adap 0.0.13 → 0.0.19

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f7a90f5e95be590f11b7922449ee42c0c28c5e7038606841ffbdaeedf9653cff
-  data.tar.gz: 8e6bfbbe533a4306be70ada982bc365cdabe07fb16717062b8381e2edbaea797
+  metadata.gz: 79f0099367a12ae334622a2de2da08349595a29295bdbab740df1436a5049c3e
+  data.tar.gz: b1038603bd55124f3d2179736755e72e26d4015da212b7866942ced393335022
 SHA512:
-  metadata.gz: 338adbb7c6588c96978feee4c1aafb677c6acbe6f6d8d3f02156814130d98a834c1073763b8aa25cfb6af8479392f03cd17179db505d4c718fdedd5f4f7b488a
-  data.tar.gz: 622e87f387825d528605ddd0aaab433fe1f4b6d446f37c45de4cb49eb21f91ea710af243661090acae55c289f4a8da254d39b2b6be2ba85794d1ee5dff62d41a
+  metadata.gz: 54ffe5f02ce54bbdc962c176452091e37d6bad1ee56e73b0447b462535d2e09d356843e61f5d5ae6e30408ee6731ac76ad054d80b1ba69e781e748f63a322362
+  data.tar.gz: 9c519f4d69255a9d9bc58012d0181f35b1ccbf4427956b10bcf8d35cfb5906047e3bed4457bdd7a704fc7c1f2bfa7aec154d71e3d149285f15976cb86a0700bb

data/Gemfile

@@ -8,3 +8,5 @@ gem "unix-crypt", "~> 1.3"
 gem "net-ldap", "~> 0.16.2"
 
 gem "mocha", "~> 1.10"
+
+gem "rake", "~> 13.0"

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    adap (0.0.7)
+    adap (0.0.16)
 
 GEM
   remote: https://rubygems.org/
@@ -9,7 +9,7 @@ GEM
     minitest (5.14.0)
     mocha (1.11.2)
     net-ldap (0.16.2)
-    rake (10.5.0)
+    rake (13.0.1)
     unix-crypt (1.3.0)
 
 PLATFORMS
@@ -21,7 +21,7 @@ DEPENDENCIES
   minitest (~> 5.0)
   mocha (~> 1.10)
   net-ldap (~> 0.16.2)
-  rake (~> 10.0)
+  rake (~> 13.0)
   unix-crypt (~> 1.3)
 
 BUNDLED WITH

data/lib/adap/adap.rb

@@ -2,12 +2,6 @@ require 'net-ldap'
 
 class Adap
 
-  # :unixhomedirectory and :homedirectory are the attributes that has same meaning between AD and LDAP.
-  USER_REQUIRED_ATTRIBUTES = [:cn, :sn, :uid, :uidnumber, :gidnumber, :displayname, :loginshell, :gecos, :givenname, :unixhomedirectory, :homedirectory]
-  #USER_REQUIRED_ATTRIBUTES = ['cn', 'sn', 'uid', 'uidNumber', 'gidNumber', 'homeDirectory', 'loginShell', 'gecos', 'givenName']
-  GROUP_OF_USER_REQUIRED_ATTRIBUTES = [:objectclass, :gidnumber, :cn, :description, :memberuid]
-
-  #
   # params {
   #   :ad_host     required                                     IP or hostname of AD.
   #   :ad_port     optional (default:389)                       Port of AD host.
@@ -24,11 +18,16 @@ class Adap
   #
   def initialize(params)
     raise "Initialize Adap was failed. params must not be nil" if params == nil
-    #raise 'Adap requires keys of parameter "ad_host" "ad_binddn" "ad_basedn"' \
+
     [:ad_host, :ad_binddn, :ad_basedn, :ldap_host, :ldap_binddn, :ldap_basedn].each { |k|
       raise 'Adap requires keys in params ":ad_host", ":ad_binddn", ":ad_basedn", ":ldap_host", ":ldap_binddn", ":ldap_basedn"' if !params.key?(k)
     }
 
+    # List of attributes for user in AD
+    @ad_user_required_attributes   = [:cn, :sn, :uid, :uidnumber, :gidnumber, :displayname, :loginshell, :gecos, :givenname, :description, :unixhomedirectory]
+    # List of attributes for user in LDAP
+    @ldap_user_required_attributes = [:cn, :sn, :uid, :uidnumber, :gidnumber, :displayname, :loginshell, :gecos, :givenname, :description, :homedirectory]
+
     @ad_host                  = params[:ad_host]
     @ad_port                  = (params[:ad_port] ? params[:ad_port] : 389)
     @ad_binddn                = params[:ad_binddn]
@@ -37,15 +36,41 @@ class Adap
     @ldap_host                = params[:ldap_host]
     @ldap_port                = (params[:ldap_port] ? params[:ldap_port] : 389)
     @ldap_binddn              = params[:ldap_binddn]
+    @ldap_suffix_ou           = (params[:ldap_suffix_ou] ? params[:ldap_suffix_ou] : "ou=Users")
     @ldap_basedn              = params[:ldap_basedn]
     @ldap_user_basedn         = params[:ldap_user_basedn]
     @ldap_auth                = (params.has_key?(:ldap_password) ? { :method => :simple, :username => @ldap_binddn, :password => params[:ldap_password] } : nil )
+    # This attribute converted in generally ... :'msds-phoneticdisplayname' -> :'displayname;lang-ja;phonetic'
     @password_hash_algorithm  = (params[:password_hash_algorithm] ? params[:password_hash_algorithm] : 'virtualCryptSHA512')
 
+    # Phonetics are listed in https://lists.samba.org/archive/samba/2017-March/207308.html
+    @map_ad_msds_phonetics = {}
+    @map_ldap_msds_phonetics = {}
+    if params[:map_msds_phonetics] != nil
+      p = params[:map_msds_phonetics]
+      # msDS-PhoneticCompanyName => companyName;lang-ja;phonetic
+      create_map_phonetics(p, :'msds-phoneticcompanyname') if p[:'msds-phoneticcompanyname'] != nil
+      # msDS-PhoneticDepartment => department;lang-ja;phonetic
+      create_map_phonetics(p, :'msds-phoneticdepartment') if p[:'msds-phoneticdepartment'] != nil
+      # msDS-PhoneticFirstName => firstname;lang-ja;phonetic
+      create_map_phonetics(p, :'msds-phoneticfirstname') if p[:'msds-phoneticfirstname'] != nil
+      # msDS-PhoneticLastName => lastname;lang-ja;phonetic
+      create_map_phonetics(p, :'msds-phoneticlastname') if p[:'msds-phoneticlastname'] != nil
+      # msDS-PhoneticDisplayName => displayname;lang-ja;phonetic
+      create_map_phonetics(p, :'msds-phoneticdisplayname') if p[:'msds-phoneticdisplayname'] != nil
+    end
+
     @ad_client    = Adap::get_ad_client_instance(@ad_host, @ad_port, @ad_auth)
     @ldap_client  = Adap::get_ldap_client_instance(@ldap_host, @ldap_port, @ldap_auth)
   end
 
+  private def create_map_phonetics(p, ad_phonetics)
+    @map_ad_msds_phonetics[ad_phonetics] = p[ad_phonetics]
+    @map_ldap_msds_phonetics[p[ad_phonetics]] = ad_phonetics
+    @ad_user_required_attributes.push(ad_phonetics)
+    @ldap_user_required_attributes.push(p[ad_phonetics])
+  end
+
   def self.get_ad_client_instance(ad_host, ad_port, ad_auth)
     Net::LDAP.new(:host => ad_host, :port => ad_port, :auth => ad_auth)
   end
@@ -59,23 +84,27 @@ class Adap
   end
 
   def get_ldap_dn(username)
-    "uid=#{username},ou=Users,#{@ldap_basedn}"
+    "uid=#{username},#{@ldap_suffix_ou},#{@ldap_basedn}"
   end
 
-  def create_ldap_attributes(entry)
+  def create_ldap_attributes(ad_entry)
     attributes = {
       :objectclass => ["top", "person", "organizationalPerson", "inetOrgPerson", "posixAccount", "shadowAccount"]
     }
 
-   entry.each do |attribute, values|
+   ad_entry.each do |attribute, values|
       # Change string to lower case symbols to compare each attributes correctly
-      attribute = attribute.downcase.to_sym
+      sym_attribute = attribute.downcase.to_sym
 
-      if USER_REQUIRED_ATTRIBUTES.include?(attribute) then
-        if attribute == :unixhomedirectory then
+      if @ad_user_required_attributes.include?(sym_attribute) then
+        if sym_attribute == :unixhomedirectory then
           attributes[:homedirectory] = values
+        elsif @map_ad_msds_phonetics.has_key?(sym_attribute) && ad_entry[attribute].length != 0
+          # entry always returns an array that length 0 if the attribute does not existed.
+          # So no need to check whether the ad_entry[attribute] is nil or not.
+          attributes[@map_ad_msds_phonetics[sym_attribute]] = values
         else
-          attributes[attribute] = values
+          attributes[sym_attribute] = values
         end
       end
     end
@@ -84,14 +113,12 @@ class Adap
   end
 
   def get_password(username)
-    password = get_raw_password(username, @password_hash_algorithm)
-
-    if password == nil || password.empty?
-      raise "Failed to get password of #{username} from AD. Did you enabled AD password option virtualCryptSHA512 and/or virtualCryptSHA256?"
+    result = get_raw_password(username, @password_hash_algorithm)
+    if not result.nil? then
+      result = result.chomp
     end
-    password = password.chomp
 
-    password
+    return result
   end
 
   def get_raw_password(username, algo)
@@ -155,6 +182,10 @@ class Adap
   end
 
   def add_user(ldap_user_dn, ad_entry, password)
+    if password == nil || password.empty?
+      raise "Password of #{ldap_user_dn} from AD in add_user is empty or nil. Did you enabled AD password option virtualCryptSHA512 and/or virtualCryptSHA256?"
+    end
+
     attributes = create_ldap_attributes(ad_entry)
 
     @ldap_client.add(
@@ -210,27 +241,43 @@ class Adap
 
     ad_entry.each do |key, value|
       ad_key_sym    = key.downcase.to_sym
-      ldap_key      = (ad_key_sym != :unixhomedirectory ? ad_key_sym : :homedirectory)
+      ldap_key = if ad_key_sym == :unixhomedirectory
+                   :homedirectory
+                 elsif @map_ad_msds_phonetics.has_key?(ad_key_sym)
+                   @map_ad_msds_phonetics[ad_key_sym]
+                 else
+                   ad_key_sym
+                 end
       ldap_key_sym  = ldap_key.downcase.to_sym
 
-      if USER_REQUIRED_ATTRIBUTES.include?(ad_key_sym)
-        next if value == ldap_entry[ldap_key]
+      # TODO: Can @ad_user_required_attributes.include? be put more early line?
+      if @ad_user_required_attributes.include?(ad_key_sym) && value != ldap_entry[ldap_key]
+        #next if value == ldap_entry[ldap_key]
         operations.push((ldap_entry[ldap_key] != nil ? [:replace, ldap_key_sym, value] : [:add, ldap_key_sym, value]))
       end
     end
 
     ldap_entry.each do |key, value|
       ldap_key_sym  = key.downcase.to_sym
-      ad_key        = (ldap_key_sym != :homedirectory ? ldap_key_sym : :unixhomedirectory)
-
-      if USER_REQUIRED_ATTRIBUTES.include?(ldap_key_sym)
-        operations.push([:delete, ldap_key_sym, nil]) if ad_entry[ad_key] == nil
+      #ad_key        = (ldap_key_sym != :homedirectory ? ldap_key_sym : :unixhomedirectory)
+      ad_key        = if ldap_key_sym == :homedirectory
+                        :unixhomedirectory
+                      elsif @map_ldap_msds_phonetics.has_key?(ldap_key_sym)
+                        @map_ldap_msds_phonetics[ldap_key_sym]
+                      else
+                        ldap_key_sym
+                      end
+
+      if @ldap_user_required_attributes.include?(ldap_key_sym) && ad_entry[ad_key] == nil
+        operations.push([:delete, ldap_key_sym, nil])
       end
     end
 
     # AD does not have password as simple ldap attribute.
     # So password will always be updated for this reason.
-    operations.push([:replace, :userpassword, password])
+    if not password.nil? and not password.empty? then
+      operations.push([:replace, :userpassword, password])
+    end
 
     operations
   end
@@ -459,12 +506,13 @@ class Adap
 
   def get_primary_gidnumber_from_ad(uid)
     return nil if uid ==nil
+    primary_gid = nil
 
     @ad_client.search(:base => "CN=#{uid},CN=Users,#{@ad_basedn}") do |entry|
       primary_gid = entry[:gidnumber].first
     end
 
-    return primary_gid
+    primary_gid
   end
 
 end

data/lib/adap/version.rb

@@ -1,3 +1,3 @@
 module ModAdap
-  VERSION = "0.0.13"
+  VERSION = "0.0.19"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: adap
 version: !ruby/object:Gem::Version
-  version: 0.0.13
+  version: 0.0.19
 platform: ruby
 authors:
 - Tsutomu Nakamura
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-01-26 00:00:00.000000000 Z
+date: 2020-07-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -79,7 +79,7 @@ homepage: https://github.com/TsutomuNakamura/adap
 licenses: []
 metadata:
   homepage_uri: https://github.com/TsutomuNakamura/adap
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -94,8 +94,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
-signing_key: 
+rubygems_version: 3.1.3
+signing_key:
 specification_version: 4
 summary: LDAP migration tool from AD to NT schema
 test_files: []