adap 0.0.12 → 0.0.18

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ee6e3514fa3c73373536ae3998baa47a70c1a2e528274d7a0b78f49a6a24188d
-  data.tar.gz: 226aed513502e093d6b53bbe3e959ce56b123ac5292643e0497a45d50556694d
+  metadata.gz: d9f176d946ff86a514767eba12e6baef522d1dc766b5cc13406ebd4d40a22cf2
+  data.tar.gz: 3db77ce4d09775c4da8476c172d1f46bd44817f49b44aaa959c03db5e5a77690
 SHA512:
-  metadata.gz: 55950748cc4a1c3fb4fd2c6cea48a432760808b26e42773937beb6786771842c433f2e9f62b5923bc529acc35a98eb1d17c8df5a5ab7ef92a330f9045114f404
-  data.tar.gz: d3254d935e294f91dd803ba4128cdec7e29d0e9fe34cee6dfaaf9895ec819a7b2299d7def2ac23e102bf4fa4850aedefd636e9e63a87fba9d4c9b0c008133b1e
+  metadata.gz: eef819904f9e7e55f53efe78a4a9d2d24030ae8595d983ae44fb66e95c0c82ffe343c3c6352300808edcf5dd4c30dd4f90df757f17de354a06125d4121fb668a
+  data.tar.gz: ebbe7ef783ea128e1fe5fb0ad10771c575888d8c17cfa3d72f6f5e68429b1b433dcbdd9bd503067737c73de160296cca776bb389777648d7d559faa4ee7aa4d9

data/Gemfile

@@ -8,3 +8,5 @@ gem "unix-crypt", "~> 1.3"
 gem "net-ldap", "~> 0.16.2"
 
 gem "mocha", "~> 1.10"
+
+gem "rake", "~> 13.0"

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    adap (0.0.7)
+    adap (0.0.16)
 
 GEM
   remote: https://rubygems.org/
@@ -9,7 +9,7 @@ GEM
     minitest (5.14.0)
     mocha (1.11.2)
     net-ldap (0.16.2)
-    rake (10.5.0)
+    rake (13.0.1)
     unix-crypt (1.3.0)
 
 PLATFORMS
@@ -21,7 +21,7 @@ DEPENDENCIES
   minitest (~> 5.0)
   mocha (~> 1.10)
   net-ldap (~> 0.16.2)
-  rake (~> 10.0)
+  rake (~> 13.0)
   unix-crypt (~> 1.3)
 
 BUNDLED WITH

data/lib/adap/adap.rb

@@ -2,12 +2,6 @@ require 'net-ldap'
 
 class Adap
 
-  # :unixhomedirectory and :homedirectory are the attributes that has same meaning between AD and LDAP.
-  USER_REQUIRED_ATTRIBUTES = [:cn, :sn, :uid, :uidnumber, :gidnumber, :displayname, :loginshell, :gecos, :givenname, :unixhomedirectory, :homedirectory]
-  #USER_REQUIRED_ATTRIBUTES = ['cn', 'sn', 'uid', 'uidNumber', 'gidNumber', 'homeDirectory', 'loginShell', 'gecos', 'givenName']
-  GROUP_OF_USER_REQUIRED_ATTRIBUTES = [:objectclass, :gidnumber, :cn, :description, :memberuid]
-
-  #
   # params {
   #   :ad_host     required                                     IP or hostname of AD.
   #   :ad_port     optional (default:389)                       Port of AD host.
@@ -24,11 +18,16 @@ class Adap
   #
   def initialize(params)
     raise "Initialize Adap was failed. params must not be nil" if params == nil
-    #raise 'Adap requires keys of parameter "ad_host" "ad_binddn" "ad_basedn"' \
+
     [:ad_host, :ad_binddn, :ad_basedn, :ldap_host, :ldap_binddn, :ldap_basedn].each { |k|
       raise 'Adap requires keys in params ":ad_host", ":ad_binddn", ":ad_basedn", ":ldap_host", ":ldap_binddn", ":ldap_basedn"' if !params.key?(k)
     }
 
+    # List of attributes for user in AD
+    @ad_user_required_attributes   = [:cn, :sn, :uid, :uidnumber, :gidnumber, :displayname, :loginshell, :gecos, :givenname, :description, :unixhomedirectory]
+    # List of attributes for user in LDAP
+    @ldap_user_required_attributes = [:cn, :sn, :uid, :uidnumber, :gidnumber, :displayname, :loginshell, :gecos, :givenname, :description, :homedirectory]
+
     @ad_host                  = params[:ad_host]
     @ad_port                  = (params[:ad_port] ? params[:ad_port] : 389)
     @ad_binddn                = params[:ad_binddn]
@@ -37,15 +36,41 @@ class Adap
     @ldap_host                = params[:ldap_host]
     @ldap_port                = (params[:ldap_port] ? params[:ldap_port] : 389)
     @ldap_binddn              = params[:ldap_binddn]
+    @ldap_suffix_ou           = (params[:ldap_suffix_ou] ? params[:ldap_suffix_ou] : "ou=Users")
     @ldap_basedn              = params[:ldap_basedn]
     @ldap_user_basedn         = params[:ldap_user_basedn]
     @ldap_auth                = (params.has_key?(:ldap_password) ? { :method => :simple, :username => @ldap_binddn, :password => params[:ldap_password] } : nil )
+    # This attribute converted in generally ... :'msds-phoneticdisplayname' -> :'displayname;lang-ja;phonetic'
     @password_hash_algorithm  = (params[:password_hash_algorithm] ? params[:password_hash_algorithm] : 'virtualCryptSHA512')
 
+    # Phonetics are listed in https://lists.samba.org/archive/samba/2017-March/207308.html
+    @map_ad_msds_phonetics = {}
+    @map_ldap_msds_phonetics = {}
+    if params[:map_msds_phonetics] != nil
+      p = params[:map_msds_phonetics]
+      # msDS-PhoneticCompanyName => companyName;lang-ja;phonetic
+      create_map_phonetics(p, :'msds-phoneticcompanyname') if p[:'msds-phoneticcompanyname'] != nil
+      # msDS-PhoneticDepartment => department;lang-ja;phonetic
+      create_map_phonetics(p, :'msds-phoneticdepartment') if p[:'msds-phoneticdepartment'] != nil
+      # msDS-PhoneticFirstName => firstname;lang-ja;phonetic
+      create_map_phonetics(p, :'msds-phoneticfirstname') if p[:'msds-phoneticfirstname'] != nil
+      # msDS-PhoneticLastName => lastname;lang-ja;phonetic
+      create_map_phonetics(p, :'msds-phoneticlastname') if p[:'msds-phoneticlastname'] != nil
+      # msDS-PhoneticDisplayName => displayname;lang-ja;phonetic
+      create_map_phonetics(p, :'msds-phoneticdisplayname') if p[:'msds-phoneticdisplayname'] != nil
+    end
+
     @ad_client    = Adap::get_ad_client_instance(@ad_host, @ad_port, @ad_auth)
     @ldap_client  = Adap::get_ldap_client_instance(@ldap_host, @ldap_port, @ldap_auth)
   end
 
+  private def create_map_phonetics(p, ad_phonetics)
+    @map_ad_msds_phonetics[ad_phonetics] = p[ad_phonetics]
+    @map_ldap_msds_phonetics[p[ad_phonetics]] = ad_phonetics
+    @ad_user_required_attributes.push(ad_phonetics)
+    @ldap_user_required_attributes.push(p[ad_phonetics])
+  end
+
   def self.get_ad_client_instance(ad_host, ad_port, ad_auth)
     Net::LDAP.new(:host => ad_host, :port => ad_port, :auth => ad_auth)
   end
@@ -59,23 +84,27 @@ class Adap
   end
 
   def get_ldap_dn(username)
-    "uid=#{username},ou=Users,#{@ldap_basedn}"
+    "uid=#{username},#{@ldap_suffix_ou},#{@ldap_basedn}"
   end
 
-  def create_ldap_attributes(entry)
+  def create_ldap_attributes(ad_entry)
     attributes = {
       :objectclass => ["top", "person", "organizationalPerson", "inetOrgPerson", "posixAccount", "shadowAccount"]
     }
 
-   entry.each do |attribute, values|
+   ad_entry.each do |attribute, values|
       # Change string to lower case symbols to compare each attributes correctly
-      attribute = attribute.downcase.to_sym
+      sym_attribute = attribute.downcase.to_sym
 
-      if USER_REQUIRED_ATTRIBUTES.include?(attribute) then
-        if attribute == :unixhomedirectory then
+      if @ad_user_required_attributes.include?(sym_attribute) then
+        if sym_attribute == :unixhomedirectory then
           attributes[:homedirectory] = values
+        elsif @map_ad_msds_phonetics.has_key?(sym_attribute) && ad_entry[attribute].length != 0
+          # entry always returns an array that length 0 if the attribute does not existed.
+          # So no need to check whether the ad_entry[attribute] is nil or not.
+          attributes[@map_ad_msds_phonetics[sym_attribute]] = values
         else
-          attributes[attribute] = values
+          attributes[sym_attribute] = values
         end
       end
     end
@@ -84,14 +113,12 @@ class Adap
   end
 
   def get_password(username)
-    password = get_raw_password(username, @password_hash_algorithm)
-
-    if password == nil || password.empty?
-      raise "Failed to get password of #{username} from AD. Did you enabled AD password option virtualCryptSHA512 and/or virtualCryptSHA256?"
+    result = get_raw_password(username, @password_hash_algorithm)
+    if not result.nil? then
+      result = result.chomp
     end
-    password = password.chomp
 
-    password
+    return result
   end
 
   def get_raw_password(username, algo)
@@ -155,6 +182,10 @@ class Adap
   end
 
   def add_user(ldap_user_dn, ad_entry, password)
+    if password == nil || password.empty?
+      raise "Password of #{ldap_user_dn} from AD in add_user is empty or nil. Did you enabled AD password option virtualCryptSHA512 and/or virtualCryptSHA256?"
+    end
+
     attributes = create_ldap_attributes(ad_entry)
 
     @ldap_client.add(
@@ -210,21 +241,35 @@ class Adap
 
     ad_entry.each do |key, value|
       ad_key_sym    = key.downcase.to_sym
-      ldap_key      = (key != :unixhomedirectory ? key : :homedirectory)
+      ldap_key = if ad_key_sym == :unixhomedirectory
+                   :homedirectory
+                 elsif @map_ad_msds_phonetics.has_key?(ad_key_sym)
+                   @map_ad_msds_phonetics[ad_key_sym]
+                 else
+                   ad_key_sym
+                 end
       ldap_key_sym  = ldap_key.downcase.to_sym
 
-      if USER_REQUIRED_ATTRIBUTES.include?(ad_key_sym)
-        next if value == ldap_entry[ldap_key]
+      # TODO: Can @ad_user_required_attributes.include? be put more early line?
+      if @ad_user_required_attributes.include?(ad_key_sym) && value != ldap_entry[ldap_key]
+        #next if value == ldap_entry[ldap_key]
         operations.push((ldap_entry[ldap_key] != nil ? [:replace, ldap_key_sym, value] : [:add, ldap_key_sym, value]))
       end
     end
 
     ldap_entry.each do |key, value|
       ldap_key_sym  = key.downcase.to_sym
-      ad_key        = (key != :homedirectory ? key : :unixhomedirectory)
-
-      if USER_REQUIRED_ATTRIBUTES.include?(ldap_key_sym)
-        operations.push([:delete, ldap_key_sym, nil]) if ad_entry[ad_key] == nil
+      #ad_key        = (ldap_key_sym != :homedirectory ? ldap_key_sym : :unixhomedirectory)
+      ad_key        = if ldap_key_sym == :homedirectory
+                        :unixhomedirectory
+                      elsif @map_ldap_msds_phonetics.has_key?(ldap_key_sym)
+                        @map_ldap_msds_phonetics[ldap_key_sym]
+                      else
+                        ldap_key_sym
+                      end
+
+      if @ldap_user_required_attributes.include?(ldap_key_sym) && ad_entry[ad_key] == nil
+        operations.push([:delete, ldap_key_sym, nil])
       end
     end
 
@@ -459,12 +504,13 @@ class Adap
 
   def get_primary_gidnumber_from_ad(uid)
     return nil if uid ==nil
+    primary_gid = nil
 
     @ad_client.search(:base => "CN=#{uid},CN=Users,#{@ad_basedn}") do |entry|
       primary_gid = entry[:gidnumber].first
     end
 
-    return primary_gid
+    primary_gid
   end
 
 end

data/lib/adap/version.rb

@@ -1,3 +1,3 @@
 module ModAdap
-  VERSION = "0.0.12"
+  VERSION = "0.0.18"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: adap
 version: !ruby/object:Gem::Version
-  version: 0.0.12
+  version: 0.0.18
 platform: ruby
 authors:
 - Tsutomu Nakamura
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-01-26 00:00:00.000000000 Z
+date: 2020-07-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -79,7 +79,7 @@ homepage: https://github.com/TsutomuNakamura/adap
 licenses: []
 metadata:
   homepage_uri: https://github.com/TsutomuNakamura/adap
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -94,8 +94,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
-signing_key: 
+rubygems_version: 3.1.3
+signing_key:
 specification_version: 4
 summary: LDAP migration tool from AD to NT schema
 test_files: []