adap 0.0.12 → 0.0.18

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +2 -0
  3. data/Gemfile.lock +3 -3
  4. data/lib/adap/adap.rb +74 -28
  5. data/lib/adap/version.rb +1 -1
  6. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ee6e3514fa3c73373536ae3998baa47a70c1a2e528274d7a0b78f49a6a24188d
4
- data.tar.gz: 226aed513502e093d6b53bbe3e959ce56b123ac5292643e0497a45d50556694d
3
+ metadata.gz: d9f176d946ff86a514767eba12e6baef522d1dc766b5cc13406ebd4d40a22cf2
4
+ data.tar.gz: 3db77ce4d09775c4da8476c172d1f46bd44817f49b44aaa959c03db5e5a77690
5
5
  SHA512:
6
- metadata.gz: 55950748cc4a1c3fb4fd2c6cea48a432760808b26e42773937beb6786771842c433f2e9f62b5923bc529acc35a98eb1d17c8df5a5ab7ef92a330f9045114f404
7
- data.tar.gz: d3254d935e294f91dd803ba4128cdec7e29d0e9fe34cee6dfaaf9895ec819a7b2299d7def2ac23e102bf4fa4850aedefd636e9e63a87fba9d4c9b0c008133b1e
6
+ metadata.gz: eef819904f9e7e55f53efe78a4a9d2d24030ae8595d983ae44fb66e95c0c82ffe343c3c6352300808edcf5dd4c30dd4f90df757f17de354a06125d4121fb668a
7
+ data.tar.gz: ebbe7ef783ea128e1fe5fb0ad10771c575888d8c17cfa3d72f6f5e68429b1b433dcbdd9bd503067737c73de160296cca776bb389777648d7d559faa4ee7aa4d9
data/Gemfile CHANGED
@@ -8,3 +8,5 @@ gem "unix-crypt", "~> 1.3"
8
8
  gem "net-ldap", "~> 0.16.2"
9
9
 
10
10
  gem "mocha", "~> 1.10"
11
+
12
+ gem "rake", "~> 13.0"
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- adap (0.0.7)
4
+ adap (0.0.16)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
@@ -9,7 +9,7 @@ GEM
9
9
  minitest (5.14.0)
10
10
  mocha (1.11.2)
11
11
  net-ldap (0.16.2)
12
- rake (10.5.0)
12
+ rake (13.0.1)
13
13
  unix-crypt (1.3.0)
14
14
 
15
15
  PLATFORMS
@@ -21,7 +21,7 @@ DEPENDENCIES
21
21
  minitest (~> 5.0)
22
22
  mocha (~> 1.10)
23
23
  net-ldap (~> 0.16.2)
24
- rake (~> 10.0)
24
+ rake (~> 13.0)
25
25
  unix-crypt (~> 1.3)
26
26
 
27
27
  BUNDLED WITH
data/lib/adap/adap.rb CHANGED
@@ -2,12 +2,6 @@ require 'net-ldap'
2
2
 
3
3
  class Adap
4
4
 
5
- # :unixhomedirectory and :homedirectory are the attributes that has same meaning between AD and LDAP.
6
- USER_REQUIRED_ATTRIBUTES = [:cn, :sn, :uid, :uidnumber, :gidnumber, :displayname, :loginshell, :gecos, :givenname, :unixhomedirectory, :homedirectory]
7
- #USER_REQUIRED_ATTRIBUTES = ['cn', 'sn', 'uid', 'uidNumber', 'gidNumber', 'homeDirectory', 'loginShell', 'gecos', 'givenName']
8
- GROUP_OF_USER_REQUIRED_ATTRIBUTES = [:objectclass, :gidnumber, :cn, :description, :memberuid]
9
-
10
- #
11
5
  # params {
12
6
  # :ad_host required IP or hostname of AD.
13
7
  # :ad_port optional (default:389) Port of AD host.
@@ -24,11 +18,16 @@ class Adap
24
18
  #
25
19
  def initialize(params)
26
20
  raise "Initialize Adap was failed. params must not be nil" if params == nil
27
- #raise 'Adap requires keys of parameter "ad_host" "ad_binddn" "ad_basedn"' \
21
+
28
22
  [:ad_host, :ad_binddn, :ad_basedn, :ldap_host, :ldap_binddn, :ldap_basedn].each { |k|
29
23
  raise 'Adap requires keys in params ":ad_host", ":ad_binddn", ":ad_basedn", ":ldap_host", ":ldap_binddn", ":ldap_basedn"' if !params.key?(k)
30
24
  }
31
25
 
26
+ # List of attributes for user in AD
27
+ @ad_user_required_attributes = [:cn, :sn, :uid, :uidnumber, :gidnumber, :displayname, :loginshell, :gecos, :givenname, :description, :unixhomedirectory]
28
+ # List of attributes for user in LDAP
29
+ @ldap_user_required_attributes = [:cn, :sn, :uid, :uidnumber, :gidnumber, :displayname, :loginshell, :gecos, :givenname, :description, :homedirectory]
30
+
32
31
  @ad_host = params[:ad_host]
33
32
  @ad_port = (params[:ad_port] ? params[:ad_port] : 389)
34
33
  @ad_binddn = params[:ad_binddn]
@@ -37,15 +36,41 @@ class Adap
37
36
  @ldap_host = params[:ldap_host]
38
37
  @ldap_port = (params[:ldap_port] ? params[:ldap_port] : 389)
39
38
  @ldap_binddn = params[:ldap_binddn]
39
+ @ldap_suffix_ou = (params[:ldap_suffix_ou] ? params[:ldap_suffix_ou] : "ou=Users")
40
40
  @ldap_basedn = params[:ldap_basedn]
41
41
  @ldap_user_basedn = params[:ldap_user_basedn]
42
42
  @ldap_auth = (params.has_key?(:ldap_password) ? { :method => :simple, :username => @ldap_binddn, :password => params[:ldap_password] } : nil )
43
+ # This attribute converted in generally ... :'msds-phoneticdisplayname' -> :'displayname;lang-ja;phonetic'
43
44
  @password_hash_algorithm = (params[:password_hash_algorithm] ? params[:password_hash_algorithm] : 'virtualCryptSHA512')
44
45
 
46
+ # Phonetics are listed in https://lists.samba.org/archive/samba/2017-March/207308.html
47
+ @map_ad_msds_phonetics = {}
48
+ @map_ldap_msds_phonetics = {}
49
+ if params[:map_msds_phonetics] != nil
50
+ p = params[:map_msds_phonetics]
51
+ # msDS-PhoneticCompanyName => companyName;lang-ja;phonetic
52
+ create_map_phonetics(p, :'msds-phoneticcompanyname') if p[:'msds-phoneticcompanyname'] != nil
53
+ # msDS-PhoneticDepartment => department;lang-ja;phonetic
54
+ create_map_phonetics(p, :'msds-phoneticdepartment') if p[:'msds-phoneticdepartment'] != nil
55
+ # msDS-PhoneticFirstName => firstname;lang-ja;phonetic
56
+ create_map_phonetics(p, :'msds-phoneticfirstname') if p[:'msds-phoneticfirstname'] != nil
57
+ # msDS-PhoneticLastName => lastname;lang-ja;phonetic
58
+ create_map_phonetics(p, :'msds-phoneticlastname') if p[:'msds-phoneticlastname'] != nil
59
+ # msDS-PhoneticDisplayName => displayname;lang-ja;phonetic
60
+ create_map_phonetics(p, :'msds-phoneticdisplayname') if p[:'msds-phoneticdisplayname'] != nil
61
+ end
62
+
45
63
  @ad_client = Adap::get_ad_client_instance(@ad_host, @ad_port, @ad_auth)
46
64
  @ldap_client = Adap::get_ldap_client_instance(@ldap_host, @ldap_port, @ldap_auth)
47
65
  end
48
66
 
67
+ private def create_map_phonetics(p, ad_phonetics)
68
+ @map_ad_msds_phonetics[ad_phonetics] = p[ad_phonetics]
69
+ @map_ldap_msds_phonetics[p[ad_phonetics]] = ad_phonetics
70
+ @ad_user_required_attributes.push(ad_phonetics)
71
+ @ldap_user_required_attributes.push(p[ad_phonetics])
72
+ end
73
+
49
74
  def self.get_ad_client_instance(ad_host, ad_port, ad_auth)
50
75
  Net::LDAP.new(:host => ad_host, :port => ad_port, :auth => ad_auth)
51
76
  end
@@ -59,23 +84,27 @@ class Adap
59
84
  end
60
85
 
61
86
  def get_ldap_dn(username)
62
- "uid=#{username},ou=Users,#{@ldap_basedn}"
87
+ "uid=#{username},#{@ldap_suffix_ou},#{@ldap_basedn}"
63
88
  end
64
89
 
65
- def create_ldap_attributes(entry)
90
+ def create_ldap_attributes(ad_entry)
66
91
  attributes = {
67
92
  :objectclass => ["top", "person", "organizationalPerson", "inetOrgPerson", "posixAccount", "shadowAccount"]
68
93
  }
69
94
 
70
- entry.each do |attribute, values|
95
+ ad_entry.each do |attribute, values|
71
96
  # Change string to lower case symbols to compare each attributes correctly
72
- attribute = attribute.downcase.to_sym
97
+ sym_attribute = attribute.downcase.to_sym
73
98
 
74
- if USER_REQUIRED_ATTRIBUTES.include?(attribute) then
75
- if attribute == :unixhomedirectory then
99
+ if @ad_user_required_attributes.include?(sym_attribute) then
100
+ if sym_attribute == :unixhomedirectory then
76
101
  attributes[:homedirectory] = values
102
+ elsif @map_ad_msds_phonetics.has_key?(sym_attribute) && ad_entry[attribute].length != 0
103
+ # entry always returns an array that length 0 if the attribute does not existed.
104
+ # So no need to check whether the ad_entry[attribute] is nil or not.
105
+ attributes[@map_ad_msds_phonetics[sym_attribute]] = values
77
106
  else
78
- attributes[attribute] = values
107
+ attributes[sym_attribute] = values
79
108
  end
80
109
  end
81
110
  end
@@ -84,14 +113,12 @@ class Adap
84
113
  end
85
114
 
86
115
  def get_password(username)
87
- password = get_raw_password(username, @password_hash_algorithm)
88
-
89
- if password == nil || password.empty?
90
- raise "Failed to get password of #{username} from AD. Did you enabled AD password option virtualCryptSHA512 and/or virtualCryptSHA256?"
116
+ result = get_raw_password(username, @password_hash_algorithm)
117
+ if not result.nil? then
118
+ result = result.chomp
91
119
  end
92
- password = password.chomp
93
120
 
94
- password
121
+ return result
95
122
  end
96
123
 
97
124
  def get_raw_password(username, algo)
@@ -155,6 +182,10 @@ class Adap
155
182
  end
156
183
 
157
184
  def add_user(ldap_user_dn, ad_entry, password)
185
+ if password == nil || password.empty?
186
+ raise "Password of #{ldap_user_dn} from AD in add_user is empty or nil. Did you enabled AD password option virtualCryptSHA512 and/or virtualCryptSHA256?"
187
+ end
188
+
158
189
  attributes = create_ldap_attributes(ad_entry)
159
190
 
160
191
  @ldap_client.add(
@@ -210,21 +241,35 @@ class Adap
210
241
 
211
242
  ad_entry.each do |key, value|
212
243
  ad_key_sym = key.downcase.to_sym
213
- ldap_key = (key != :unixhomedirectory ? key : :homedirectory)
244
+ ldap_key = if ad_key_sym == :unixhomedirectory
245
+ :homedirectory
246
+ elsif @map_ad_msds_phonetics.has_key?(ad_key_sym)
247
+ @map_ad_msds_phonetics[ad_key_sym]
248
+ else
249
+ ad_key_sym
250
+ end
214
251
  ldap_key_sym = ldap_key.downcase.to_sym
215
252
 
216
- if USER_REQUIRED_ATTRIBUTES.include?(ad_key_sym)
217
- next if value == ldap_entry[ldap_key]
253
+ # TODO: Can @ad_user_required_attributes.include? be put more early line?
254
+ if @ad_user_required_attributes.include?(ad_key_sym) && value != ldap_entry[ldap_key]
255
+ #next if value == ldap_entry[ldap_key]
218
256
  operations.push((ldap_entry[ldap_key] != nil ? [:replace, ldap_key_sym, value] : [:add, ldap_key_sym, value]))
219
257
  end
220
258
  end
221
259
 
222
260
  ldap_entry.each do |key, value|
223
261
  ldap_key_sym = key.downcase.to_sym
224
- ad_key = (key != :homedirectory ? key : :unixhomedirectory)
225
-
226
- if USER_REQUIRED_ATTRIBUTES.include?(ldap_key_sym)
227
- operations.push([:delete, ldap_key_sym, nil]) if ad_entry[ad_key] == nil
262
+ #ad_key = (ldap_key_sym != :homedirectory ? ldap_key_sym : :unixhomedirectory)
263
+ ad_key = if ldap_key_sym == :homedirectory
264
+ :unixhomedirectory
265
+ elsif @map_ldap_msds_phonetics.has_key?(ldap_key_sym)
266
+ @map_ldap_msds_phonetics[ldap_key_sym]
267
+ else
268
+ ldap_key_sym
269
+ end
270
+
271
+ if @ldap_user_required_attributes.include?(ldap_key_sym) && ad_entry[ad_key] == nil
272
+ operations.push([:delete, ldap_key_sym, nil])
228
273
  end
229
274
  end
230
275
 
@@ -459,12 +504,13 @@ class Adap
459
504
 
460
505
  def get_primary_gidnumber_from_ad(uid)
461
506
  return nil if uid ==nil
507
+ primary_gid = nil
462
508
 
463
509
  @ad_client.search(:base => "CN=#{uid},CN=Users,#{@ad_basedn}") do |entry|
464
510
  primary_gid = entry[:gidnumber].first
465
511
  end
466
512
 
467
- return primary_gid
513
+ primary_gid
468
514
  end
469
515
 
470
516
  end
data/lib/adap/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module ModAdap
2
- VERSION = "0.0.12"
2
+ VERSION = "0.0.18"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: adap
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.12
4
+ version: 0.0.18
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tsutomu Nakamura
8
- autorequire:
8
+ autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-01-26 00:00:00.000000000 Z
11
+ date: 2020-07-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -79,7 +79,7 @@ homepage: https://github.com/TsutomuNakamura/adap
79
79
  licenses: []
80
80
  metadata:
81
81
  homepage_uri: https://github.com/TsutomuNakamura/adap
82
- post_install_message:
82
+ post_install_message:
83
83
  rdoc_options: []
84
84
  require_paths:
85
85
  - lib
@@ -94,8 +94,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
94
94
  - !ruby/object:Gem::Version
95
95
  version: '0'
96
96
  requirements: []
97
- rubygems_version: 3.1.2
98
- signing_key:
97
+ rubygems_version: 3.1.3
98
+ signing_key:
99
99
  specification_version: 4
100
100
  summary: LDAP migration tool from AD to NT schema
101
101
  test_files: []