def name_filter(uid)
  Net::LDAP::Filter.eq("samaccountname", uid)
end