adap 0.1.3 → 0.1.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ruby.yml +66 -0
- data/Gemfile +10 -5
- data/Gemfile.lock +15 -17
- data/README.md +2 -0
- data/lib/adap/adap.rb +39 -31
- data/lib/adap/version.rb +1 -1
- metadata +4 -5
- data/.circleci/config.yml +0 -16
- data/.travis.yml +0 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6062f55568a4d2f91e7ede91b7419827b7767033adcbf264d8d8cbd64e8533f2
|
|
4
|
+
data.tar.gz: 47ae89751e819d81ed42bcb13dcbd967221ba45cf62c9e0d7aa77bfcbff48c03
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ce373202bef4eff421528e8de4dcc56d19960834c31573f9d8d04db3f070d86f31bcdd5892c6081edbd5733fc4ee9ca4087e04aa99132201f885e5f443d89543
|
|
7
|
+
data.tar.gz: f07477a60bced73b4a28e9d9b5e65f42043f781a92300bad8f5820d10d134bdbd6a19c390d00dc9b43f2b1ef07e289723331a648a4b6367d0036107fd27c61d3
|
|
@@ -0,0 +1,66 @@
|
|
|
1
|
+
# This workflow uses actions that are not certified by GitHub.
|
|
2
|
+
# They are provided by a third-party and are governed by
|
|
3
|
+
# separate terms of service, privacy policy, and support
|
|
4
|
+
# documentation.
|
|
5
|
+
# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
|
|
6
|
+
# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
|
|
7
|
+
|
|
8
|
+
name: Ruby
|
|
9
|
+
|
|
10
|
+
on:
|
|
11
|
+
push:
|
|
12
|
+
tags: ["v*"]
|
|
13
|
+
branches: [ "master", "develop" ]
|
|
14
|
+
pull_request:
|
|
15
|
+
branches: [ "master" ]
|
|
16
|
+
|
|
17
|
+
permissions:
|
|
18
|
+
contents: read
|
|
19
|
+
|
|
20
|
+
jobs:
|
|
21
|
+
test:
|
|
22
|
+
|
|
23
|
+
strategy:
|
|
24
|
+
fail-fast: false
|
|
25
|
+
matrix:
|
|
26
|
+
#os: [ubuntu-latest]
|
|
27
|
+
os: [ubuntu-24.04]
|
|
28
|
+
# Due to https://github.com/actions/runner/issues/849, we have to use quotes for '3.0'
|
|
29
|
+
ruby: ['3.3']
|
|
30
|
+
runs-on: ${{ matrix.os }}
|
|
31
|
+
|
|
32
|
+
steps:
|
|
33
|
+
- name: Print variables that will be used
|
|
34
|
+
run: |
|
|
35
|
+
# You can list GitHub Actionses variables with a command below.
|
|
36
|
+
# $ grep -oP '\$\{\{.*?\}\}' .github/workflows/docker-image.yml | sort | uniq
|
|
37
|
+
echo env.dest_repository_name=${{ env.dest_repository_name }}
|
|
38
|
+
echo env.dest_repository_owner_name=${{ env.dest_repository_owner_name }}
|
|
39
|
+
echo github.event.repository.name=${{ github.event.repository.name }}
|
|
40
|
+
echo github.event.repository.owner.name=${{ github.event.repository.owner.name }}
|
|
41
|
+
|
|
42
|
+
- name: Check out ${{ github.event.repository.owner.name }}/${{ github.event.repository.name }}
|
|
43
|
+
uses: actions/checkout@v4
|
|
44
|
+
with:
|
|
45
|
+
path: ${{ github.event.repository.name }}
|
|
46
|
+
|
|
47
|
+
- name: Set up Ruby
|
|
48
|
+
# To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
|
|
49
|
+
# change this to (see https://github.com/ruby/setup-ruby#versioning):
|
|
50
|
+
uses: ruby/setup-ruby@v1
|
|
51
|
+
#uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0
|
|
52
|
+
with:
|
|
53
|
+
ruby-version: ${{ matrix.ruby }}
|
|
54
|
+
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
|
|
55
|
+
|
|
56
|
+
- name: Run tests
|
|
57
|
+
run: |
|
|
58
|
+
cd ${GITHUB_WORKSPACE}/${{ github.event.repository.name }}
|
|
59
|
+
bundle install --retry 3
|
|
60
|
+
bundle exec rake
|
|
61
|
+
|
|
62
|
+
- name: Push to rubygems.org
|
|
63
|
+
if: startsWith(github.ref, 'refs/tags/v')
|
|
64
|
+
run: |
|
|
65
|
+
echo "DEMO: Push to rubygems.org"
|
|
66
|
+
|
data/Gemfile
CHANGED
|
@@ -1,12 +1,17 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
source "https://rubygems.org"
|
|
2
4
|
|
|
3
|
-
#
|
|
4
|
-
gemspec
|
|
5
|
+
# gem "rails"
|
|
5
6
|
|
|
6
7
|
gem "unix-crypt", "~> 1.3"
|
|
7
8
|
|
|
8
|
-
gem "net-ldap", "~> 0.
|
|
9
|
+
gem "net-ldap", "~> 0.19.0"
|
|
10
|
+
|
|
11
|
+
gem "mocha", "~> 2.7"
|
|
12
|
+
|
|
13
|
+
gem "rake", "~> 13.2"
|
|
9
14
|
|
|
10
|
-
gem "
|
|
15
|
+
gem "base64", "~> 0.2.0"
|
|
11
16
|
|
|
12
|
-
gem "
|
|
17
|
+
gem "minitest", "~> 5.25"
|
data/Gemfile.lock
CHANGED
|
@@ -1,28 +1,26 @@
|
|
|
1
|
-
PATH
|
|
2
|
-
remote: .
|
|
3
|
-
specs:
|
|
4
|
-
adap (0.0.16)
|
|
5
|
-
|
|
6
1
|
GEM
|
|
7
2
|
remote: https://rubygems.org/
|
|
8
3
|
specs:
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
4
|
+
base64 (0.2.0)
|
|
5
|
+
minitest (5.25.4)
|
|
6
|
+
mocha (2.7.1)
|
|
7
|
+
ruby2_keywords (>= 0.0.5)
|
|
8
|
+
net-ldap (0.19.0)
|
|
9
|
+
rake (13.2.1)
|
|
10
|
+
ruby2_keywords (0.0.5)
|
|
11
|
+
unix-crypt (1.3.1)
|
|
14
12
|
|
|
15
13
|
PLATFORMS
|
|
16
14
|
ruby
|
|
15
|
+
x86_64-linux
|
|
17
16
|
|
|
18
17
|
DEPENDENCIES
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
rake (~> 13.0)
|
|
18
|
+
base64 (~> 0.2.0)
|
|
19
|
+
minitest (~> 5.25)
|
|
20
|
+
mocha (~> 2.7)
|
|
21
|
+
net-ldap (~> 0.19.0)
|
|
22
|
+
rake (~> 13.2)
|
|
25
23
|
unix-crypt (~> 1.3)
|
|
26
24
|
|
|
27
25
|
BUNDLED WITH
|
|
28
|
-
2.
|
|
26
|
+
2.5.22
|
data/README.md
CHANGED
|
@@ -61,6 +61,8 @@ Attributes to be synched by default are like below.
|
|
|
61
61
|
| givenName | → | givenName | |
|
|
62
62
|
| description | → | description | |
|
|
63
63
|
| mail | → | mail | |
|
|
64
|
+
| businessCategory | → | businessCategory | |
|
|
65
|
+
| employeeType | → | employeeType | |
|
|
64
66
|
| employeeNumber | → | employeeNumber | |
|
|
65
67
|
| unixHomeDirectory | → | homeDirectory | Synched by different names of attributes between AD and LDAP |
|
|
66
68
|
| - | → | userPassword | Password of users also will be synched with some limitations |
|
data/lib/adap/adap.rb
CHANGED
|
@@ -19,14 +19,14 @@ class Adap
|
|
|
19
19
|
def initialize(params)
|
|
20
20
|
raise "Initialize Adap was failed. params must not be nil" if params == nil
|
|
21
21
|
|
|
22
|
-
[:ad_host, :ad_binddn, :
|
|
23
|
-
raise 'Adap requires keys in params ":ad_host", ":ad_binddn", ":
|
|
22
|
+
[:ad_host, :ad_binddn, :ad_user_basedn, :ad_group_basedn, :ldap_host, :ldap_binddn, :ldap_user_basedn, :ldap_group_basedn].each { |k|
|
|
23
|
+
raise 'Adap requires keys in params ":ad_host", ":ad_binddn", ":ad_user_basedn", ":ad_group_basedn", ":ldap_host", ":ldap_binddn", ":ldap_user_basedn", ":ldap_group_basedn"' if !params.key?(k)
|
|
24
24
|
}
|
|
25
25
|
|
|
26
26
|
# List of attributes for user in AD
|
|
27
|
-
@ad_user_required_attributes = [:cn, :sn, :uid, :uidnumber, :gidnumber, :displayname, :loginshell, :gecos, :givenname, :description, :mail, :employeenumber, :businesscategory, :
|
|
27
|
+
@ad_user_required_attributes = [:cn, :sn, :uid, :uidnumber, :gidnumber, :displayname, :loginshell, :gecos, :givenname, :description, :mail, :employeenumber, :businesscategory, :employeetype, :unixhomedirectory]
|
|
28
28
|
# List of attributes for user in LDAP
|
|
29
|
-
@ldap_user_required_attributes = [:cn, :sn, :uid, :uidnumber, :gidnumber, :displayname, :loginshell, :gecos, :givenname, :description, :mail, :employeenumber, :businesscategory, :
|
|
29
|
+
@ldap_user_required_attributes = [:cn, :sn, :uid, :uidnumber, :gidnumber, :displayname, :loginshell, :gecos, :givenname, :description, :mail, :employeenumber, :businesscategory, :employeetype, :homedirectory]
|
|
30
30
|
|
|
31
31
|
# List of supported hash algorithms keys and string values to operate
|
|
32
32
|
@supported_hash_algorithms_map = {
|
|
@@ -42,14 +42,15 @@ class Adap
|
|
|
42
42
|
@ad_host = params[:ad_host]
|
|
43
43
|
@ad_port = (params[:ad_port] ? params[:ad_port] : 389)
|
|
44
44
|
@ad_binddn = params[:ad_binddn]
|
|
45
|
-
@
|
|
45
|
+
@ad_user_basedn = params[:ad_user_basedn]
|
|
46
|
+
@ad_group_basedn = params[:ad_group_basedn]
|
|
46
47
|
@ad_auth = (params.has_key?(:ad_password) ? { :method => :simple, :username => @ad_binddn, :password => params[:ad_password] } : nil)
|
|
47
48
|
@ldap_host = params[:ldap_host]
|
|
48
49
|
@ldap_port = (params[:ldap_port] ? params[:ldap_port] : 389)
|
|
49
50
|
@ldap_binddn = params[:ldap_binddn]
|
|
50
|
-
@ldap_suffix_ou = (params[:ldap_suffix_ou] ? params[:ldap_suffix_ou] : "ou=Users")
|
|
51
51
|
@ldap_basedn = params[:ldap_basedn]
|
|
52
52
|
@ldap_user_basedn = params[:ldap_user_basedn]
|
|
53
|
+
@ldap_group_basedn = params[:ldap_group_basedn]
|
|
53
54
|
@ldap_auth = (params.has_key?(:ldap_password) ? { :method => :simple, :username => @ldap_binddn, :password => params[:ldap_password] } : nil )
|
|
54
55
|
|
|
55
56
|
# A password-hash algorithm to sync to the LDAP.
|
|
@@ -99,12 +100,12 @@ class Adap
|
|
|
99
100
|
Net::LDAP.new(:host => ldap_host, :port => ldap_port, :auth => ldap_auth)
|
|
100
101
|
end
|
|
101
102
|
|
|
102
|
-
def
|
|
103
|
-
"CN=#{username}
|
|
103
|
+
def get_ad_user_dn(username)
|
|
104
|
+
"CN=#{username},#{@ad_user_basedn}"
|
|
104
105
|
end
|
|
105
106
|
|
|
106
|
-
def
|
|
107
|
-
"uid=#{username},#{@
|
|
107
|
+
def get_ldap_user_dn(username)
|
|
108
|
+
"uid=#{username},#{@ldap_user_basedn}"
|
|
108
109
|
end
|
|
109
110
|
|
|
110
111
|
def create_ldap_attributes(ad_entry)
|
|
@@ -159,13 +160,13 @@ class Adap
|
|
|
159
160
|
end
|
|
160
161
|
|
|
161
162
|
def sync_user(uid, password=nil)
|
|
162
|
-
ad_entry
|
|
163
|
-
ldap_entry
|
|
164
|
-
|
|
165
|
-
|
|
163
|
+
ad_entry = nil
|
|
164
|
+
ldap_entry = nil
|
|
165
|
+
ad_user_dn = get_ad_user_dn(uid)
|
|
166
|
+
ldap_user_dn = get_ldap_user_dn(uid)
|
|
166
167
|
|
|
167
168
|
# dn: CN=user-name,CN=Users,DC=mysite,DC=example,DC=com
|
|
168
|
-
@ad_client.search(:base =>
|
|
169
|
+
@ad_client.search(:base => ad_user_dn) do |entry|
|
|
169
170
|
ad_entry = entry
|
|
170
171
|
end
|
|
171
172
|
ret_code = @ad_client.get_operation_result.code
|
|
@@ -174,10 +175,10 @@ class Adap
|
|
|
174
175
|
return {
|
|
175
176
|
:code => ret_code,
|
|
176
177
|
:operations => nil,
|
|
177
|
-
:message => "Failed to get a user #{
|
|
178
|
+
:message => "Failed to get a user #{ad_user_dn} from AD - " + @ad_client.get_operation_result.error_message
|
|
178
179
|
} if ret_code != 0 && ret_code != 32
|
|
179
180
|
|
|
180
|
-
@ldap_client.search(:base =>
|
|
181
|
+
@ldap_client.search(:base => ldap_user_dn) do |entry|
|
|
181
182
|
ldap_entry = entry
|
|
182
183
|
end
|
|
183
184
|
ret_code = @ldap_client.get_operation_result.code
|
|
@@ -185,17 +186,17 @@ class Adap
|
|
|
185
186
|
return {
|
|
186
187
|
:code => ret_code,
|
|
187
188
|
:operations => nil,
|
|
188
|
-
:message => "Failed to get a user #{
|
|
189
|
+
:message => "Failed to get a user #{ldap_user_dn} from LDAP - " + @ldap_client.get_operation_result.error_message
|
|
189
190
|
} if ret_code != 0 && ret_code != 32
|
|
190
191
|
|
|
191
192
|
ret = nil
|
|
192
193
|
if !ad_entry.nil? and ldap_entry.nil? then
|
|
193
|
-
ret = add_user(
|
|
194
|
+
ret = add_user(ldap_user_dn, ad_entry, get_password_hash(uid, password))
|
|
194
195
|
elsif ad_entry.nil? and !ldap_entry.nil? then
|
|
195
|
-
ret = delete_user(
|
|
196
|
+
ret = delete_user(ldap_user_dn)
|
|
196
197
|
elsif !ad_entry.nil? and !ldap_entry.nil? then
|
|
197
198
|
ret = modify_user(
|
|
198
|
-
|
|
199
|
+
ldap_user_dn,
|
|
199
200
|
ad_entry,
|
|
200
201
|
ldap_entry,
|
|
201
202
|
( password.nil? and (@unsupported_hash_algorithms_in_ad.include?(@password_hash_algorithm)) ) ? nil : get_password_hash(uid, password)
|
|
@@ -341,21 +342,28 @@ class Adap
|
|
|
341
342
|
# Creating AD ldapsearch filter
|
|
342
343
|
|
|
343
344
|
ad_filter = if primary_gid_number == nil then
|
|
345
|
+
# TODO: Searching with filter `objectCategory=CN=Group,CN=Schema,CN=Configuration,#{@ad_basedn}` is more accureate.
|
|
346
|
+
#Net::LDAP::Filter.construct(
|
|
347
|
+
# "(&(objectCategory=CN=Group,CN=Schema,CN=Configuration,#{@ad_basedn})(member=CN=#{uid},CN=Users,#{@ad_basedn}))")
|
|
348
|
+
|
|
344
349
|
Net::LDAP::Filter.construct(
|
|
345
|
-
"(&(
|
|
350
|
+
"(&(objectClass=group)(member=CN=#{uid},#{@ad_user_basedn}))")
|
|
346
351
|
else
|
|
352
|
+
# TODO: Searching with filter `objectCategory=CN=Group,CN=Schema,CN=Configuration,#{@ad_basedn}` is more accureate.
|
|
353
|
+
#Net::LDAP::Filter.construct(
|
|
354
|
+
# "(&(objectCategory=CN=Group,CN=Schema,CN=Configuration,#{@ad_basedn})(|(member=CN=#{uid},CN=Users,#{@ad_basedn})(gidNumber=#{primary_gid_number})))")
|
|
355
|
+
|
|
347
356
|
Net::LDAP::Filter.construct(
|
|
348
|
-
"(&(
|
|
357
|
+
"(&(objectClass=group)(|(member=CN=#{uid},#{@ad_user_basedn})(gidNumber=#{primary_gid_number})))")
|
|
349
358
|
end
|
|
350
359
|
|
|
351
360
|
# Get groups from AD
|
|
352
361
|
# entry = {
|
|
353
362
|
# :gidnumber => xxx,
|
|
354
363
|
# }
|
|
355
|
-
|
|
356
|
-
|
|
357
|
-
ad_group_map[entry[:
|
|
358
|
-
#ad_group_map[entry[:name]] = nil
|
|
364
|
+
@ad_client.search(:base => @ad_group_basedn, :filter => ad_filter, :attributes => [:cn, :gidnumber]) do |entry|
|
|
365
|
+
ad_group_map[entry[:cn].first] = {:gidnumber => entry[:gidnumber]}
|
|
366
|
+
#ad_group_map[entry[:cn]] = nil
|
|
359
367
|
end
|
|
360
368
|
ret_code = @ad_client.get_operation_result.code
|
|
361
369
|
|
|
@@ -369,8 +377,8 @@ class Adap
|
|
|
369
377
|
ldap_filter = Net::LDAP::Filter.construct("(memberUid=#{uid})")
|
|
370
378
|
|
|
371
379
|
# Get groups from LDAP
|
|
372
|
-
@ldap_client.search(:base =>
|
|
373
|
-
# gidnumber is not necessary for LDAP entry
|
|
380
|
+
@ldap_client.search(:base => @ldap_group_basedn, :filter => ldap_filter, :attributes => [:cn]) do |entry|
|
|
381
|
+
# Capture common name of groups. gidnumber is not necessary for LDAP entry
|
|
374
382
|
ldap_group_map[entry[:cn].first] = nil
|
|
375
383
|
end
|
|
376
384
|
ret_code = @ldap_client.get_operation_result.code
|
|
@@ -408,7 +416,7 @@ class Adap
|
|
|
408
416
|
operation_pool = {}
|
|
409
417
|
|
|
410
418
|
ad_group_map.each_key do |key|
|
|
411
|
-
dn = "cn=#{key}
|
|
419
|
+
dn = "cn=#{key},#{@ldap_group_basedn}"
|
|
412
420
|
# Convert AD entries to LDAP entries to create operation to update LDAP data.
|
|
413
421
|
operation_pool[dn] = {
|
|
414
422
|
:cn => key,
|
|
@@ -418,7 +426,7 @@ class Adap
|
|
|
418
426
|
end
|
|
419
427
|
|
|
420
428
|
ldap_group_map.each_key do |key|
|
|
421
|
-
operation_pool["cn=#{key}
|
|
429
|
+
operation_pool["cn=#{key},#{@ldap_group_basedn}"] = {
|
|
422
430
|
# :cn and :gidnumber are not necessary
|
|
423
431
|
:operations => [[:delete, :memberuid, uid]]
|
|
424
432
|
} if !ad_group_map.has_key?(key)
|
data/lib/adap/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: adap
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tsutomu Nakamura
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2025-01-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -59,9 +59,8 @@ executables: []
|
|
|
59
59
|
extensions: []
|
|
60
60
|
extra_rdoc_files: []
|
|
61
61
|
files:
|
|
62
|
-
- ".
|
|
62
|
+
- ".github/workflows/ruby.yml"
|
|
63
63
|
- ".gitignore"
|
|
64
|
-
- ".travis.yml"
|
|
65
64
|
- Gemfile
|
|
66
65
|
- Gemfile.lock
|
|
67
66
|
- README.md
|
|
@@ -95,7 +94,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
95
94
|
- !ruby/object:Gem::Version
|
|
96
95
|
version: '0'
|
|
97
96
|
requirements: []
|
|
98
|
-
rubygems_version: 3.
|
|
97
|
+
rubygems_version: 3.5.22
|
|
99
98
|
signing_key:
|
|
100
99
|
specification_version: 4
|
|
101
100
|
summary: LDAP migration tool from AD to NT schema
|
data/.circleci/config.yml
DELETED
|
@@ -1,16 +0,0 @@
|
|
|
1
|
-
version: 2.1
|
|
2
|
-
orbs:
|
|
3
|
-
ruby: circleci/ruby@0.1.2
|
|
4
|
-
|
|
5
|
-
jobs:
|
|
6
|
-
build:
|
|
7
|
-
docker:
|
|
8
|
-
- image: ruby:2.7
|
|
9
|
-
executor: ruby/default
|
|
10
|
-
steps:
|
|
11
|
-
- checkout
|
|
12
|
-
- run: bundle check || bundle install
|
|
13
|
-
- run:
|
|
14
|
-
command: bundle exec rake test
|
|
15
|
-
when: always
|
|
16
|
-
|