adap 0.1.0 → 0.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.circleci/config.yml +16 -0
- data/Gemfile.lock +2 -4
- data/README.md +99 -3
- data/lib/adap/adap.rb +10 -3
- data/lib/adap/version.rb +1 -1
- metadata +7 -7
- data/.travis.yml +0 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9689b192170a4cc2976d36fad77d1e67a89a25090bbcf82eadec964e45ac6b60
|
4
|
+
data.tar.gz: 3d834f3d62e8a641cceb49f353d898cbdde4edaac3550f01aeebf9bdd2239383
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: bb859c3aca6dd3c262233c2760de8ed11e8efef924e71aeb1a61bbea48766037853fd2ec490345925864a5bdb2927749fec8d399e1a550bcc0364d125ddc19ab
|
7
|
+
data.tar.gz: d7b266e66cb56c92666eb4d65766c2ce80cf312f99a9da8de4e404ad1df1eceaae31ed0822db5c0fa64b1216f2d33613156a1eb4f29e60dd426a3f9b644f9070
|
@@ -0,0 +1,16 @@
|
|
1
|
+
version: 2.1
|
2
|
+
orbs:
|
3
|
+
ruby: circleci/ruby@0.1.2
|
4
|
+
|
5
|
+
jobs:
|
6
|
+
build:
|
7
|
+
docker:
|
8
|
+
- image: ruby:2.7
|
9
|
+
executor: ruby/default
|
10
|
+
steps:
|
11
|
+
- checkout
|
12
|
+
- run: bundle check || bundle install
|
13
|
+
- run:
|
14
|
+
command: bundle exec rake test
|
15
|
+
when: always
|
16
|
+
|
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
adap (0.
|
4
|
+
adap (0.1.3)
|
5
5
|
|
6
6
|
GEM
|
7
7
|
remote: https://rubygems.org/
|
@@ -9,7 +9,6 @@ GEM
|
|
9
9
|
minitest (5.14.0)
|
10
10
|
mocha (1.11.2)
|
11
11
|
net-ldap (0.16.2)
|
12
|
-
rake (13.0.1)
|
13
12
|
unix-crypt (1.3.0)
|
14
13
|
|
15
14
|
PLATFORMS
|
@@ -21,8 +20,7 @@ DEPENDENCIES
|
|
21
20
|
minitest (~> 5.0)
|
22
21
|
mocha (~> 1.10)
|
23
22
|
net-ldap (~> 0.16.2)
|
24
|
-
rake (~> 13.0)
|
25
23
|
unix-crypt (~> 1.3)
|
26
24
|
|
27
25
|
BUNDLED WITH
|
28
|
-
2.
|
26
|
+
2.2.23
|
data/README.md
CHANGED
@@ -42,9 +42,75 @@ adap = Adap.new({
|
|
42
42
|
})
|
43
43
|
|
44
44
|
# This operation will synchronize a user taro-suzuki to LDAP from AD
|
45
|
-
adap.sync_user("
|
45
|
+
adap.sync_user("john", "secret")
|
46
46
|
```
|
47
47
|
|
48
|
+
## Attributes to be synched by default
|
49
|
+
Attributes to be synched by default are like below.
|
50
|
+
|
51
|
+
| Name of attribute in AD | | Name of attribute in LDAP | Note |
|
52
|
+
| ----------------------- | ------- | ------------------------- | ---- |
|
53
|
+
| cn | → | cn | |
|
54
|
+
| sn | → | sn | |
|
55
|
+
| uid | → | uid | |
|
56
|
+
| uidNumber | → | uidNumber | |
|
57
|
+
| gidNumber | → | gidNumber | |
|
58
|
+
| displayName | → | displayName | |
|
59
|
+
| loginShell | → | loginShell | |
|
60
|
+
| gecos | → | gecos | |
|
61
|
+
| givenName | → | givenName | |
|
62
|
+
| description | → | description | |
|
63
|
+
| mail | → | mail | |
|
64
|
+
| businessCategory | → | businessCategory | |
|
65
|
+
| employeeType | → | employeeType | |
|
66
|
+
| employeeNumber | → | employeeNumber | |
|
67
|
+
| unixHomeDirectory | → | homeDirectory | Synched by different names of attributes between AD and LDAP |
|
68
|
+
| - | → | userPassword | Password of users also will be synched with some limitations |
|
69
|
+
|
70
|
+
Some attributes will be added as synched parameters if you add some options, for example options of phonetics.
|
71
|
+
|
72
|
+
## Other options
|
73
|
+
### Password hash algorithm
|
74
|
+
There are some supported password hash algorithms like `:md5(MD5)`, `:sha(SHA1)`, `:ssha(SSHA)`, `:virtual_crypt_sha256(virtualCryptSHA256)`, `:virtual_crypt_sha512(virtualCryptSHA512)`.
|
75
|
+
`:ssha(SSHA)` will be chosen if you didn't specify any method.
|
76
|
+
|
77
|
+
```ruby
|
78
|
+
adap = Adap.new({
|
79
|
+
# Abbreviate other necessary attributes...
|
80
|
+
:password_hash_algorithm => :sha
|
81
|
+
})
|
82
|
+
```
|
83
|
+
|
84
|
+
But please be careful, even if you choose any method, you will encounter some limitations.
|
85
|
+
|
86
|
+
* [You have to give plain password if you choose password hash algorithm as :md5, :sha or :ssha](https://github.com/TsutomuNakamura/adap/#you-have-to-give-plain-password-if-you-choose-password-hash-algorithm-as-md5-sha-or-ssha)
|
87
|
+
* [AD must allow CryptSHA256 or CryptSHA512 to store password and they have to be same as a storing method in LDAP if you chose password hash algorithm as :virtual_crypt_sha256 or :virtual_crypt_sha512](https://github.com/TsutomuNakamura/adap/#ad-must-allow-cryptsha256-or-cryptsha512-to-store-password-and-they-have-to-be-same-as-a-storing-method-in-ldap)
|
88
|
+
|
89
|
+
### Phonetics
|
90
|
+
adap can sync phonetics from AD to LDAP if you specify attribute names.
|
91
|
+
|
92
|
+
```ruby
|
93
|
+
adap = Adap.new({
|
94
|
+
# Abbreviate other necessary attributes...
|
95
|
+
:map_msds_phonetics => {
|
96
|
+
# This will sync the value of :'msds-phoneticdisplayname'(msDS-PhoneticDisplayName) in AD to the value of "displayname;lang-ja;phonetic" in LDAP
|
97
|
+
:'msds-phoneticdisplayname' => :'displayname;lang-ja;phonetic'
|
98
|
+
}
|
99
|
+
})
|
100
|
+
```
|
101
|
+
|
102
|
+
All supported phonetics in AD are like below.
|
103
|
+
|
104
|
+
| Symbol | Name of attribute | General name of attribute in LDAP(ex:ja) |
|
105
|
+
| --------------------------- | ------------------------ | ---------------------------------------- |
|
106
|
+
| :'msds-phoneticcompanyname' | msDS-PhoneticCompanyName | companyName;lang-ja;phonetic |
|
107
|
+
| :'msds-phoneticdepartment' | msDS-PhoneticDepartment | department;lang-ja;phonetic |
|
108
|
+
| :'msds-phoneticfirstname' | msDS-PhoneticFirstName | firstname;lang-ja;phonetic |
|
109
|
+
| :'msds-phoneticlastname' | msDS-PhoneticLastName | lastname;lang-ja;phonetic |
|
110
|
+
| :'msds-phoneticdisplayname' | msDS-PhoneticDisplayName | displayname;lang-ja;phonetic |
|
111
|
+
|
112
|
+
Ofcourse, you can change the name of attributes that will be synced in LDAP(General name of attribute in LDAP) depends on your environment.
|
113
|
+
|
48
114
|
## Requirements and limitations
|
49
115
|
|
50
116
|
This program has some requirements and limitations like below.
|
@@ -65,12 +131,27 @@ ldap server require strong auth = no
|
|
65
131
|
|
66
132
|
This program will fail to get user data from AD if you did not allow this setting.
|
67
133
|
|
68
|
-
###
|
134
|
+
### You have to give a plain password of the user that will be synched if you choose password hash algorithm as :md5, :sha or :ssha
|
135
|
+
AD never be able to have passwords as :md5(MD5), :sha(SHA1) or :ssha(SSHA) that same as LDAP(OpenLDAP).
|
136
|
+
So this program can not sync user password from only parameters in AD to LDAP.
|
137
|
+
You have to pass the plain password to sync passwords to LDAP.
|
138
|
+
|
139
|
+
```ruby
|
140
|
+
adap = Adap.new({
|
141
|
+
# Abbreviate other necessary attributes...
|
142
|
+
})
|
143
|
+
|
144
|
+
adap.sync_user("john", "secret") # You have to give a plain password as a second parameter of the sync_user().
|
145
|
+
```
|
146
|
+
|
147
|
+
### AD must allow CryptSHA256 or CryptSHA512 to store password and they have to be same as a storing method in LDAP if you choose password hash algorithm as :virtual_crypt_sha256 or :virtual_crypt_sha512
|
69
148
|
|
70
149
|
AD must allow storing password as CryptSHA256 or CryptSHA512 by setting smb.conf like below.
|
71
150
|
|
72
151
|
* your AD's smb.conf
|
73
152
|
```
|
153
|
+
[global]
|
154
|
+
# ......
|
74
155
|
password hash userPassword schemes = CryptSHA256 CryptSHA512
|
75
156
|
```
|
76
157
|
|
@@ -103,7 +184,18 @@ olcPasswordCryptSaltFormat: $6$%.16s
|
|
103
184
|
EOF
|
104
185
|
```
|
105
186
|
|
106
|
-
|
187
|
+
After you have set them, you can sync a user and password between AD and LDAP like below.
|
188
|
+
|
189
|
+
```ruby
|
190
|
+
adap = Adap.new({
|
191
|
+
# Abbreviate other necessary attributes...
|
192
|
+
:password_hash_algorithm => :virtual_crypt_sha512
|
193
|
+
})
|
194
|
+
|
195
|
+
adap.sync_user("john") # You don't have to give a plain password.
|
196
|
+
```
|
197
|
+
|
198
|
+
### This program must be located in AD server if you chose a password hash algorithm as :virtual_crypt_sha256 or :virtual_crypt_sha512
|
107
199
|
|
108
200
|
This program must be located in AD server because samba-tool on AD only support getting hashed password only from `ldapi://` or `tdb://`.
|
109
201
|
|
@@ -117,6 +209,10 @@ After checking out the repo, run `bin/setup` to install dependencies. Then, run
|
|
117
209
|
|
118
210
|
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
|
119
211
|
|
212
|
+
## Build
|
213
|
+
|
214
|
+
gem build adap.gemspec
|
215
|
+
|
120
216
|
## Contributing
|
121
217
|
|
122
218
|
Bug reports and pull requests are welcome on GitHub at https://github.com/TsutomuNakamura/adap.
|
data/lib/adap/adap.rb
CHANGED
@@ -24,9 +24,9 @@ class Adap
|
|
24
24
|
}
|
25
25
|
|
26
26
|
# List of attributes for user in AD
|
27
|
-
@ad_user_required_attributes = [:cn, :sn, :uid, :uidnumber, :gidnumber, :displayname, :loginshell, :gecos, :givenname, :description, :mail, :unixhomedirectory]
|
27
|
+
@ad_user_required_attributes = [:cn, :sn, :uid, :uidnumber, :gidnumber, :displayname, :loginshell, :gecos, :givenname, :description, :mail, :employeenumber, :businesscategory, :employeetype, :unixhomedirectory]
|
28
28
|
# List of attributes for user in LDAP
|
29
|
-
@ldap_user_required_attributes = [:cn, :sn, :uid, :uidnumber, :gidnumber, :displayname, :loginshell, :gecos, :givenname, :description, :mail, :homedirectory]
|
29
|
+
@ldap_user_required_attributes = [:cn, :sn, :uid, :uidnumber, :gidnumber, :displayname, :loginshell, :gecos, :givenname, :description, :mail, :employeenumber, :businesscategory, :employeetype, :homedirectory]
|
30
30
|
|
31
31
|
# List of supported hash algorithms keys and string values to operate
|
32
32
|
@supported_hash_algorithms_map = {
|
@@ -36,6 +36,8 @@ class Adap
|
|
36
36
|
:virtual_crypt_sha256 => "virtualCryptSHA256",
|
37
37
|
:virtual_crypt_sha512 => "virtualCryptSHA512"
|
38
38
|
}
|
39
|
+
# List of unsupported hash algorithms in AD but OpenLDAP support
|
40
|
+
@unsupported_hash_algorithms_in_ad = [:md5, :sha, :ssha]
|
39
41
|
|
40
42
|
@ad_host = params[:ad_host]
|
41
43
|
@ad_port = (params[:ad_port] ? params[:ad_port] : 389)
|
@@ -192,7 +194,12 @@ class Adap
|
|
192
194
|
elsif ad_entry.nil? and !ldap_entry.nil? then
|
193
195
|
ret = delete_user(ldap_dn)
|
194
196
|
elsif !ad_entry.nil? and !ldap_entry.nil? then
|
195
|
-
ret = modify_user(
|
197
|
+
ret = modify_user(
|
198
|
+
ldap_dn,
|
199
|
+
ad_entry,
|
200
|
+
ldap_entry,
|
201
|
+
( password.nil? and (@unsupported_hash_algorithms_in_ad.include?(@password_hash_algorithm)) ) ? nil : get_password_hash(uid, password)
|
202
|
+
)
|
196
203
|
else
|
197
204
|
# ad_entry.nil? and ldap_entry.nil? then
|
198
205
|
return {:code => 0, :operations => nil, :message => "There are not any data of #{uid} to sync."}
|
data/lib/adap/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: adap
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tsutomu Nakamura
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-07-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -59,8 +59,8 @@ executables: []
|
|
59
59
|
extensions: []
|
60
60
|
extra_rdoc_files: []
|
61
61
|
files:
|
62
|
+
- ".circleci/config.yml"
|
62
63
|
- ".gitignore"
|
63
|
-
- ".travis.yml"
|
64
64
|
- Gemfile
|
65
65
|
- Gemfile.lock
|
66
66
|
- README.md
|
@@ -79,7 +79,7 @@ homepage: https://github.com/TsutomuNakamura/adap
|
|
79
79
|
licenses: []
|
80
80
|
metadata:
|
81
81
|
homepage_uri: https://github.com/TsutomuNakamura/adap
|
82
|
-
post_install_message:
|
82
|
+
post_install_message:
|
83
83
|
rdoc_options: []
|
84
84
|
require_paths:
|
85
85
|
- lib
|
@@ -94,8 +94,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
94
94
|
- !ruby/object:Gem::Version
|
95
95
|
version: '0'
|
96
96
|
requirements: []
|
97
|
-
rubygems_version: 3.1.
|
98
|
-
signing_key:
|
97
|
+
rubygems_version: 3.1.2
|
98
|
+
signing_key:
|
99
99
|
specification_version: 4
|
100
100
|
summary: LDAP migration tool from AD to NT schema
|
101
101
|
test_files: []
|