activedirectory 1.0.0 → 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/active_directory/rails/user.rb +109 -105
- data/lib/active_directory/user.rb +2 -2
- metadata +57 -49
@@ -21,117 +21,121 @@
|
|
21
21
|
#
|
22
22
|
#++ license
|
23
23
|
|
24
|
-
module ActiveDirectory
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
# Is this Person active? Active people have valid
|
32
|
-
# usernames. Inactive people have empty usernames.
|
33
|
-
#
|
34
|
-
def active?
|
35
|
-
username != ""
|
36
|
-
end
|
24
|
+
module ActiveDirectory
|
25
|
+
module Rails
|
26
|
+
module User
|
27
|
+
def self.included(klass)
|
28
|
+
klass.extend(ClassMethods)
|
29
|
+
klass.send(:include, InstanceMethods)
|
30
|
+
end
|
37
31
|
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
32
|
+
module InstanceMethods
|
33
|
+
# Is this Person active? Active people have valid
|
34
|
+
# usernames. Inactive people have empty usernames.
|
35
|
+
#
|
36
|
+
def active?
|
37
|
+
username != ""
|
38
|
+
end
|
44
39
|
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
#
|
52
|
-
# There are two special cases for authentication, related to the
|
53
|
-
# environment the app is currently running in:
|
54
|
-
#
|
55
|
-
# *Development*
|
56
|
-
#
|
57
|
-
# In development, the blank password ('') will always cause this method
|
58
|
-
# to return true, thereby allowing developers to test functionality
|
59
|
-
# for a variety of roles.
|
60
|
-
#
|
61
|
-
# *Training*
|
62
|
-
#
|
63
|
-
# In training, a special training password ('trainme') will always
|
64
|
-
# cause this method to return true, thereby allowing trainers to
|
65
|
-
# use other people accounts to illustrate certain restricted processes.
|
66
|
-
#
|
67
|
-
def authenticates?(password)
|
68
|
-
# Never allow inactive users.
|
69
|
-
return false unless active?
|
70
|
-
|
71
|
-
# Allow blank password for any account in development.
|
72
|
-
return true if password == "" and ENV['RAILS_ENV'] == 'development'
|
73
|
-
return true if password == "trainme" and ENV['RAILS_ENV'] == 'training'
|
40
|
+
# Whether or not this Person has a corresponding Active Directory
|
41
|
+
# account that we can synchronize with, through the PeopleSynchronizer.
|
42
|
+
#
|
43
|
+
def in_active_directory?
|
44
|
+
!guid.blank?
|
45
|
+
end
|
74
46
|
|
75
|
-
|
76
|
-
|
47
|
+
# Whether or not this Person can be authenticated with the
|
48
|
+
# given password, against Active Directory.
|
49
|
+
#
|
50
|
+
# For Active Directory authentication, we attempt to bind to the
|
51
|
+
# configured AD server as the user, and supply the password for
|
52
|
+
# authentication.
|
53
|
+
#
|
54
|
+
# There are two special cases for authentication, related to the
|
55
|
+
# environment the app is currently running in:
|
56
|
+
#
|
57
|
+
# *Development*
|
58
|
+
#
|
59
|
+
# In development, the blank password ('') will always cause this method
|
60
|
+
# to return true, thereby allowing developers to test functionality
|
61
|
+
# for a variety of roles.
|
62
|
+
#
|
63
|
+
# *Training*
|
64
|
+
#
|
65
|
+
# In training, a special training password ('trainme') will always
|
66
|
+
# cause this method to return true, thereby allowing trainers to
|
67
|
+
# use other people accounts to illustrate certain restricted processes.
|
68
|
+
#
|
69
|
+
def authenticates?(password)
|
70
|
+
# Never allow inactive users.
|
71
|
+
return false unless active?
|
77
72
|
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
ad_user = ActiveDirectory::User.find_by_sAMAccountName(self.username)
|
82
|
-
ad_user and ad_user.authenticate(password)
|
83
|
-
end
|
73
|
+
# Allow blank password for any account in development.
|
74
|
+
return true if password == "" and ENV['RAILS_ENV'] == 'development'
|
75
|
+
return true if password == "trainme" and ENV['RAILS_ENV'] == 'training'
|
84
76
|
|
85
|
-
|
86
|
-
|
87
|
-
update_attributes(
|
88
|
-
:first_name => ad_user.givenName,
|
89
|
-
:middle_name => ad_user.initials,
|
90
|
-
:last_name => ad_user.sn,
|
91
|
-
:username => ad_user.sAMAccountName,
|
92
|
-
:email => ad_user.mail,
|
93
|
-
:guid => ad_user.objectGUID
|
94
|
-
)
|
95
|
-
end
|
96
|
-
end
|
77
|
+
# Don't go against AD unless we really mean it.
|
78
|
+
return false unless ENV['RAILS_ENV'] == 'production'
|
97
79
|
|
98
|
-
|
99
|
-
|
100
|
-
# This method properly handles both local store users and AD
|
101
|
-
# users.
|
102
|
-
#
|
103
|
-
# If the username is valid, and the password matches the username,
|
104
|
-
# the Person object corresponding to the username is return.
|
105
|
-
#
|
106
|
-
# Otherwise, nil is returned, to indicate an authentication failure.
|
107
|
-
#
|
108
|
-
def authenticate(username, password)
|
109
|
-
person = find_by_username(username)
|
110
|
-
return person if (person and person.authenticates?(password))
|
111
|
-
nil
|
112
|
-
end
|
80
|
+
# If they are not in AD, fail.
|
81
|
+
return false unless in_active_directory?
|
113
82
|
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
# to the caller.
|
118
|
-
#
|
119
|
-
def in_active_directory
|
120
|
-
find(:all, :conditions => 'guid IS NOT NULL AND guid != ""')
|
121
|
-
end
|
83
|
+
ad_user = ActiveDirectory::User.find_by_sAMAccountName(self.username)
|
84
|
+
ad_user and ad_user.authenticate(password)
|
85
|
+
end
|
122
86
|
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
87
|
+
def active_directory_equivalent=(ad_user)
|
88
|
+
return unless ad_user
|
89
|
+
update_attributes(
|
90
|
+
:first_name => ad_user.givenName,
|
91
|
+
:middle_name => ad_user.initials,
|
92
|
+
:last_name => ad_user.sn,
|
93
|
+
:username => ad_user.sAMAccountName,
|
94
|
+
:email => ad_user.mail,
|
95
|
+
:guid => ad_user.objectGUID
|
96
|
+
)
|
97
|
+
end
|
98
|
+
end
|
129
99
|
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
100
|
+
module ClassMethods
|
101
|
+
# Attempt to authenticate someone with a username and password.
|
102
|
+
# This method properly handles both local store users and AD
|
103
|
+
# users.
|
104
|
+
#
|
105
|
+
# If the username is valid, and the password matches the username,
|
106
|
+
# the Person object corresponding to the username is return.
|
107
|
+
#
|
108
|
+
# Otherwise, nil is returned, to indicate an authentication failure.
|
109
|
+
#
|
110
|
+
def authenticate(username, password)
|
111
|
+
person = find_by_username(username)
|
112
|
+
return person if (person and person.authenticates?(password))
|
113
|
+
nil
|
114
|
+
end
|
115
|
+
|
116
|
+
# Retrieves all of the Person objects that have corresponding
|
117
|
+
# Active Directory accounts. This method does not contact
|
118
|
+
# the AD servers to retrieve the AD objects -- that is left up
|
119
|
+
# to the caller.
|
120
|
+
#
|
121
|
+
def in_active_directory
|
122
|
+
find(:all, :conditions => 'guid IS NOT NULL AND guid != ""')
|
123
|
+
end
|
124
|
+
|
125
|
+
# Retrieves all Person objects that are currently active,
|
126
|
+
# meaning they have not been disabled by PeopleSynchronizer.
|
127
|
+
#
|
128
|
+
def active
|
129
|
+
find(:all, :conditions => 'username != ""')
|
130
|
+
end
|
131
|
+
|
132
|
+
# Retrieves all Person objects that are currently inactive,
|
133
|
+
# meaning they have been disabled by PeopleSynchronizer.
|
134
|
+
#
|
135
|
+
def inactive
|
136
|
+
find(:all, :conditions => 'username = ""')
|
137
|
+
end
|
138
|
+
end
|
139
|
+
end # module User
|
140
|
+
end # module Rails
|
141
|
+
end #module ActiveDirectory
|
@@ -128,10 +128,10 @@ module ActiveDirectory
|
|
128
128
|
# time they successfully log into the domain.
|
129
129
|
#
|
130
130
|
def change_password(new_password, force_change = false)
|
131
|
-
settings = @@settings.dup.merge
|
131
|
+
settings = @@settings.dup.merge({
|
132
132
|
:port => 636,
|
133
133
|
:encryption => { :method => :simple_tls }
|
134
|
-
}
|
134
|
+
})
|
135
135
|
|
136
136
|
ldap = Net::LDAP.new(settings)
|
137
137
|
ldap.modify(
|
metadata
CHANGED
@@ -1,64 +1,72 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
|
-
rubygems_version: 0.9.4
|
3
|
-
specification_version: 1
|
4
2
|
name: activedirectory
|
5
3
|
version: !ruby/object:Gem::Version
|
6
|
-
version: 1.0.
|
7
|
-
date: 2008-08-02 00:00:00 -05:00
|
8
|
-
summary: An interface library for accessing Microsoft's Active Directory.
|
9
|
-
require_paths:
|
10
|
-
- lib
|
11
|
-
email: filefrog@gmail.com
|
12
|
-
homepage: http://rubyforge.net/projects/activedirectory
|
13
|
-
rubyforge_project: activedirectory
|
14
|
-
description: ActiveDirectory uses Net::LDAP to provide a means of accessing and modifying an Active Directory data store.
|
15
|
-
autorequire:
|
16
|
-
default_executable:
|
17
|
-
bindir: bin
|
18
|
-
has_rdoc: true
|
19
|
-
required_ruby_version: !ruby/object:Gem::Version::Requirement
|
20
|
-
requirements:
|
21
|
-
- - ">"
|
22
|
-
- !ruby/object:Gem::Version
|
23
|
-
version: 0.0.0
|
24
|
-
version:
|
4
|
+
version: 1.0.1
|
25
5
|
platform: ruby
|
26
|
-
signing_key:
|
27
|
-
cert_chain:
|
28
|
-
post_install_message:
|
29
6
|
authors:
|
30
|
-
- James R
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
- lib/active_directory/user.rb
|
35
|
-
- lib/active_directory/computer.rb
|
36
|
-
- lib/active_directory/password.rb
|
37
|
-
- lib/active_directory/member.rb
|
38
|
-
- lib/active_directory/base.rb
|
39
|
-
- lib/active_directory/rails/user.rb
|
40
|
-
- lib/active_directory/rails/synchronizer.rb
|
41
|
-
- lib/active_directory/group.rb
|
42
|
-
- lib/active_directory.rb
|
43
|
-
test_files: []
|
44
|
-
|
45
|
-
rdoc_options: []
|
46
|
-
|
47
|
-
extra_rdoc_files: []
|
48
|
-
|
49
|
-
executables: []
|
50
|
-
|
51
|
-
extensions: []
|
52
|
-
|
53
|
-
requirements: []
|
7
|
+
- James R Hunt
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
54
11
|
|
12
|
+
date: 2008-12-01 00:00:00 -06:00
|
13
|
+
default_executable:
|
55
14
|
dependencies:
|
56
15
|
- !ruby/object:Gem::Dependency
|
57
16
|
name: ruby-net-ldap
|
17
|
+
type: :runtime
|
58
18
|
version_requirement:
|
59
|
-
version_requirements: !ruby/object:Gem::
|
19
|
+
version_requirements: !ruby/object:Gem::Requirement
|
60
20
|
requirements:
|
61
21
|
- - ">="
|
62
22
|
- !ruby/object:Gem::Version
|
63
23
|
version: 0.0.4
|
64
24
|
version:
|
25
|
+
description: ActiveDirectory uses Net::LDAP to provide a means of accessing and modifying an Active Directory data store.
|
26
|
+
email: james@niftylogic.net
|
27
|
+
executables: []
|
28
|
+
|
29
|
+
extensions: []
|
30
|
+
|
31
|
+
extra_rdoc_files: []
|
32
|
+
|
33
|
+
files:
|
34
|
+
- lib/active_directory.rb
|
35
|
+
- lib/active_directory/password.rb
|
36
|
+
- lib/active_directory/container.rb
|
37
|
+
- lib/active_directory/computer.rb
|
38
|
+
- lib/active_directory/user.rb
|
39
|
+
- lib/active_directory/base.rb
|
40
|
+
- lib/active_directory/group.rb
|
41
|
+
- lib/active_directory/timestamp.rb
|
42
|
+
- lib/active_directory/member.rb
|
43
|
+
- lib/active_directory/rails/user.rb
|
44
|
+
- lib/active_directory/rails/synchronizer.rb
|
45
|
+
has_rdoc: true
|
46
|
+
homepage: http://gems.niftylogic.net/activedirectory
|
47
|
+
post_install_message:
|
48
|
+
rdoc_options: []
|
49
|
+
|
50
|
+
require_paths:
|
51
|
+
- lib
|
52
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
53
|
+
requirements:
|
54
|
+
- - ">="
|
55
|
+
- !ruby/object:Gem::Version
|
56
|
+
version: "0"
|
57
|
+
version:
|
58
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
59
|
+
requirements:
|
60
|
+
- - ">="
|
61
|
+
- !ruby/object:Gem::Version
|
62
|
+
version: "0"
|
63
|
+
version:
|
64
|
+
requirements: []
|
65
|
+
|
66
|
+
rubyforge_project: activedirectory
|
67
|
+
rubygems_version: 1.2.0
|
68
|
+
signing_key:
|
69
|
+
specification_version: 2
|
70
|
+
summary: An interface library for accessing Microsoft's Active Directory.
|
71
|
+
test_files: []
|
72
|
+
|