adap 0.0.10 → 0.0.12

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3a74e61b5e3e18366156d599bc06934cac304203d0160874850be5dd0726a533
-  data.tar.gz: 44ae5471294aa70674cca0bcb8123f1ade2bc458b6e1f550cf4af1eaa4a56ee1
+  metadata.gz: ee6e3514fa3c73373536ae3998baa47a70c1a2e528274d7a0b78f49a6a24188d
+  data.tar.gz: 226aed513502e093d6b53bbe3e959ce56b123ac5292643e0497a45d50556694d
 SHA512:
-  metadata.gz: b68ffd625a78bc5cd5f1180ff411c963e6dfd2cde48f4a32df30f837d601d5471a9e8779f6dc307e838e4cef9a55bf6bc4e0b295def2fe27dbb6f67aa2d4ec4f
-  data.tar.gz: ae1eda60ee121c4b9c44fba035385955bd447e26f66420a47233058b15626cf63a418d2018d738dc929fa878f48eff211c110c291f995a6e6fad0a97e12b1dc6
+  metadata.gz: 55950748cc4a1c3fb4fd2c6cea48a432760808b26e42773937beb6786771842c433f2e9f62b5923bc529acc35a98eb1d17c8df5a5ab7ef92a330f9045114f404
+  data.tar.gz: d3254d935e294f91dd803ba4128cdec7e29d0e9fe34cee6dfaaf9895ec819a7b2299d7def2ac23e102bf4fa4850aedefd636e9e63a87fba9d4c9b0c008133b1e

data/lib/adap/adap.rb

@@ -210,7 +210,7 @@ class Adap
 
     ad_entry.each do |key, value|
       ad_key_sym    = key.downcase.to_sym
-      ldap_key      = (key != "unixHomeDirectory" ? key : "homeDirectory")
+      ldap_key      = (key != :unixhomedirectory ? key : :homedirectory)
       ldap_key_sym  = ldap_key.downcase.to_sym
 
       if USER_REQUIRED_ATTRIBUTES.include?(ad_key_sym)
@@ -221,7 +221,7 @@ class Adap
 
     ldap_entry.each do |key, value|
       ldap_key_sym  = key.downcase.to_sym
-      ad_key        = (key != "homeDirectory" ? key : "unixHomeDirectory")
+      ad_key        = (key != :homedirectory ? key : :unixhomedirectory)
 
       if USER_REQUIRED_ATTRIBUTES.include?(ldap_key_sym)
         operations.push([:delete, ldap_key_sym, nil]) if ad_entry[ad_key] == nil
@@ -248,23 +248,28 @@ class Adap
     return {:code => ret_code, :operations => [:delete_user], :message => nil}
   end
 
-  def sync_group_of_user(uid, primary_gid)
+  def sync_group_of_user(uid, primary_gid_number)
     ad_group_map = {}
     ldap_group_map = {}
 
     # Creating AD ldapsearch filter
 
-    ad_filter = if primary_gid == nil then
+    ad_filter = if primary_gid_number == nil then
       Net::LDAP::Filter.construct(
           "(&(objectCategory=CN=Group,CN=Schema,CN=Configuration,#{@ad_basedn})(member=CN=#{uid},CN=Users,#{@ad_basedn}))")
     else
       Net::LDAP::Filter.construct(
-          "(&(objectCategory=CN=Group,CN=Schema,CN=Configuration,#{@ad_basedn})(|(member=CN=#{uid},CN=Users,#{@ad_basedn})(gidNumber=#{primary_gid})))")
+          "(&(objectCategory=CN=Group,CN=Schema,CN=Configuration,#{@ad_basedn})(|(member=CN=#{uid},CN=Users,#{@ad_basedn})(gidNumber=#{primary_gid_number})))")
     end
 
     # Get groups from AD
+    # entry = {
+    #   :gidnumber => xxx,
+    # }
+    #
     @ad_client.search(:base => @ad_basedn, :filter => ad_filter) do |entry|
-      ad_group_map[entry[:name]] = nil
+      ad_group_map[entry[:name].first] = {:gidnumber => entry[:gidnumber]}
+      #ad_group_map[entry[:name]] = nil
     end
     ret_code = @ad_client.get_operation_result.code
 
@@ -272,14 +277,15 @@ class Adap
       :code => ret_code,
       :operations => [:search_groups_from_ad],
       :message => "Failed to get groups of a user #{uid} from AD to sync them. " + @ad_client.get_operation_result.error_message
-    } if ret_code != 0
+    } if ret_code != 0 && ret_code != 32
 
     # Create LDAP ldapsearch filter
     ldap_filter = Net::LDAP::Filter.construct("(memberUid=#{uid})")
 
     # Get groups from LDAP
-    @ldap_client.search(:base => "ou=Users," + @ldap_basedn, :filter => ldap_filter) do |entry|
-      ldap_group_map[entry[:cn]] = nil
+    @ldap_client.search(:base => "ou=Groups," + @ldap_basedn, :filter => ldap_filter) do |entry|
+      # gidnumber is not necessary for LDAP entry
+      ldap_group_map[entry[:cn].first] = nil
     end
     ret_code = @ldap_client.get_operation_result.code
 
@@ -290,67 +296,165 @@ class Adap
     } if ret_code != 0
 
     # Comparing name of AD's entry and cn of LDAP's entry
-    operation_with_dn = create_sync_group_of_user_operation(ad_group_map, ldap_group_map, uid)
+    operation_pool = create_sync_group_of_user_operation(ad_group_map, ldap_group_map, uid)
+    ret = do_sync_group_of_user_operation(operation_pool)
 
     return {
-      :code => 0,
+      :code => ret[:code],
       :operations => [:modify_group_of_user],
-      :message => "There are not any groups of user to sync"
-    } if operation_with_dn.length == 0
+      :message => (ret[:code] == 0 ? nil: ret[:message])
+    }
+  end
+
+  # {
+  #   "cn=foo,ou=Groups,dc=mysite,dc=example,dc=com": {
+  #     :cn => "foo",
+  #     :gidnumber => xxx,
+  #     :operations => [[:add, :memberuid, uid]]
+  #   }
+  #   "cn=bar,ou=Groups,dc=mysite,dc=example,dc=com": {
+  #     :cn => "bar",
+  #     :gidnumber => yyy,
+  #     :operations => [[:delete, :memberuid, uid]]
+  #   }
+  # }
+  def create_sync_group_of_user_operation(ad_group_map, ldap_group_map, uid)
+    operation_pool = {}
+
+    ad_group_map.each_key do |key|
+      dn = "cn=#{key},ou=Groups,#{@ldap_basedn}"
+      # Convert AD entries to LDAP entries to create operation to update LDAP data.
+      operation_pool[dn] = {
+        :cn => key,
+        :gidnumber => ad_group_map[key][:gidnumber],
+        :operations => [[:add, :memberuid, uid]]
+      } if !ldap_group_map.has_key?(key)
+    end
+
+    ldap_group_map.each_key do |key|
+      operation_pool["cn=#{key},ou=Groups,#{@ldap_basedn}"] = {
+        # :cn and :gidnumber are not necessary
+        :operations => [[:delete, :memberuid, uid]]
+      } if !ad_group_map.has_key?(key)
+    end
+
+    operation_pool
+  end
 
-    # ldap_user_dn  = get_ldap_dn(uid)
+  def do_sync_group_of_user_operation(operation_pool)
+    return {
+      :code => 0,
+      :operations => nil,
+      :message => "There are not any groups of user to sync"
+    } if operation_pool.length == 0
+
+    # ex)
+    #   entry_key = "cn=bar,ou=Groups,dc=mysite,dc=example,dc=com"
+    operation_pool.each_key do |entry_key|
+
+      # ex)
+      #   entry = {
+      #     :cn => "bar",
+      #     :gidnumber => 1000,
+      #     :operations => [[:add, :memberuid, uid]]  # or [[:delete, :memberuid, uid]]
+      #   }
+      entry = operation_pool[entry_key]
+
+      if entry[:operations].first.first == :add then
+        ret = add_group_if_not_existed(entry_key, entry)
+        return ret if ret[:code] != 0
+      end
+      # The operation will be like...
+      # [[:add, :memberuid, "username"]] or [[:delete, :memberuid, "username"]]
 
-    operation_with_dn.each_key do |key|
       @ldap_client.modify({
-        :dn => key,
-        :operations => operation_with_dn[key]
+        :dn => entry_key,
+        :operations => entry[:operations]
       })
       ret_code = @ldap_client.get_operation_result.code
 
       return {
         :code => ret_code,
         :operations => [:modify_group_of_user],
-        :message => "Failed to modify group \"#{key}\" of user #{uid}. " + @ldap_client.get_operation_result.error_message
+        :message => "Failed to modify group \"#{entry_key}\" of user #{entry[:cn]}. " + @ldap_client.get_operation_result.error_message
       } if ret_code != 0
+
+      if entry[:operations].first.first == :delete then
+        ret = delete_group_if_existed_as_empty(entry_key)
+        return ret if ret[:code] != 0
+      end
     end
 
     return {:code => 0, :operations => [:modify_group_of_user], :message => nil}
   end
 
-  # {
-  #   "cn=foo,ou=Groups,dc=mysite,dc=example,dc=com": [
-  #     [:add, :memberuid, uid]
-  #   ],
-  #   "cn=bar,ou=Groups,dc=mysite,dc=example,dc=com": [
-  #     [:delete, :memberuid, uid]
-  #   ],
-  #   "cn=baz,ou=Groups,dc=mysite,dc=example,dc=com": [
-  #     [:add, :memberuid, uid]
-  #   ]
-  # }
-  def create_sync_group_of_user_operation(ad_group_map, ldap_group_map, uid)
-    operations_with_dn = {}
+  def add_group_if_not_existed(group_dn, entry)
+    @ldap_client.search(:base => group_dn)
+    ret_code = @ldap_client.get_operation_result.code
 
-    ad_group_map.each_key do |key|
-      operations_with_dn["cn=#{key},ou=Groups,#{@ldap_basedn}"] = [[:add, :memberuid, uid]] if !ldap_group_map.has_key?(key)
-    end
+    # The group already existed
+    return {:code => 0, :operations => nil, :message => nil} if ret_code == 0
 
-    ldap_group_map.each_key do |key|
-      operations_with_dn["cn=#{key},ou=Groups,#{@ldap_basedn}"] = [[:delete, :memberuid, uid]] if !ad_group_map.has_key?(key)
+    # Failed to query ldapsearch for some reason
+    return {
+      :code => ret_code,
+      :operations => nil,
+      :message => "Failed to search LDAP in add_group_if_not_existed(). " + @ldap_client.get_operation_result.error_message
+    } if ret_code != 32
+
+    attributes = {:objectclass => ["top", "posixGroup"]}
+    attributes[:gidnumber] = entry[:gidnumber] if entry[:gidnumber] != nil
+    attributes[:cn] = entry[:cn] if entry[:cn] != nil
+
+    @ldap_client.add(
+      :dn => group_dn,
+      :attributes => attributes
+    )
+    ret_code = @ldap_client.get_operation_result.code
+
+    return {
+      :code => ret_code,
+      :operations => [:add_group],
+      :message => (ret_code == 0 ? nil : "Failed to add a group in add_group_if_not_existed(). " + @ldap_client.get_operation_result.error_message)
+    }
+  end
+
+  def delete_group_if_existed_as_empty(group_dn)
+    is_no_memberuid = false
+    # Check whether the group has memberuid
+    @ldap_client.search(:base => group_dn, :filter => "(!(memberUid=*))") do |e|
+      is_no_memberuid = true
     end
 
-    operations_with_dn
+    ret_code = @ldap_client.get_operation_result.code
+    return {:code => 0, :operations => nil, :message => nil} \
+      if (ret_code == 0 && is_no_memberuid == false) || ret_code == 32
+
+    return {
+      :code => ret_code,
+      :operations => nil,
+      :message => "Failed to search group in delete_group_if_existed_as_empty(). " + @ldap_client.get_operation_result.error_message
+    } if ret_code != 0
+
+    @ldap_client.delete(:dn => group_dn)
+    ret_code = @ldap_client.get_operation_result.code
+
+    return {
+      :code => ret_code,
+      :operations => [:delete_group],
+      :message => (ret_code == 0 ? nil: "Failed to delete a group in delete_group_if_existed_as_empty(). " + @ldap_client.get_operation_result.error_message)
+    }
   end
 
   def get_primary_gidnumber(entry)
     return nil if entry == nil
 
-    if entry[:gidnumber] == nil then
+    if entry[:primarygroupid] == nil then
       ad_result = get_primary_gidnumber_from_ad(entry[:uid].first)
       return ad_result
     end
 
-    return entry[:gidnumber].first
+    return entry[:primarygroupid].first
   end
 
   def get_primary_gidnumber_from_ad(uid)

data/lib/adap/version.rb

@@ -1,3 +1,3 @@
 module ModAdap
-  VERSION = "0.0.10"
+  VERSION = "0.0.12"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: adap
 version: !ruby/object:Gem::Version
-  version: 0.0.10
+  version: 0.0.12
 platform: ruby
 authors:
 - Tsutomu Nakamura
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-01-19 00:00:00.000000000 Z
+date: 2020-01-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler