activedirectory 0.9.3

data/LICENSE

@@ -0,0 +1,24 @@
+
+The ActiveDirectory Module for Ruby is licensed under the MIT license (below).
+
+------------------------------------------------------------------------------
+
+Copyright (c) 2005-2006 Justin Mecham
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to
+deal in the Software without restriction, including without limitation the
+rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+sell copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+IN THE SOFTWARE.

data/README

@@ -0,0 +1,139 @@
+= Active Directory Module for Ruby
+
+This module enables effortless interaction with Active Directory servers.
+
+It is built atop the Ruby/LDAP[http://ruby-ldap.sourceforge.net/] extension
+with explicit support for the idiosyncrasies of Microsoft Windows Servers and
+the LDAP objects defined therein.  This includes support for:
+
+* Users (objectClass=user)
+* Groups (objectClass=group)
+* Additional objects will be supported in future releases (e.g. Computers,
+  Printers, etc)
+
+== Installation
+
+=== RubyGems
+
+The preferred method if installing the Active Directory Module for Ruby is
+with RubyGems[http://docs.rubygems.org/]. Installing with RubyGems is as
+simple as typing:
+
+  gem install activedirectory-x.x.x.gem
+
+If you did not download the gem file and instead have the source distribution
+extracted you may create a gem by typing:
+
+  rake package
+
+in the directory containing the Active Directory Module for Ruby source.
+
+=== Source
+
+If you prefer not to use RubyGems to install the library, you may install the
+module from source by typing:
+
+  ruby install.rb
+
+in the directory containing the Active Directory Module for Ruby source.
+
+== Usage Instructions
+
+=== Including the module
+
+Once installed, you must include the ActiveDirectory module into your project.
+If you are using RubyGems, use:
+
+  require_gem "activedirectory"
+
+Otherwise, include the module with:
+
+  require "activedirectory"
+
+=== Configuring your Active Directory instance
+
+Interacting with an Active Directory instance requires that you first
+configure the connection to a Windows domain controller. This configuration
+needs to be called only once when your application starts up. If you are using
+this module within a Ruby on Rails[http://www.rubyonrails.org/] application,
+you would place this in your environment.rb file.
+
+  ActiveDirectory::Base.server_settings = {
+    :host     => "server.example.com",
+    :username => "username",
+    :password => "password",
+    :domain   => "example.com",
+    :base_dn  => "DC=example,DC=com"
+  }
+
+Once ActiveDirectory::Base has been configured, any call into the API will
+open a new connection to the server on-demand (or use an existing open
+connection).
+
+== Example Usage
+
+=== User Objects
+
+Locating users within a directory is very flexible. You may load individual
+users by their account name (sAMAccountName), their distinguished name (dn),
+or any number of users based on the criteria used in your LDAP search base and
+filters.
+
+  # Load all users (including disabled) within the default Base DN.
+  all_users      = ActiveDirectory::User.find(:all)
+
+  # Load all disabled users within the default Base DN.
+  disabled_users = ActiveDirectory::User.find(:all,
+                     :filter => "(userAccountControl=514)")
+
+  # Load all users who are in the Managers organizational unit whose accounts
+  # are not disabled.
+  managers       = ActiveDirectory::User.find(:all,
+                     :base   => "OU=Managers,DC=example,DC=com",
+                     :filter => "(userAccountControl=512)")
+
+  # Load the user "John Doe" by his sAMAccountName.
+  user = ActiveDirectory::User.find("jdoe")
+
+  # Load the user "John Doe" by his distinguished name (DN).
+  user = ActiveDirectory::User.find("CN=John Doe,CN=Users,DC=example,DC=com")
+
+=== Group Objects
+
+Locating Groups is just as simple as Users, however, you must provide a
+Distinguished Name (DN) for loading.
+
+  # Load all groups within the default Base DN.
+  all_groups = ActiveDirectory::Group.find(:all)
+
+  # Load the "Developers" group by its distinguished name (DN).
+  developers = ActiveDirectory::Group.find("CN=Developers,DC=example,DC=com")
+
+== License
+
+The Active Directory Module for Ruby module is licensed under the MIT License.
+
+  Copyright (c) 2005-2006 Justin Mecham
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy
+  of this software and associated documentation files (the "Software"), to
+  deal in the Software without restriction, including without limitation the
+  rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+  sell copies of the Software, and to permit persons to whom the Software is
+  furnished to do so, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included in
+  all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+  FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+  IN THE SOFTWARE.
+
+== Contact
+
+The Active Directory Module for Ruby is developed and maintained by Justin
+Mecham (jmecham@justin@aspect.net[mailto:jmecham@justin@aspect.net]).

data/Rakefile

@@ -0,0 +1,76 @@
+require 'rubygems'
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+require 'rake/packagetask'
+require 'rake/gempackagetask'
+require File.join(File.dirname(__FILE__), 'lib', 'active_directory', 'version')
+
+PKG_BUILD     = ENV['PKG_BUILD'] ? '.' + ENV['PKG_BUILD'] : ''
+PKG_NAME      = 'activedirectory'
+PKG_VERSION   = ActiveDirectory::VERSION::STRING + PKG_BUILD
+PKG_FILE_NAME = "#{PKG_NAME}-#{PKG_VERSION}"
+
+RELEASE_NAME  = "REL #{PKG_VERSION}"
+
+desc "Default Task"
+task :default => [ :test ]
+
+
+# Run the unit tests
+Rake::TestTask.new { |t|
+  t.libs << "test"
+  t.pattern = 'test/*_test.rb'
+  t.verbose = true
+}
+
+
+# Genereate the RDoc documentation
+Rake::RDocTask.new { |rdoc|
+  rdoc.rdoc_dir = 'doc'
+  rdoc.title = "Active Directory Module for Ruby -- Effortless Interaction with Active Directory"
+  rdoc.options << "--line-numbers" << "--inline-source"
+  rdoc.template = "#{ENV['template']}.rb" if ENV['template']
+  rdoc.rdoc_files.include(['README', 'LICENSE'])
+  rdoc.rdoc_files.include('lib/**/*.rb')
+}
+
+# Create compressed packages
+spec = Gem::Specification.new do |s|
+  s.platform = Gem::Platform::RUBY
+  s.name = PKG_NAME
+  s.summary = "Module for easy interaction with Active Directory servers."
+  s.description = %q{Makes it trivial to integrate with Active Directory servers for information and authentication concerning users and groups.}
+  s.version = PKG_VERSION
+
+  s.author = "Justin Mecham"
+  s.email = "justin@aspect.net"
+
+  s.has_rdoc = true
+  s.requirements << 'none'
+  s.require_path = 'lib'
+  s.autorequire = 'active_directory'
+
+  s.files = [ "Rakefile", "install.rb", "README", "LICENSE" ]
+  s.files = s.files + Dir.glob( "lib/**/*" ).delete_if { |item| item.include?( "\.svn" ) }
+  s.files = s.files + Dir.glob( "test/**/*" ).delete_if { |item| item.include?( "\.svn" ) }
+end
+
+Rake::GemPackageTask.new(spec) do |pkg|
+  pkg.gem_spec = spec
+  pkg.need_tar = true
+  pkg.need_zip = true
+end
+
+
+#desc "Publish the API documentation"
+#task :pgem => [:package] do 
+#  Rake::SshFilePublisher.new("[user@host]", "[path]", "pkg", "#{PKG_FILE_NAME}.gem").upload
+#end
+
+
+#desc "Publish the API documentation"
+#task :pdoc => [:rdoc] do 
+#  Rake::SshDirPublisher.new("[user@host]", "[path]", "doc").upload
+#end
+

data/install.rb

@@ -0,0 +1,27 @@
+require 'rbconfig'
+require 'find'
+require 'ftools'
+
+include Config
+
+$sitedir = CONFIG["sitelibdir"]
+unless $sitedir
+  version = CONFIG["MAJOR"] + "." + CONFIG["MINOR"]
+  $libdir = File.join(CONFIG["libdir"], "ruby", version)
+  $sitedir = $:.find {|x| x =~ /site_ruby/ }
+  if !$sitedir
+    $sitedir = File.join($libdir, "site_ruby")
+  elsif $sitedir !~ Regexp.quote(version)
+    $sitedir = File.join($sitedir, version)
+  end
+end
+
+Dir.chdir("lib")
+
+Find.find("active_directory", "active_directory.rb") { |f|
+  if f[-3..-1] == ".rb"
+    File::install(f, File.join($sitedir, *f.split(/\//)), 0644, true)
+  else
+    File::makedirs(File.join($sitedir, *f.split(/\//)))
+  end
+}

data/lib/active_directory.rb

@@ -0,0 +1,15 @@
+$:.unshift(File.dirname(__FILE__) + "/active_directory/vendor/")
+
+# External Dependencies
+require 'ldap'
+require 'logger'
+
+# Extensions to Ruby
+Dir[File.dirname(__FILE__) + "/active_directory/ext/*.rb"].each { |file|
+  require file
+}
+
+# Active Directory Classes
+require 'active_directory/base'
+require 'active_directory/user'
+require 'active_directory/group'

data/lib/active_directory/base.rb

@@ -0,0 +1,368 @@
+#--
+# Active Directory Module for Ruby
+#
+# Copyright (c) 2005-2006 Justin Mecham
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+# IN THE SOFTWARE.
+#++
+
+module ActiveDirectory
+
+  #
+  # The ActiveDirectory module contains the classes used for communicating with
+  # Active Directory LDAP servers. ActiveDirectory::Base is the basis from which
+  # all classes derive.
+  #
+  class Base
+
+    #
+    # Configuration
+    #
+    @@server_settings = {
+      :host     => "localhost",
+      :port     => 389,
+      :username => nil,
+      :password => nil,
+      :domain   => nil,
+      :base_dn  => nil
+    }
+    cattr_accessor :server_settings
+
+    #
+    # Logging
+    #
+    cattr_writer :logger
+    def self.logger
+      @@logger || Logger.new(STDOUT)
+    end
+
+    #
+    # Returns a connection to the configured Active Directory instance. If a
+    # connection is not already established, it will attempt to establish the
+    # connection.
+    #
+    def self.connection
+      @@connection ||= connect
+    end
+
+    #
+    # Opens and returns a connection to the Active Directory instance. By
+    # default, secure connections will be attempted first while gracefully
+    # falling back to lesser secure methods.
+    #
+    # The order by which connections are attempted are: TLS, SSL, unencrypted.
+    #
+    # Calling #connection will automatically call this method if a connection
+    # has not already been established.
+    #
+    def self.connect
+
+      host = @@server_settings[:host]
+      port = @@server_settings[:port] || 389
+
+      # Attempt to connect using TLS
+      begin
+        connection = LDAP::SSLConn.new(host, port, true)
+        connection.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3)
+        bind(connection)
+        logger.info("ActiveDirectory: Connected to #{@@server_settings[:host]} using TLS...") unless logger.nil?
+      rescue
+        logger.debug("ActiveDirectory: Failed to connect to #{@@server_settings[:host]} using TLS!") unless logger.nil?
+        # Attempt to connect using SSL
+        begin
+          connection = LDAP::SSLConn.new(host, port, false)
+          connection.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3)
+          bind(connection)
+          logger.info("ActiveDirectory: Connected to #{@@server_settings[:host]} over SSL...") unless logger.nil?
+        rescue
+          logger.debug("ActiveDirectory: Failed to connect to #{@@server_settings[:host]} over SSL!") unless logger.nil?
+          # Attempt to connect without encryption
+          begin
+            connection = LDAP::Conn.new(host, port)
+            connection.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3)
+            bind(connection)
+            logger.info("ActiveDirectory: Connected to #{@@server_settings[:host]} without encryption!") unless logger.nil?
+          rescue
+            logger.error("ActiveDirectory: Failed to connect to #{@@server_settings[:host]}!") unless logger.nil?
+            puts "EXCEPTION: #{$!}"
+            connection = nil
+            raise
+          end
+        end
+      end
+
+      connection.set_option(LDAP::LDAP_OPT_REFERRALS, 0)
+
+      connection
+    
+    end
+
+    #
+    # Unbinds (if bound) and closes the current connection.
+    #
+    def self.close
+      begin
+        @@connection.unbind unless @@connection.nil?
+      rescue
+      end
+      @@connection = nil
+    end
+
+    #
+    # Attempts to reconnect to the server by closing the existing connection
+    # and reconnecting.
+    #
+    def self.reconnect
+      close
+      @@connection = connect
+    end
+
+    #
+    # Search interface for querying for objects within the directory, such as
+    # users and groups. Searching the directory is quite similar to a normal
+    # LDAP search, but with a better API.
+    #
+    # If you call this method from User or Group, it will narrow your searches
+    # to those specific objects by default. Calling this method on Base will
+    # return objects of any class and provides the most flexibility.
+    #
+    # ==== Searching Users
+    #
+    # Users may be located within the directory by their distinguished name
+    # (DN), their username (sAMAccountName), or through any other valid LDAP
+    # filter and optional search base.
+    #
+    #  # Load all users (including disabled) within the default Base DN.
+    #  all_users      = ActiveDirectory::User.find(:all)
+    #
+    #  # Load all disabled users within the default Base DN.
+    #  disabled_users = ActiveDirectory::User.find(:all,
+    #                     :filter => "(userAccountControl=514)")
+    #
+    #  # Load all users who are in the Managers organizational unit whose
+    #  # accounts are not disabled.
+    #  managers       = ActiveDirectory::User.find(:all,
+    #                     :base   => "OU=Managers,DC=example,DC=com",
+    #                     :filter => "(userAccountControl=512)")
+    #
+    #  # Load the user "John Doe" by his sAMAccountName.
+    #  user = ActiveDirectory::User.find("jdoe")
+    #
+    #  # Load the user "John Doe" by his distinguished name (DN).
+    #  user = ActiveDirectory::User.find("CN=John Doe,CN=Users,DC=example,DC=com")
+    #
+    # ==== Searching Groups
+    #
+    # Groups may be located within the diretctory by their distinguished name
+    # (DN) or through any other valid LDAP filter and optional search base.
+    #
+    #  # Load all groups within the default Base DN.
+    #  all_groups = ActiveDirectory::Group.find(:all)
+    #
+    #  # Load the "Developers" group by its distinguished name (DN).
+    #  developers = ActiveDirectory::Group.find("CN=Developers,DC=example,DC=com")
+    #
+    # ==== More Advanced Examples
+    #
+    # By calling ActiveDirectory::Base#find you can query objects across
+    # classes, allowing you to pull in both Groups and Users that match your
+    # criteria.
+    #
+    #  # Load all Contacts
+    #  contacts = ActiveDirectory::Base.find(:all,
+    #               :filter => "(&(objectClass=User)(objectCategory=Contact))")
+    #
+    def self.find(*args)
+
+      options    = extract_options_from_args!(args)
+      attributes = [ "distinguishedName", "objectClass" ]
+
+      # Determine the appropriate search filter
+      if self.name == "ActiveDirectory::Base"
+        if options[:filter]
+          filter = options[:filter]
+        else
+          filter = "(|(&(objectCategory=Person)(objectClass=User))(objectClass=Group))"
+        end
+      else
+        subklass = class_name_of_active_directory_descendent(self)
+        if subklass == "ActiveDirectory::User"
+          filter = "(&(objectCategory=Person)(objectClass=User)#{options[:filter]})"
+        elsif subklass == "ActiveDirectory::Group"
+          filter = "(&(objectClass=Group)#{options[:filter]})"
+        end
+      end
+
+      # Determine the appropriate search base
+      base_dn = options[:base] ? options[:base] : @@server_settings[:base_dn]
+
+      # Determine the appropriate scope
+      scope = options[:scope] ? options[:scope] : LDAP::LDAP_SCOPE_SUBTREE
+
+      # Load all matching objects
+      if args.first == :all
+
+        logger.debug "Searching Active Directory" \
+                     " - Filter: #{filter}" \
+                     " - Search Base: #{base_dn} " \
+                     " - Scope: #{scope}"
+
+        # Perform search
+        entries = self.search(base_dn, scope, filter, attributes)
+
+        result = Array.new
+        unless entries.nil?
+          for entry in entries
+            if entry['objectClass'].include? "person"
+              result << User.new(entry['distinguishedName'][0])
+            elsif entry['objectClass'].include? "group"
+              result << Group.new(entry['distinguishedName'][0])
+            end
+          end
+        end
+        result
+
+      else
+
+        # Load a single matching object by either a common name or a
+        # sAMAccountName
+        if args.first =~ /(CN|cn)=/
+          base_dn = args.first
+        else
+          filter = "(&(objectCategory=Person)(objectClass=User)(samAccountName=#{args.first})#{options[:filter]})"
+        end
+
+        logger.debug "Searching Active Directory" \
+                     " - Filter: #{filter}" \
+                     " - Search Base: #{base_dn} " \
+                     " - Scope: #{scope}"
+
+        begin
+          entry = self.search(base_dn, scope, filter, attributes)
+        rescue
+          if $!.message == "No such object"
+            raise UnknownUserError
+          else
+            raise
+          end
+        end
+
+        entry = entry[0]
+        if entry['objectClass'].include? "person"
+          User.new(entry['distinguishedName'][0])
+        elsif entry['objectClass'].include? "group"
+          Group.new(entry['distinguishedName'][0])
+        end
+
+      end
+
+    end
+
+  protected
+
+    #
+    # Implement our own interface to LDAP::Conn#search so that we can attempt
+    # graceful reconnections when the connection becomes stale or otherwise
+    # terminates.
+    #
+    def self.search(base_dn, scope, filter, attrs = nil) #:nodoc:
+      retries = 0
+      entries = nil
+      begin
+        connection.search(base_dn, scope, filter, attrs) { |entry|
+          entries = Array.new if entries.nil?
+          entries << entry.to_hash
+        }
+      rescue
+        logger.debug("ActiveDirectory: Attempting to re-establish connection to Active Directory server... (Exception: \"#{$!}\" – Retry ##{retries} – #{$!.class})}") unless logger.nil?
+        begin
+          reconnect
+        rescue
+          (retries += 1) < 3 ? retry : raise
+        end
+        retry
+      end
+      entries
+    end
+
+  private
+
+    #
+    # Attempts to bind to the Active Directory instance. If a bind attempt
+    # fails by simple authentication an attempt at anonymous binding will be
+    # made.
+    #
+    def self.bind(connection)
+      # Attempt to bind with a username and password
+      begin
+        connection.bind("#{@@server_settings[:username]}@#{@@server_settings[:domain]}", @@server_settings[:password])
+        logger.info("ActiveDirectory: Bound to Active Directory server as #{@@server_settings[:username]}.") unless logger.nil?
+      rescue
+        logger.debug("ActiveDirectory: Failed to bind to Active Directory server as \"#{@@server_settings[:username]}\"!") unless logger.nil?
+        # Attempt to bind anonymously
+        begin
+          connection.bind()
+          logger.info("ActiveDirectory: Bound anonymously to Active Directory server.") unless logger.nil?
+        rescue
+          logger.debug("ActiveDirectory: Failed to bind anonymously to Active Directory server!") unless logger.nil?
+          raise
+        end
+      end
+    end
+  
+    def self.extract_options_from_args!(args)
+      options = args.last.is_a?(Hash) ? args.pop : {}
+      validate_find_options(options)
+      options
+    end
+
+    def self.validate_find_options(options)
+      options.assert_valid_keys [ :base, :filter, :scope ]
+    end
+
+    def self.class_of_active_directory_descendent(klass)
+      if klass.superclass == Base
+        klass
+      elsif klass.superclass.nil?
+        raise ActiveDirectoryError, "#{name} doesn't belong in a class \
+          hierarchy descending from ActiveDirectory"
+      else
+        self.class_of_active_directory_descendent(klass.superclass)
+      end
+    end
+
+    def self.class_name_of_active_directory_descendent(klass)
+      self.class_of_active_directory_descendent(klass).name
+    end
+
+  end
+
+  class ActiveDirectoryError < StandardError #:nodoc:
+  end
+
+  class UnknownUserError < StandardError #:nodoc:
+  end
+
+  class UnknownGroupError < StandardError #:nodoc:
+  end
+
+  class PasswordInvalid < StandardError #:nodoc:
+  end
+
+end

data/lib/active_directory/ext/class.rb

@@ -0,0 +1,50 @@
+#
+# Extends the class object with class and instance accessors for class
+# attributes, just like the native attr* accessors for instance attributes.
+#
+# This was taken from ActiveSupport (see rubyonrails.org)
+#
+class Class # :nodoc:
+
+  def cattr_reader(*syms)
+    syms.flatten.each do |sym|
+      class_eval(<<-EOS, __FILE__, __LINE__)
+        unless defined? @@#{sym}
+          @@#{sym} = nil
+        end
+
+        def self.#{sym}
+          @@#{sym}
+        end
+
+        def #{sym}
+          @@#{sym}
+        end
+      EOS
+    end
+  end
+
+  def cattr_writer(*syms)
+    syms.flatten.each do |sym|
+      class_eval(<<-EOS, __FILE__, __LINE__)
+        unless defined? @@#{sym}
+          @@#{sym} = nil
+        end
+
+        def self.#{sym}=(obj)
+          @@#{sym} = obj
+        end
+
+        def #{sym}=(obj)
+          @@#{sym} = obj
+        end
+      EOS
+    end
+  end
+
+  def cattr_accessor(*syms)
+    cattr_reader(*syms)
+    cattr_writer(*syms)
+  end
+
+end

data/lib/active_directory/ext/hash.rb

@@ -0,0 +1,10 @@
+#
+# This was taken from ActiveSupport (see rubyonrails.org)
+#
+class Hash #:nodoc:
+  def assert_valid_keys(*valid_keys)
+    unknown_keys = keys - [valid_keys].flatten
+    raise(ArgumentError, "Unknown key(s): #{unknown_keys.join(", ")}") \
+      unless unknown_keys.empty?
+  end
+end

data/lib/active_directory/group.rb

@@ -0,0 +1,109 @@
+#--
+# Active Directory Module for Ruby
+#
+# Copyright (c) 2005-2006 Justin Mecham
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+# IN THE SOFTWARE.
+#++
+
+module ActiveDirectory
+
+  #
+  # Represents a Group object within an Active Directory instance.
+  #
+  class Group < Base
+
+    # Distinguished Name (DN)
+    attr_accessor :dn
+
+    # Description
+    attr_accessor :description
+
+    # Common Name (CN)
+    attr_accessor :name
+
+    # Users who are members of this Group
+    attr          :members
+
+    #
+    # Attributes that we wish to pull from Active Directory for any Group that
+    # can be located within the directory.
+    #
+    ATTRIBUTES = ["distinguishedName",    # DN of Group
+                  "name",                 # Group Name
+                  "member",               # DN References to Members
+                  "description"] #:nodoc: # Description
+
+    #
+    # Attempts to load a Group by a Distinguished Name (DN).
+    #
+    def initialize(identifier)
+
+      identifier = identifier.delete("\\")
+
+      load_by_dn(identifier)
+
+    end
+
+    #
+    # Proxy for loading and returning the members of this group.
+    #
+    def members #:nodoc:
+      members = Array.new
+      unless @members.nil?
+        for user_dn in @members
+          members << User.new(user_dn)
+        end
+      end
+      members
+    end
+
+    private
+
+    #
+    # Attempt to load a Group by its Distinguished Name (DN).
+    #
+    def load_by_dn(dn)
+
+      if dn.nil? or dn.length == 0
+        raise ArgumentError, "No distinguished name provided."
+      end
+
+      # De-escape the DN
+      dn = dn.gsub(/"/, "\\\"")
+
+      entries = Base.search(dn, LDAP::LDAP_SCOPE_BASE,
+                  "(&(objectClass=group))", ATTRIBUTES)
+
+      raise UnknownGroupError if (entries.nil? or entries.length != 1)
+
+      parse_ldap_entry(entries[0])
+
+    end
+
+    def parse_ldap_entry(entry)
+      @dn          = entry['distinguishedName'][0].delete("\\")
+      @name        = entry['name'][0].delete("\\")
+      @description = entry['description'][0] unless entry['description'].nil?
+      @members     = entry['member']
+    end
+    
+  end
+
+end

data/lib/active_directory/user.rb

@@ -0,0 +1,296 @@
+#--
+# Active Directory Module for Ruby
+#
+# Copyright (c) 2005-2006 Justin Mecham
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+# IN THE SOFTWARE.
+#++
+
+module ActiveDirectory
+
+  #
+  # Represents a User object within an Active Directory instance.
+  #
+  class User < Base
+
+    # Distinguished Name (DN)
+    attr_reader :dn
+
+    # Display Name (e.g. "John Q. Public")
+    attr_reader :name
+
+    # Given Name (e.g. "John")
+    attr_reader :given_name
+
+    # Surname (e.g. "Public")
+    attr_reader :surname
+
+    # Primary E-Mail Address
+    attr_reader :email
+
+    # Account/Username (e.g. "jpublic")
+    attr_reader :username
+
+    # Job Title
+    attr_reader :title
+
+    # Company Name
+    attr_reader :company
+
+    # Department Name
+    attr_reader :department
+
+    # Primary Phone Number
+    attr_reader :main_number
+
+    # Mobile Number
+    attr_reader :mobile_number
+
+    # Street Address
+    attr_reader :street_address
+
+    # City / Town
+    attr_reader :city
+
+    # State/Province
+    attr_reader :state
+
+    # Zip/Postal Code
+    attr_reader :zip
+
+    # Country
+    attr_reader :country
+
+    # Direct Reports
+    attr :direct_reports
+
+    # Manager
+    attr :manager
+
+    # Groups this User is a member of
+    attr :groups
+
+    #
+    # Attributes that we wish to pull from Active Directory for any User that
+    # can be located within the directory.
+    #
+    ATTRIBUTES = ["displayName",        # Name (e.g. "John Doe")
+                  "givenName",          # Given (First) Name
+                  "sn",                 # Surname (Last)
+                  "distinguishedName",  # DN of User
+                  "sAMAccountName",     # Account Name
+                  "mail",               # Primary E-Mail Address
+                  "manager",            # DN Reference to Manager
+                  "directReports",      # DN References to Minions
+                  "memberOf",           # Group Membership
+                  "company",            # Company Name
+                  "department",         # Department Name
+                  "title",              # Title
+                  "mobile",             # Mobile Phone Number
+                  "telephoneNumber",    # Primary Phone Number
+                  "streetAddress",      # Street Address
+                  "l",                  # City
+                  "st",                 # State
+                  "postalCode",         # Zip Code
+                  "co"] #:nodoc:        # Country
+
+    #
+    # Attempts to load a User by a Distinguished Name (DN) or sAMAccountName.
+    #
+    def initialize(identifier)
+
+      if (identifier =~ /(CN|cn)=/) != nil
+        load_by_dn(identifier)
+      else
+        load_by_username(identifier)
+      end
+
+    end
+
+    #
+    # Attempts to authenticate the loaded user with the supplied password.
+    # Returns true if the authentication attempt was successful.
+    #
+    def authenticate(password)
+
+      # Clean up the password before we run it through our series of tests.
+      password.strip!
+
+      # If no password was specified, raise an exception. This check must
+      # occur to avoid a huge security hole if anonymous bind is on - if this
+      # check is not performed, someone can authenticate without providing a
+      # password when anonymous bind is turned on.
+      raise PasswordInvalid unless (!password.nil? and password.length > 0)
+
+      # Clone our shared connection for isolated use in determining the
+      # validity of our user's credentials.
+      auth_connection = Base.connection.clone
+
+      # Unbind the connection if it is already bound.
+      auth_connection.unbind if auth_connection.bound?
+
+      begin
+
+        # Attempt to bind to the connection as the currently loaded user with
+        # the supplied password.
+        auth_connection.bind("#{@username}@#{@@server_settings[:domain]}",
+                             password)
+
+        return true
+
+      rescue LDAP::ResultError
+        if ($!.to_s == "Invalid credentials")
+          raise PasswordInvalid
+        else
+          raise
+        end
+      ensure
+        auth_connection.unbind
+        auth_connection = nil
+      end
+
+      return false
+
+    end
+
+    #
+    # Conveniently return the name of the User if the object is called
+    # directly.
+    #
+    def to_s #:nodoc:
+      @name
+    end
+
+    #
+    # Proxy for loading and returning this users' manager.
+    #
+    def manager #:nodoc:
+      @manager ||= User.new(@manager_dn) unless @manager_dn.nil?
+    end
+
+    #
+    # Proxy for loading and returning the group membership of this user.
+    #
+    def groups #:nodoc:
+      groups = Array.new
+      unless @groups.nil?
+        for group_dn in @groups
+          groups << Group.new(group_dn)
+        end
+      end
+      groups
+    end
+
+    #
+    # Proxy for loading and returning the users who report directly to this
+    # user.
+    #
+    def direct_reports #:nodoc:
+      direct_reports = Array.new
+      unless @direct_reports.nil?
+        for user_dn in @direct_reports
+          direct_reports << User.new(user_dn)
+        end
+      end
+      direct_reports
+    end
+
+    #
+    # Determines if the user is a member of the given group. Returns true if
+    # the user is in the passed group.
+    #
+    def member_of?(group)
+      @groups.include?(group.dn)
+    end
+    
+    private
+
+    #
+    # Attempt to load a user by their username (sAMAccountName).
+    #
+    def load_by_username(username)
+
+      if username.nil? or username.length == 0
+        raise ArgumentError, "No username provided."
+      end
+
+      @username = username
+
+      # Set our filter to include only information about the requested user of
+      # class user.
+      filter = "(&(objectClass=user)(sAMAccountName=#{@username}))"
+
+      entries = Base.search(@@server_settings[:base_dn],
+                  LDAP::LDAP_SCOPE_SUBTREE, filter, ATTRIBUTES)
+
+      raise UnknownUserError if (entries.nil? or entries.length != 1)
+
+      parse_ldap_entry(entries[0])
+
+    end
+
+    #
+    # Attempt to load a User by its Distinguished Name (DN).
+    #
+    def load_by_dn(dn)
+
+      if dn.nil? or dn.length == 0
+        raise ArgumentError, "No distinguished name provided."
+      end
+
+      # De-escape the DN
+      dn = dn.gsub(/"/, "\\\"")
+
+      # Set our filter to include only information about the requested user of
+      # class user.
+      filter = "(&(objectClass=user))"
+
+      entries = Base.search(dn, LDAP::LDAP_SCOPE_BASE, filter)
+
+      raise UnknownUserError if (entries.nil? or entries.length != 1)
+
+      parse_ldap_entry(entries[0])
+
+    end
+
+    def parse_ldap_entry(entry)
+      @dn             = entry['distinguishedName'][0]
+      @username       = entry['sAMAccountName'][0]
+      @name           = entry['displayName'][0] unless entry['displayName'].nil?
+      @given_name     = entry['givenName'][0] unless entry['givenName'].nil?
+      @surname        = entry['sn'][0] unless entry['sn'].nil?
+      @email          = entry['mail'][0] unless entry['mail'].nil?
+      @manager_dn     = entry['manager'][0] unless entry['manager'].nil?
+      @company        = entry['company'][0] unless entry['company'].nil?
+      @department     = entry['department'][0] unless entry['department'].nil?
+      @title          = entry['title'][0] unless entry['title'].nil?
+      @main_number    = entry['telephoneNumber'][0] unless entry['telephoneNumber'].nil?
+      @mobile_number  = entry['mobile'][0] unless entry['mobile'].nil?
+      @street_address = entry['streetAddress'][0] unless entry['streetAddress'].nil?
+      @city           = entry['l'][0] unless entry['l'].nil?
+      @state          = entry['st'][0] unless entry['st'].nil?
+      @zip            = entry['postalCode'][0] unless entry['postalCode'].nil?
+      @country        = entry['co'][0] unless entry['co'].nil?
+      @direct_reports = entry['directReports']
+      @groups         = entry['memberOf']
+    end
+
+  end
+
+end

data/lib/active_directory/version.rb

@@ -0,0 +1,37 @@
+#--
+# Active Directory Module for Ruby
+#
+# Copyright (c) 2005-2006 Justin Mecham
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+# IN THE SOFTWARE.
+#++
+
+module ActiveDirectory
+
+  module VERSION #:nodoc:
+
+    MAJOR = 0
+    MINOR = 9
+    TINY  = 3
+
+    STRING = [MAJOR, MINOR, TINY].join('.')
+
+  end
+
+end

metadata

@@ -0,0 +1,57 @@
+--- !ruby/object:Gem::Specification 
+rubygems_version: 0.8.11
+specification_version: 1
+name: activedirectory
+version: !ruby/object:Gem::Version 
+  version: 0.9.3
+date: 2006-05-11 00:00:00 -06:00
+summary: Module for easy interaction with Active Directory servers.
+require_paths: 
+- lib
+email: justin@aspect.net
+homepage: 
+rubyforge_project: 
+description: Makes it trivial to integrate with Active Directory servers for information and authentication concerning users and groups.
+autorequire: active_directory
+default_executable: 
+bindir: bin
+has_rdoc: true
+required_ruby_version: !ruby/object:Gem::Version::Requirement 
+  requirements: 
+  - - ">"
+    - !ruby/object:Gem::Version 
+      version: 0.0.0
+  version: 
+platform: ruby
+signing_key: 
+cert_chain: 
+authors: 
+- Justin Mecham
+files: 
+- Rakefile
+- install.rb
+- README
+- LICENSE
+- lib/active_directory
+- lib/active_directory.rb
+- lib/active_directory/base.rb
+- lib/active_directory/ext
+- lib/active_directory/group.rb
+- lib/active_directory/user.rb
+- lib/active_directory/version.rb
+- lib/active_directory/ext/class.rb
+- lib/active_directory/ext/hash.rb
+test_files: []
+
+rdoc_options: []
+
+extra_rdoc_files: []
+
+executables: []
+
+extensions: []
+
+requirements: 
+- none
+dependencies: []
+