active_directory 1.1.1

data/lib/active_directory/computer.rb

@@ -0,0 +1,38 @@
+#-- license
+#
+# This file is part of the Ruby Active Directory Project
+# on the web at http://rubyforge.org/projects/activedirectory
+#
+#  Copyright (c) 2008, James Hunt <filefrog@gmail.com>
+#    based on original code by Justin Mecham
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#++ license
+
+module ActiveDirectory
+	class Computer < Base
+		def self.filter # :nodoc:
+			Net::LDAP::Filter.eq(:objectClass,'computer')
+		end
+
+		def self.required_attributes # :nodoc:
+			{ :objectClass => [ 'top', 'person', 'organizationalPerson', 'user', 'computer' ] }
+		end
+
+		def hostname
+			dNSHostName || name
+		end
+	end
+end

data/lib/active_directory/container.rb

@@ -0,0 +1,117 @@
+#-- license
+#
+# This file is part of the Ruby Active Directory Project
+# on the web at http://rubyforge.org/projects/activedirectory
+#
+#  Copyright (c) 2008, James Hunt <filefrog@gmail.com>
+#    based on original code by Justin Mecham
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#++ license
+
+module ActiveDirectory
+	#
+	# The ActiveDirectory::Container class represents a more malleable way
+	# of dealing with LDAP Distinguished Names (dn), like
+	# "cn=UserName,ou=Users,dc=example,dc=org".
+	#
+	# The following two representations of the above dn are identical:
+	#
+	#   dn = "cn=UserName,ou=Users,dc=example,dc=org"
+	#   dn = ActiveDirectory::Container.dc('org').dc('example').ou('Users').cn('UserName').to_s
+	#
+	class Container
+		attr_reader :type
+		attr_reader :name
+		attr_reader :parent
+
+		def initialize(type, name, node = nil) #:nodoc:
+			@type = type
+			@name = name
+			@node = node
+		end
+
+		#
+		# Creates a starting OU (Organizational Unit) dn part.
+		#
+		#   # ou_part = "ou=OrganizationalUnit"
+		#   ou_part = ActiveDirectory::Container.ou('OrganizationalUnit').to_s
+		#
+		def self.ou(name)
+			new(:ou, name, nil)
+		end
+
+		#
+		# Creates a starting DC (Domain Component) dn part.
+		#
+		#   # dc_part = "dc=net"
+		#   dc_part = ActiveDirectory::Container.dc('net').to_s
+		#
+		def self.dc(name)
+			new(:dc, name, nil)
+		end
+
+		#
+		# Creates a starting CN (Canonical Name) dn part.
+		#
+		#   # cn_part = "cn=CanonicalName"
+		#   cn_part = ActiveDirectory::Container.cn('CanonicalName').to_s
+		#
+		def self.cn(name)
+			new(:cn, name, nil)
+		end
+
+		#
+		# Appends an OU (Organizational Unit) dn part to another Container.
+		#
+		#   # ou = "ou=InfoTech,dc=net"
+		#   ou = ActiveDirectory::Container.dc("net").ou("InfoTech").to_s
+		#
+		def ou(name)
+			self.class.new(:ou, name, self)
+		end
+
+		#
+		# Appends a DC (Domain Component) dn part to another Container.
+		#
+		#   # base = "dc=example,dc=net"
+		#   base = ActiveDirectory::Container.dc("net").dc("example").to_s
+		#
+		def dc(name)
+			self.class.new(:dc, name, self)
+		end
+
+		#
+		# Appends a CN (Canonical Name) dn part to another Container.
+		#
+		#    # user = "cn=UID,ou=Users"
+		#    user = ActiveDirectory::Container.ou("Users").cn("UID")
+		#
+		def cn(name)
+			self.class.new(:cn, name, self)
+		end
+
+		#
+		# Converts the Container object to its String representation.
+		#
+		def to_s
+			@node ? "#{@type}=#{name},#{@node.to_s}" : "#{@type}=#{name}"
+		end
+
+		def ==(other) #:nodoc:
+			to_s.downcase == other.to_s.downcase
+		end
+	end
+end

data/lib/active_directory/field_type/binary.rb

@@ -0,0 +1,42 @@
+#-- license
+#
+# This file is part of the Ruby Active Directory Project
+# on the web at http://rubyforge.org/projects/activedirectory
+#
+#  Copyright (c) 2008, James Hunt <filefrog@gmail.com>
+#    based on original code by Justin Mecham
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#++ license
+
+module ActiveDirectory
+  module FieldType
+    class Guid
+      #
+      # Encodes a hex string into a GUID
+      #
+      def self.encode(hex_string)
+        hex_string.to_a.pack("H*")
+      end
+
+      #
+      # Decodes a binary GUID as a hex string
+      #
+      def self.decode(guid)
+        guid.unpack("H*")
+      end
+    end
+  end
+end

data/lib/active_directory/field_type/date.rb

@@ -0,0 +1,42 @@
+#-- license
+#
+# This file is part of the Ruby Active Directory Project
+# on the web at http://rubyforge.org/projects/activedirectory
+#
+#  Copyright (c) 2008, James Hunt <filefrog@gmail.com>
+#    based on original code by Justin Mecham
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#++ license
+
+module ActiveDirectory
+  module FieldType
+    class Date
+      #
+      # Converts a time object into an ISO8601 format compatable with Active Directory
+      # 
+      def self.encode(local_time)
+        local_time.strftime('%Y%m%d%H%M%S.0Z')
+      end
+
+      #
+      # Decodes an Active Directory date when stored as ISO8601
+      #
+      def self.decode(remote_time)
+        Time.parse(remote_time)
+      end
+    end
+  end
+end

data/lib/active_directory/field_type/password.rb

@@ -0,0 +1,42 @@
+#-- license
+#
+# This file is part of the Ruby Active Directory Project
+# on the web at http://rubyforge.org/projects/activedirectory
+#
+#  Copyright (c) 2008, James Hunt <filefrog@gmail.com>
+#    based on original code by Justin Mecham
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#++ license
+
+module ActiveDirectory
+	class Password
+		#
+		# Encodes an unencrypted password into an encrypted password
+		# that the Active Directory server will understand.
+		#
+		def self.encode(password)
+			("\"#{password}\"".split(//).collect { |c| "#{c}\000" }).join
+		end
+
+		#
+		# Always returns nil, since you can't decrypt the User's encrypted
+		# password.
+		#
+		def self.decode(hashed)
+			nil
+		end
+	end
+end

data/lib/active_directory/field_type/timestamp.rb

@@ -0,0 +1,48 @@
+#-- license
+#
+# This file is part of the Ruby Active Directory Project
+# on the web at http://rubyforge.org/projects/activedirectory
+#
+#  Copyright (c) 2008, James Hunt <filefrog@gmail.com>
+#    based on original code by Justin Mecham
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#++ license
+
+module ActiveDirectory
+	module FieldType
+		class Timestamp
+			AD_DIVISOR = 10_000_000     #:nodoc:
+			AD_OFFSET  = 11_644_473_600 #:nodoc:
+
+			#
+			# Encodes a local Time object (or the number of seconds since January
+			# 1, 1970) into a timestamp that the Active Directory server can
+			# understand (number of 100 nanosecond time units since January 1, 1600)
+			# 
+			def self.encode(local_time)
+				(local_time.to_i + AD_OFFSET) * AD_DIVISOR
+			end
+
+			#
+			# Decodes an Active Directory timestamp (the number of 100 nanosecond time
+			# units since January 1, 1600) into a Ruby Time object.
+			#
+			def self.decode(remote_time)
+				Time.at( (remote_time.to_i / AD_DIVISOR) - AD_OFFSET )
+			end
+		end
+	end
+end

data/lib/active_directory/group.rb

@@ -0,0 +1,162 @@
+#-- license
+#
+# This file is part of the Ruby Active Directory Project
+# on the web at http://rubyforge.org/projects/activedirectory
+#
+#  Copyright (c) 2008, James Hunt <filefrog@gmail.com>
+#    based on original code by Justin Mecham
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#++ license
+
+module ActiveDirectory
+	class Group < Base
+		include Member
+
+		def self.filter # :nodoc:
+			Net::LDAP::Filter.eq(:objectClass,'group')
+		end
+
+		def self.required_attributes # :nodoc:
+			{ :objectClass => [ 'top', 'group' ] }
+		end
+
+		def reload # :nodoc:
+			@member_users_non_r  = nil
+			@member_users_r      = nil
+			@member_groups_non_r = nil
+			@member_groups_r     = nil
+			@groups              = nil
+			super
+		end
+
+		#
+		# Returns true if the passed User or Group object belongs to
+		# this group. For performance reasons, the check is handled
+		# by the User or Group object passed.
+		#
+		def has_member?(user)
+			user.member_of?(self)
+		end
+
+		#
+		# Add the passed User or Group object to this Group. Returns true if
+		# the User or Group is already a member of the group, or if the operation
+		# to add them succeeds.
+		#
+		def add(new_member)
+			return false unless new_member.is_a?(User) || new_member.is_a?(Group)
+			if @@ldap.modify(:dn => distinguishedName, :operations => [
+				[ :add, :member, new_member.distinguishedName ]
+			])
+				return true
+			else
+				return has_member?(new_member)
+			end
+		end
+
+		#
+		# Remove a User or Group from this Group. Returns true if the User or
+		# Group does not belong to this Group, or if the oepration to remove them
+		# succeeds.
+		#
+		def remove(member)
+			return false unless member.is_a?(User) || member.is_a?(Group)
+			if @@ldap.modify(:dn => distinguishedName, :operations => [
+				[ :delete, :member, member.distinguishedName ]
+			])
+				return true
+			else
+				return !has_member?(member)
+			end
+		end
+
+		def has_members?
+			begin
+				return (@entry.member.nil? || @entry.member.empty?) ? false : true
+			rescue NoMethodError
+				return false
+			end
+		end
+
+		#
+		# Returns an array of all User objects that belong to this group.
+		#
+		# If the recursive argument is passed as false, then only Users who
+		# belong explicitly to this Group are returned.
+		#
+		# If the recursive argument is passed as true, then all Users who
+		# belong to this Group, or any of its subgroups, are returned.
+		# 
+		def member_users(recursive = false)
+			return [] unless has_members?
+			if recursive
+				if @member_users_r.nil?
+					@member_users_r = []
+					@entry.member.each do |member_dn|
+						subuser = User.find_by_distinguishedName(member_dn)
+						if subuser
+							@member_users_r << subuser
+						else
+							subgroup = Group.find_by_distinguishedName(member_dn)
+							if subgroup
+								@member_users_r = @member_users_r.concat(subgroup.member_users(true))
+							end
+						end
+					end
+				end
+				return @member_users_r
+			else
+				@member_users_non_r ||= @entry.member.collect { |dn| User.find_by_distinguishedName(dn) }.delete_if { |u| u.nil? }
+			end
+		end
+
+		#
+		# Returns an array of all Group objects that belong to this group.
+		#
+		# If the recursive argument is passed as false, then only Groups that
+		# belong explicitly to this Group are returned.
+		#
+		# If the recursive argument is passed as true, then all Groups that
+		# belong to this Group, or any of its subgroups, are returned.
+		# 
+		def member_groups(recursive = false)
+			return [] unless has_members?
+			if recursive
+				if @member_groups_r.nil?
+					@member_groups_r = []
+					@entry.member.each do |member_dn|
+						subgroup = Group.find_by_distinguishedName(member_dn)
+						if subgroup
+							@member_groups_r << subgroup
+							@member_groups_r = @member_groups_r.concat(subgroup.member_groups(true))
+						end
+					end
+				end
+				return @member_groups_r
+			else
+				@member_groups_non_r ||= @entry.member.collect { |dn| Group.find_by_distinguishedName(dn) }.delete_if { |g| g.nil? }
+			end
+		end
+
+		#
+		# Returns an array of Group objects that this Group belongs to.
+		#
+		def groups
+			return [] if memberOf.nil?
+			@groups ||= memberOf.collect { |group_dn| Group.find_by_distinguishedName(group_dn) }
+		end
+	end
+end