adap 0.1.0 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3158307760aaffe02f99a06d508783b569321759652824029bf91615cdfea9ea
4
- data.tar.gz: 96bf2d0170c919e0a1946d5532c1d9e929dba0003548d6b091ba7d242d3238fd
3
+ metadata.gz: 9689b192170a4cc2976d36fad77d1e67a89a25090bbcf82eadec964e45ac6b60
4
+ data.tar.gz: 3d834f3d62e8a641cceb49f353d898cbdde4edaac3550f01aeebf9bdd2239383
5
5
  SHA512:
6
- metadata.gz: b22800cef66237c05002282ee1b63cc2e6070d151ef899ed67af75a4069b994aeb2f11987b13ff2882864b237fccc8dca9274dba0a35fa25b8da897618dc998e
7
- data.tar.gz: fd5bbdb231aa7c046335c8849af2898c30dd0e564a6b82faab86a4a63a77c8ebd2bd63611c28c8fe5c7ea70bcbad35019ec843497ef54f187051f1034cf2c775
6
+ metadata.gz: bb859c3aca6dd3c262233c2760de8ed11e8efef924e71aeb1a61bbea48766037853fd2ec490345925864a5bdb2927749fec8d399e1a550bcc0364d125ddc19ab
7
+ data.tar.gz: d7b266e66cb56c92666eb4d65766c2ce80cf312f99a9da8de4e404ad1df1eceaae31ed0822db5c0fa64b1216f2d33613156a1eb4f29e60dd426a3f9b644f9070
@@ -0,0 +1,16 @@
1
+ version: 2.1
2
+ orbs:
3
+ ruby: circleci/ruby@0.1.2
4
+
5
+ jobs:
6
+ build:
7
+ docker:
8
+ - image: ruby:2.7
9
+ executor: ruby/default
10
+ steps:
11
+ - checkout
12
+ - run: bundle check || bundle install
13
+ - run:
14
+ command: bundle exec rake test
15
+ when: always
16
+
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- adap (0.0.16)
4
+ adap (0.1.3)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
@@ -9,7 +9,6 @@ GEM
9
9
  minitest (5.14.0)
10
10
  mocha (1.11.2)
11
11
  net-ldap (0.16.2)
12
- rake (13.0.1)
13
12
  unix-crypt (1.3.0)
14
13
 
15
14
  PLATFORMS
@@ -21,8 +20,7 @@ DEPENDENCIES
21
20
  minitest (~> 5.0)
22
21
  mocha (~> 1.10)
23
22
  net-ldap (~> 0.16.2)
24
- rake (~> 13.0)
25
23
  unix-crypt (~> 1.3)
26
24
 
27
25
  BUNDLED WITH
28
- 2.1.4
26
+ 2.2.23
data/README.md CHANGED
@@ -42,9 +42,75 @@ adap = Adap.new({
42
42
  })
43
43
 
44
44
  # This operation will synchronize a user taro-suzuki to LDAP from AD
45
- adap.sync_user("taro-suzuki")
45
+ adap.sync_user("john", "secret")
46
46
  ```
47
47
 
48
+ ## Attributes to be synched by default
49
+ Attributes to be synched by default are like below.
50
+
51
+ | Name of attribute in AD | | Name of attribute in LDAP | Note |
52
+ | ----------------------- | ------- | ------------------------- | ---- |
53
+ | cn | → | cn | |
54
+ | sn | → | sn | |
55
+ | uid | → | uid | |
56
+ | uidNumber | → | uidNumber | |
57
+ | gidNumber | → | gidNumber | |
58
+ | displayName | → | displayName | |
59
+ | loginShell | → | loginShell | |
60
+ | gecos | → | gecos | |
61
+ | givenName | → | givenName | |
62
+ | description | → | description | |
63
+ | mail | → | mail | |
64
+ | businessCategory | → | businessCategory | |
65
+ | employeeType | → | employeeType | |
66
+ | employeeNumber | → | employeeNumber | |
67
+ | unixHomeDirectory | → | homeDirectory | Synched by different names of attributes between AD and LDAP |
68
+ | - | → | userPassword | Password of users also will be synched with some limitations |
69
+
70
+ Some attributes will be added as synched parameters if you add some options, for example options of phonetics.
71
+
72
+ ## Other options
73
+ ### Password hash algorithm
74
+ There are some supported password hash algorithms like `:md5(MD5)`, `:sha(SHA1)`, `:ssha(SSHA)`, `:virtual_crypt_sha256(virtualCryptSHA256)`, `:virtual_crypt_sha512(virtualCryptSHA512)`.
75
+ `:ssha(SSHA)` will be chosen if you didn't specify any method.
76
+
77
+ ```ruby
78
+ adap = Adap.new({
79
+ # Abbreviate other necessary attributes...
80
+ :password_hash_algorithm => :sha
81
+ })
82
+ ```
83
+
84
+ But please be careful, even if you choose any method, you will encounter some limitations.
85
+
86
+ * [You have to give plain password if you choose password hash algorithm as :md5, :sha or :ssha](https://github.com/TsutomuNakamura/adap/#you-have-to-give-plain-password-if-you-choose-password-hash-algorithm-as-md5-sha-or-ssha)
87
+ * [AD must allow CryptSHA256 or CryptSHA512 to store password and they have to be same as a storing method in LDAP if you chose password hash algorithm as :virtual_crypt_sha256 or :virtual_crypt_sha512](https://github.com/TsutomuNakamura/adap/#ad-must-allow-cryptsha256-or-cryptsha512-to-store-password-and-they-have-to-be-same-as-a-storing-method-in-ldap)
88
+
89
+ ### Phonetics
90
+ adap can sync phonetics from AD to LDAP if you specify attribute names.
91
+
92
+ ```ruby
93
+ adap = Adap.new({
94
+ # Abbreviate other necessary attributes...
95
+ :map_msds_phonetics => {
96
+ # This will sync the value of :'msds-phoneticdisplayname'(msDS-PhoneticDisplayName) in AD to the value of "displayname;lang-ja;phonetic" in LDAP
97
+ :'msds-phoneticdisplayname' => :'displayname;lang-ja;phonetic'
98
+ }
99
+ })
100
+ ```
101
+
102
+ All supported phonetics in AD are like below.
103
+
104
+ | Symbol | Name of attribute | General name of attribute in LDAP(ex:ja) |
105
+ | --------------------------- | ------------------------ | ---------------------------------------- |
106
+ | :'msds-phoneticcompanyname' | msDS-PhoneticCompanyName | companyName;lang-ja;phonetic |
107
+ | :'msds-phoneticdepartment' | msDS-PhoneticDepartment  | department;lang-ja;phonetic |
108
+ | :'msds-phoneticfirstname' | msDS-PhoneticFirstName   | firstname;lang-ja;phonetic |
109
+ | :'msds-phoneticlastname' | msDS-PhoneticLastName | lastname;lang-ja;phonetic |
110
+ | :'msds-phoneticdisplayname' | msDS-PhoneticDisplayName | displayname;lang-ja;phonetic |
111
+
112
+ Ofcourse, you can change the name of attributes that will be synced in LDAP(General name of attribute in LDAP) depends on your environment.
113
+
48
114
  ## Requirements and limitations
49
115
 
50
116
  This program has some requirements and limitations like below.
@@ -65,12 +131,27 @@ ldap server require strong auth = no
65
131
 
66
132
  This program will fail to get user data from AD if you did not allow this setting.
67
133
 
68
- ### AD must allow CryptSHA256 or CryptSHA512 to store password and they have to be same as a storing method in LDAP
134
+ ### You have to give a plain password of the user that will be synched if you choose password hash algorithm as :md5, :sha or :ssha
135
+ AD never be able to have passwords as :md5(MD5), :sha(SHA1) or :ssha(SSHA) that same as LDAP(OpenLDAP).
136
+ So this program can not sync user password from only parameters in AD to LDAP.
137
+ You have to pass the plain password to sync passwords to LDAP.
138
+
139
+ ```ruby
140
+ adap = Adap.new({
141
+ # Abbreviate other necessary attributes...
142
+ })
143
+
144
+ adap.sync_user("john", "secret") # You have to give a plain password as a second parameter of the sync_user().
145
+ ```
146
+
147
+ ### AD must allow CryptSHA256 or CryptSHA512 to store password and they have to be same as a storing method in LDAP if you choose password hash algorithm as :virtual_crypt_sha256 or :virtual_crypt_sha512
69
148
 
70
149
  AD must allow storing password as CryptSHA256 or CryptSHA512 by setting smb.conf like below.
71
150
 
72
151
  * your AD's smb.conf
73
152
  ```
153
+ [global]
154
+ # ......
74
155
  password hash userPassword schemes = CryptSHA256 CryptSHA512
75
156
  ```
76
157
 
@@ -103,7 +184,18 @@ olcPasswordCryptSaltFormat: $6$%.16s
103
184
  EOF
104
185
  ```
105
186
 
106
- ### This program must be located in AD server
187
+ After you have set them, you can sync a user and password between AD and LDAP like below.
188
+
189
+ ```ruby
190
+ adap = Adap.new({
191
+ # Abbreviate other necessary attributes...
192
+ :password_hash_algorithm => :virtual_crypt_sha512
193
+ })
194
+
195
+ adap.sync_user("john") # You don't have to give a plain password.
196
+ ```
197
+
198
+ ### This program must be located in AD server if you chose a password hash algorithm as :virtual_crypt_sha256 or :virtual_crypt_sha512
107
199
 
108
200
  This program must be located in AD server because samba-tool on AD only support getting hashed password only from `ldapi://` or `tdb://`.
109
201
 
@@ -117,6 +209,10 @@ After checking out the repo, run `bin/setup` to install dependencies. Then, run
117
209
 
118
210
  To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
119
211
 
212
+ ## Build
213
+
214
+ gem build adap.gemspec
215
+
120
216
  ## Contributing
121
217
 
122
218
  Bug reports and pull requests are welcome on GitHub at https://github.com/TsutomuNakamura/adap.
data/lib/adap/adap.rb CHANGED
@@ -24,9 +24,9 @@ class Adap
24
24
  }
25
25
 
26
26
  # List of attributes for user in AD
27
- @ad_user_required_attributes = [:cn, :sn, :uid, :uidnumber, :gidnumber, :displayname, :loginshell, :gecos, :givenname, :description, :mail, :unixhomedirectory]
27
+ @ad_user_required_attributes = [:cn, :sn, :uid, :uidnumber, :gidnumber, :displayname, :loginshell, :gecos, :givenname, :description, :mail, :employeenumber, :businesscategory, :employeetype, :unixhomedirectory]
28
28
  # List of attributes for user in LDAP
29
- @ldap_user_required_attributes = [:cn, :sn, :uid, :uidnumber, :gidnumber, :displayname, :loginshell, :gecos, :givenname, :description, :mail, :homedirectory]
29
+ @ldap_user_required_attributes = [:cn, :sn, :uid, :uidnumber, :gidnumber, :displayname, :loginshell, :gecos, :givenname, :description, :mail, :employeenumber, :businesscategory, :employeetype, :homedirectory]
30
30
 
31
31
  # List of supported hash algorithms keys and string values to operate
32
32
  @supported_hash_algorithms_map = {
@@ -36,6 +36,8 @@ class Adap
36
36
  :virtual_crypt_sha256 => "virtualCryptSHA256",
37
37
  :virtual_crypt_sha512 => "virtualCryptSHA512"
38
38
  }
39
+ # List of unsupported hash algorithms in AD but OpenLDAP support
40
+ @unsupported_hash_algorithms_in_ad = [:md5, :sha, :ssha]
39
41
 
40
42
  @ad_host = params[:ad_host]
41
43
  @ad_port = (params[:ad_port] ? params[:ad_port] : 389)
@@ -192,7 +194,12 @@ class Adap
192
194
  elsif ad_entry.nil? and !ldap_entry.nil? then
193
195
  ret = delete_user(ldap_dn)
194
196
  elsif !ad_entry.nil? and !ldap_entry.nil? then
195
- ret = modify_user(ldap_dn, ad_entry, ldap_entry, get_password_hash(uid, password))
197
+ ret = modify_user(
198
+ ldap_dn,
199
+ ad_entry,
200
+ ldap_entry,
201
+ ( password.nil? and (@unsupported_hash_algorithms_in_ad.include?(@password_hash_algorithm)) ) ? nil : get_password_hash(uid, password)
202
+ )
196
203
  else
197
204
  # ad_entry.nil? and ldap_entry.nil? then
198
205
  return {:code => 0, :operations => nil, :message => "There are not any data of #{uid} to sync."}
data/lib/adap/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module ModAdap
2
- VERSION = "0.1.0"
2
+ VERSION = "0.1.4"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: adap
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tsutomu Nakamura
8
- autorequire:
8
+ autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-08-01 00:00:00.000000000 Z
11
+ date: 2021-07-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -59,8 +59,8 @@ executables: []
59
59
  extensions: []
60
60
  extra_rdoc_files: []
61
61
  files:
62
+ - ".circleci/config.yml"
62
63
  - ".gitignore"
63
- - ".travis.yml"
64
64
  - Gemfile
65
65
  - Gemfile.lock
66
66
  - README.md
@@ -79,7 +79,7 @@ homepage: https://github.com/TsutomuNakamura/adap
79
79
  licenses: []
80
80
  metadata:
81
81
  homepage_uri: https://github.com/TsutomuNakamura/adap
82
- post_install_message:
82
+ post_install_message:
83
83
  rdoc_options: []
84
84
  require_paths:
85
85
  - lib
@@ -94,8 +94,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
94
94
  - !ruby/object:Gem::Version
95
95
  version: '0'
96
96
  requirements: []
97
- rubygems_version: 3.1.3
98
- signing_key:
97
+ rubygems_version: 3.1.2
98
+ signing_key:
99
99
  specification_version: 4
100
100
  summary: LDAP migration tool from AD to NT schema
101
101
  test_files: []
data/.travis.yml DELETED
@@ -1,7 +0,0 @@
1
- ---
2
- sudo: false
3
- language: ruby
4
- cache: bundler
5
- rvm:
6
- - 2.6.5
7
- before_install: gem install bundler -v 2.0.2