adap 0.1.0 → 0.1.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3158307760aaffe02f99a06d508783b569321759652824029bf91615cdfea9ea
-  data.tar.gz: 96bf2d0170c919e0a1946d5532c1d9e929dba0003548d6b091ba7d242d3238fd
+  metadata.gz: 9689b192170a4cc2976d36fad77d1e67a89a25090bbcf82eadec964e45ac6b60
+  data.tar.gz: 3d834f3d62e8a641cceb49f353d898cbdde4edaac3550f01aeebf9bdd2239383
 SHA512:
-  metadata.gz: b22800cef66237c05002282ee1b63cc2e6070d151ef899ed67af75a4069b994aeb2f11987b13ff2882864b237fccc8dca9274dba0a35fa25b8da897618dc998e
-  data.tar.gz: fd5bbdb231aa7c046335c8849af2898c30dd0e564a6b82faab86a4a63a77c8ebd2bd63611c28c8fe5c7ea70bcbad35019ec843497ef54f187051f1034cf2c775
+  metadata.gz: bb859c3aca6dd3c262233c2760de8ed11e8efef924e71aeb1a61bbea48766037853fd2ec490345925864a5bdb2927749fec8d399e1a550bcc0364d125ddc19ab
+  data.tar.gz: d7b266e66cb56c92666eb4d65766c2ce80cf312f99a9da8de4e404ad1df1eceaae31ed0822db5c0fa64b1216f2d33613156a1eb4f29e60dd426a3f9b644f9070

data/.circleci/config.yml

@@ -0,0 +1,16 @@
+version: 2.1
+orbs:
+  ruby: circleci/ruby@0.1.2 
+
+jobs:
+  build:
+    docker:
+      - image: ruby:2.7
+    executor: ruby/default
+    steps:
+      - checkout
+      - run: bundle check || bundle install
+      - run:
+          command: bundle exec rake test
+          when: always
+

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    adap (0.0.16)
+    adap (0.1.3)
 
 GEM
   remote: https://rubygems.org/
@@ -9,7 +9,6 @@ GEM
     minitest (5.14.0)
     mocha (1.11.2)
     net-ldap (0.16.2)
-    rake (13.0.1)
     unix-crypt (1.3.0)
 
 PLATFORMS
@@ -21,8 +20,7 @@ DEPENDENCIES
   minitest (~> 5.0)
   mocha (~> 1.10)
   net-ldap (~> 0.16.2)
-  rake (~> 13.0)
   unix-crypt (~> 1.3)
 
 BUNDLED WITH
-   2.1.4
+   2.2.23

data/README.md

@@ -42,9 +42,75 @@ adap = Adap.new({
 })
 
 # This operation will synchronize a user taro-suzuki to LDAP from AD
-adap.sync_user("taro-suzuki")
+adap.sync_user("john", "secret")
 ```
 
+## Attributes to be synched by default
+Attributes to be synched by default are like below.
+
+| Name of attribute in AD |         | Name of attribute in LDAP | Note |
+| ----------------------- | ------- | ------------------------- | ---- |
+| cn                      | → | cn                        |      |
+| sn                      | → | sn                        |      |
+| uid                     | → | uid                       |      |
+| uidNumber               | → | uidNumber                 |      |
+| gidNumber               | → | gidNumber                 |      |
+| displayName             | → | displayName               |      |
+| loginShell              | → | loginShell                |      |
+| gecos                   | → | gecos                     |      |
+| givenName               | → | givenName                 |      |
+| description             | → | description               |      |
+| mail                    | → | mail                      |      |
+| businessCategory        | → | businessCategory          |      |
+| employeeType            | → | employeeType              |      |
+| employeeNumber          | → | employeeNumber            |      |
+| unixHomeDirectory       | → | homeDirectory             | Synched by different names of attributes between AD and LDAP |
+| -                       | → | userPassword              | Password of users also will be synched with some limitations |
+
+Some attributes will be added as synched parameters if you add some options, for example options of phonetics.
+
+## Other options
+### Password hash algorithm
+There are some supported password hash algorithms like `:md5(MD5)`, `:sha(SHA1)`, `:ssha(SSHA)`, `:virtual_crypt_sha256(virtualCryptSHA256)`, `:virtual_crypt_sha512(virtualCryptSHA512)`.
+`:ssha(SSHA)` will be chosen if you didn't specify any method.
+
+```ruby
+adap = Adap.new({
+  # Abbreviate other necessary attributes...
+  :password_hash_algorithm => :sha
+})
+```
+
+But please be careful, even if you choose any method, you will encounter some limitations.
+
+* [You have to give plain password if you choose password hash algorithm as :md5, :sha or :ssha](https://github.com/TsutomuNakamura/adap/#you-have-to-give-plain-password-if-you-choose-password-hash-algorithm-as-md5-sha-or-ssha)
+* [AD must allow CryptSHA256 or CryptSHA512 to store password and they have to be same as a storing method in LDAP if you chose password hash algorithm as :virtual_crypt_sha256 or :virtual_crypt_sha512](https://github.com/TsutomuNakamura/adap/#ad-must-allow-cryptsha256-or-cryptsha512-to-store-password-and-they-have-to-be-same-as-a-storing-method-in-ldap)
+
+### Phonetics
+adap can sync phonetics from AD to LDAP if you specify attribute names.
+
+```ruby
+adap = Adap.new({
+  # Abbreviate other necessary attributes...
+  :map_msds_phonetics => {
+    # This will sync the value of :'msds-phoneticdisplayname'(msDS-PhoneticDisplayName) in AD to the value of "displayname;lang-ja;phonetic" in LDAP
+    :'msds-phoneticdisplayname' => :'displayname;lang-ja;phonetic'
+  }
+})
+```
+
+All supported phonetics in AD are like below.
+
+| Symbol                      | Name of attribute        | General name of attribute in LDAP(ex:ja) |
+| --------------------------- | ------------------------ | ---------------------------------------- |
+| :'msds-phoneticcompanyname' | msDS-PhoneticCompanyName | companyName;lang-ja;phonetic             |
+| :'msds-phoneticdepartment'  | msDS-PhoneticDepartment  | department;lang-ja;phonetic              |
+| :'msds-phoneticfirstname'   | msDS-PhoneticFirstName   | firstname;lang-ja;phonetic               |
+| :'msds-phoneticlastname'    | msDS-PhoneticLastName    | lastname;lang-ja;phonetic                |
+| :'msds-phoneticdisplayname' | msDS-PhoneticDisplayName | displayname;lang-ja;phonetic             |
+
+Ofcourse, you can change the name of attributes that will be synced in LDAP(General name of attribute in LDAP) depends on your environment.
+
 ## Requirements and limitations
 
 This program has some requirements and limitations like below.
@@ -65,12 +131,27 @@ ldap server require strong auth = no
 
 This program will fail to get user data from AD if you did not allow this setting.
 
-### AD must allow CryptSHA256 or CryptSHA512 to store password and they have to be same as a storing method in LDAP
+### You have to give a plain password of the user that will be synched if you choose password hash algorithm as :md5, :sha or :ssha
+AD never be able to have passwords as :md5(MD5), :sha(SHA1) or :ssha(SSHA) that same as LDAP(OpenLDAP).
+So this program can not sync user password from only parameters in AD to LDAP.
+You have to pass the plain password to sync passwords to LDAP.
+
+```ruby
+adap = Adap.new({
+  # Abbreviate other necessary attributes...
+})
+
+adap.sync_user("john", "secret")    # You have to give a plain password as a second parameter of the sync_user().
+```
+
+### AD must allow CryptSHA256 or CryptSHA512 to store password and they have to be same as a storing method in LDAP if you choose password hash algorithm as :virtual_crypt_sha256 or :virtual_crypt_sha512
 
 AD must allow storing password as CryptSHA256 or CryptSHA512 by setting smb.conf like below.
 
 * your AD's smb.conf
 ```
+[global]
+    # ......
     password hash userPassword schemes = CryptSHA256 CryptSHA512
 ```
 
@@ -103,7 +184,18 @@ olcPasswordCryptSaltFormat: $6$%.16s
 EOF
 ```
 
-### This program must be located in AD server
+After you have set them, you can sync a user and password between AD and LDAP like below.
+
+```ruby
+adap = Adap.new({
+  # Abbreviate other necessary attributes...
+  :password_hash_algorithm => :virtual_crypt_sha512
+})
+
+adap.sync_user("john")    # You don't have to give a plain password.
+```
+
+### This program must be located in AD server if you chose a password hash algorithm as :virtual_crypt_sha256 or :virtual_crypt_sha512
 
 This program must be located in AD server because samba-tool on AD only support getting hashed password only from `ldapi://` or `tdb://`.
 
@@ -117,6 +209,10 @@ After checking out the repo, run `bin/setup` to install dependencies. Then, run
 
 To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
 
+## Build
+
+gem build adap.gemspec
+
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/TsutomuNakamura/adap.

data/lib/adap/adap.rb

@@ -24,9 +24,9 @@ class Adap
     }
 
     # List of attributes for user in AD
-    @ad_user_required_attributes   = [:cn, :sn, :uid, :uidnumber, :gidnumber, :displayname, :loginshell, :gecos, :givenname, :description, :mail, :unixhomedirectory]
+    @ad_user_required_attributes   = [:cn, :sn, :uid, :uidnumber, :gidnumber, :displayname, :loginshell, :gecos, :givenname, :description, :mail, :employeenumber, :businesscategory, :employeetype, :unixhomedirectory]
     # List of attributes for user in LDAP
-    @ldap_user_required_attributes = [:cn, :sn, :uid, :uidnumber, :gidnumber, :displayname, :loginshell, :gecos, :givenname, :description, :mail, :homedirectory]
+    @ldap_user_required_attributes = [:cn, :sn, :uid, :uidnumber, :gidnumber, :displayname, :loginshell, :gecos, :givenname, :description, :mail, :employeenumber, :businesscategory, :employeetype, :homedirectory]
 
     # List of supported hash algorithms keys and string values to operate
     @supported_hash_algorithms_map = {
@@ -36,6 +36,8 @@ class Adap
       :virtual_crypt_sha256 => "virtualCryptSHA256",
       :virtual_crypt_sha512 => "virtualCryptSHA512"
     }
+    # List of unsupported hash algorithms in AD but OpenLDAP support
+    @unsupported_hash_algorithms_in_ad = [:md5, :sha, :ssha]
 
     @ad_host                  = params[:ad_host]
     @ad_port                  = (params[:ad_port] ? params[:ad_port] : 389)
@@ -192,7 +194,12 @@ class Adap
     elsif ad_entry.nil? and !ldap_entry.nil? then
       ret = delete_user(ldap_dn)
     elsif !ad_entry.nil? and !ldap_entry.nil? then
-      ret = modify_user(ldap_dn, ad_entry, ldap_entry, get_password_hash(uid, password))
+      ret = modify_user(
+        ldap_dn,
+        ad_entry,
+        ldap_entry,
+        ( password.nil? and (@unsupported_hash_algorithms_in_ad.include?(@password_hash_algorithm)) ) ? nil : get_password_hash(uid, password)
+      )
     else
       # ad_entry.nil? and ldap_entry.nil? then
       return {:code => 0, :operations => nil, :message => "There are not any data of #{uid} to sync."}

data/lib/adap/version.rb

@@ -1,3 +1,3 @@
 module ModAdap
-  VERSION = "0.1.0"
+  VERSION = "0.1.4"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: adap
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.4
 platform: ruby
 authors:
 - Tsutomu Nakamura
-autorequire:
+autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-08-01 00:00:00.000000000 Z
+date: 2021-07-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -59,8 +59,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".circleci/config.yml"
 - ".gitignore"
-- ".travis.yml"
 - Gemfile
 - Gemfile.lock
 - README.md
@@ -79,7 +79,7 @@ homepage: https://github.com/TsutomuNakamura/adap
 licenses: []
 metadata:
   homepage_uri: https://github.com/TsutomuNakamura/adap
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -94,8 +94,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.3
-signing_key:
+rubygems_version: 3.1.2
+signing_key: 
 specification_version: 4
 summary: LDAP migration tool from AD to NT schema
 test_files: []

data/.travis.yml

@@ -1,7 +0,0 @@
----
-sudo: false
-language: ruby
-cache: bundler
-rvm:
-  - 2.6.5
-before_install: gem install bundler -v 2.0.2