adap 0.0.10 → 0.0.12
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/adap/adap.rb +143 -39
- data/lib/adap/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ee6e3514fa3c73373536ae3998baa47a70c1a2e528274d7a0b78f49a6a24188d
|
4
|
+
data.tar.gz: 226aed513502e093d6b53bbe3e959ce56b123ac5292643e0497a45d50556694d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 55950748cc4a1c3fb4fd2c6cea48a432760808b26e42773937beb6786771842c433f2e9f62b5923bc529acc35a98eb1d17c8df5a5ab7ef92a330f9045114f404
|
7
|
+
data.tar.gz: d3254d935e294f91dd803ba4128cdec7e29d0e9fe34cee6dfaaf9895ec819a7b2299d7def2ac23e102bf4fa4850aedefd636e9e63a87fba9d4c9b0c008133b1e
|
data/lib/adap/adap.rb
CHANGED
@@ -210,7 +210,7 @@ class Adap
|
|
210
210
|
|
211
211
|
ad_entry.each do |key, value|
|
212
212
|
ad_key_sym = key.downcase.to_sym
|
213
|
-
ldap_key = (key !=
|
213
|
+
ldap_key = (key != :unixhomedirectory ? key : :homedirectory)
|
214
214
|
ldap_key_sym = ldap_key.downcase.to_sym
|
215
215
|
|
216
216
|
if USER_REQUIRED_ATTRIBUTES.include?(ad_key_sym)
|
@@ -221,7 +221,7 @@ class Adap
|
|
221
221
|
|
222
222
|
ldap_entry.each do |key, value|
|
223
223
|
ldap_key_sym = key.downcase.to_sym
|
224
|
-
ad_key = (key !=
|
224
|
+
ad_key = (key != :homedirectory ? key : :unixhomedirectory)
|
225
225
|
|
226
226
|
if USER_REQUIRED_ATTRIBUTES.include?(ldap_key_sym)
|
227
227
|
operations.push([:delete, ldap_key_sym, nil]) if ad_entry[ad_key] == nil
|
@@ -248,23 +248,28 @@ class Adap
|
|
248
248
|
return {:code => ret_code, :operations => [:delete_user], :message => nil}
|
249
249
|
end
|
250
250
|
|
251
|
-
def sync_group_of_user(uid,
|
251
|
+
def sync_group_of_user(uid, primary_gid_number)
|
252
252
|
ad_group_map = {}
|
253
253
|
ldap_group_map = {}
|
254
254
|
|
255
255
|
# Creating AD ldapsearch filter
|
256
256
|
|
257
|
-
ad_filter = if
|
257
|
+
ad_filter = if primary_gid_number == nil then
|
258
258
|
Net::LDAP::Filter.construct(
|
259
259
|
"(&(objectCategory=CN=Group,CN=Schema,CN=Configuration,#{@ad_basedn})(member=CN=#{uid},CN=Users,#{@ad_basedn}))")
|
260
260
|
else
|
261
261
|
Net::LDAP::Filter.construct(
|
262
|
-
"(&(objectCategory=CN=Group,CN=Schema,CN=Configuration,#{@ad_basedn})(|(member=CN=#{uid},CN=Users,#{@ad_basedn})(gidNumber=#{
|
262
|
+
"(&(objectCategory=CN=Group,CN=Schema,CN=Configuration,#{@ad_basedn})(|(member=CN=#{uid},CN=Users,#{@ad_basedn})(gidNumber=#{primary_gid_number})))")
|
263
263
|
end
|
264
264
|
|
265
265
|
# Get groups from AD
|
266
|
+
# entry = {
|
267
|
+
# :gidnumber => xxx,
|
268
|
+
# }
|
269
|
+
#
|
266
270
|
@ad_client.search(:base => @ad_basedn, :filter => ad_filter) do |entry|
|
267
|
-
ad_group_map[entry[:name]] =
|
271
|
+
ad_group_map[entry[:name].first] = {:gidnumber => entry[:gidnumber]}
|
272
|
+
#ad_group_map[entry[:name]] = nil
|
268
273
|
end
|
269
274
|
ret_code = @ad_client.get_operation_result.code
|
270
275
|
|
@@ -272,14 +277,15 @@ class Adap
|
|
272
277
|
:code => ret_code,
|
273
278
|
:operations => [:search_groups_from_ad],
|
274
279
|
:message => "Failed to get groups of a user #{uid} from AD to sync them. " + @ad_client.get_operation_result.error_message
|
275
|
-
} if ret_code != 0
|
280
|
+
} if ret_code != 0 && ret_code != 32
|
276
281
|
|
277
282
|
# Create LDAP ldapsearch filter
|
278
283
|
ldap_filter = Net::LDAP::Filter.construct("(memberUid=#{uid})")
|
279
284
|
|
280
285
|
# Get groups from LDAP
|
281
|
-
@ldap_client.search(:base => "ou=
|
282
|
-
|
286
|
+
@ldap_client.search(:base => "ou=Groups," + @ldap_basedn, :filter => ldap_filter) do |entry|
|
287
|
+
# gidnumber is not necessary for LDAP entry
|
288
|
+
ldap_group_map[entry[:cn].first] = nil
|
283
289
|
end
|
284
290
|
ret_code = @ldap_client.get_operation_result.code
|
285
291
|
|
@@ -290,67 +296,165 @@ class Adap
|
|
290
296
|
} if ret_code != 0
|
291
297
|
|
292
298
|
# Comparing name of AD's entry and cn of LDAP's entry
|
293
|
-
|
299
|
+
operation_pool = create_sync_group_of_user_operation(ad_group_map, ldap_group_map, uid)
|
300
|
+
ret = do_sync_group_of_user_operation(operation_pool)
|
294
301
|
|
295
302
|
return {
|
296
|
-
:code =>
|
303
|
+
:code => ret[:code],
|
297
304
|
:operations => [:modify_group_of_user],
|
298
|
-
:message =>
|
299
|
-
}
|
305
|
+
:message => (ret[:code] == 0 ? nil: ret[:message])
|
306
|
+
}
|
307
|
+
end
|
308
|
+
|
309
|
+
# {
|
310
|
+
# "cn=foo,ou=Groups,dc=mysite,dc=example,dc=com": {
|
311
|
+
# :cn => "foo",
|
312
|
+
# :gidnumber => xxx,
|
313
|
+
# :operations => [[:add, :memberuid, uid]]
|
314
|
+
# }
|
315
|
+
# "cn=bar,ou=Groups,dc=mysite,dc=example,dc=com": {
|
316
|
+
# :cn => "bar",
|
317
|
+
# :gidnumber => yyy,
|
318
|
+
# :operations => [[:delete, :memberuid, uid]]
|
319
|
+
# }
|
320
|
+
# }
|
321
|
+
def create_sync_group_of_user_operation(ad_group_map, ldap_group_map, uid)
|
322
|
+
operation_pool = {}
|
323
|
+
|
324
|
+
ad_group_map.each_key do |key|
|
325
|
+
dn = "cn=#{key},ou=Groups,#{@ldap_basedn}"
|
326
|
+
# Convert AD entries to LDAP entries to create operation to update LDAP data.
|
327
|
+
operation_pool[dn] = {
|
328
|
+
:cn => key,
|
329
|
+
:gidnumber => ad_group_map[key][:gidnumber],
|
330
|
+
:operations => [[:add, :memberuid, uid]]
|
331
|
+
} if !ldap_group_map.has_key?(key)
|
332
|
+
end
|
333
|
+
|
334
|
+
ldap_group_map.each_key do |key|
|
335
|
+
operation_pool["cn=#{key},ou=Groups,#{@ldap_basedn}"] = {
|
336
|
+
# :cn and :gidnumber are not necessary
|
337
|
+
:operations => [[:delete, :memberuid, uid]]
|
338
|
+
} if !ad_group_map.has_key?(key)
|
339
|
+
end
|
340
|
+
|
341
|
+
operation_pool
|
342
|
+
end
|
300
343
|
|
301
|
-
|
344
|
+
def do_sync_group_of_user_operation(operation_pool)
|
345
|
+
return {
|
346
|
+
:code => 0,
|
347
|
+
:operations => nil,
|
348
|
+
:message => "There are not any groups of user to sync"
|
349
|
+
} if operation_pool.length == 0
|
350
|
+
|
351
|
+
# ex)
|
352
|
+
# entry_key = "cn=bar,ou=Groups,dc=mysite,dc=example,dc=com"
|
353
|
+
operation_pool.each_key do |entry_key|
|
354
|
+
|
355
|
+
# ex)
|
356
|
+
# entry = {
|
357
|
+
# :cn => "bar",
|
358
|
+
# :gidnumber => 1000,
|
359
|
+
# :operations => [[:add, :memberuid, uid]] # or [[:delete, :memberuid, uid]]
|
360
|
+
# }
|
361
|
+
entry = operation_pool[entry_key]
|
362
|
+
|
363
|
+
if entry[:operations].first.first == :add then
|
364
|
+
ret = add_group_if_not_existed(entry_key, entry)
|
365
|
+
return ret if ret[:code] != 0
|
366
|
+
end
|
367
|
+
# The operation will be like...
|
368
|
+
# [[:add, :memberuid, "username"]] or [[:delete, :memberuid, "username"]]
|
302
369
|
|
303
|
-
operation_with_dn.each_key do |key|
|
304
370
|
@ldap_client.modify({
|
305
|
-
:dn =>
|
306
|
-
:operations =>
|
371
|
+
:dn => entry_key,
|
372
|
+
:operations => entry[:operations]
|
307
373
|
})
|
308
374
|
ret_code = @ldap_client.get_operation_result.code
|
309
375
|
|
310
376
|
return {
|
311
377
|
:code => ret_code,
|
312
378
|
:operations => [:modify_group_of_user],
|
313
|
-
:message => "Failed to modify group \"#{
|
379
|
+
:message => "Failed to modify group \"#{entry_key}\" of user #{entry[:cn]}. " + @ldap_client.get_operation_result.error_message
|
314
380
|
} if ret_code != 0
|
381
|
+
|
382
|
+
if entry[:operations].first.first == :delete then
|
383
|
+
ret = delete_group_if_existed_as_empty(entry_key)
|
384
|
+
return ret if ret[:code] != 0
|
385
|
+
end
|
315
386
|
end
|
316
387
|
|
317
388
|
return {:code => 0, :operations => [:modify_group_of_user], :message => nil}
|
318
389
|
end
|
319
390
|
|
320
|
-
|
321
|
-
|
322
|
-
|
323
|
-
# ],
|
324
|
-
# "cn=bar,ou=Groups,dc=mysite,dc=example,dc=com": [
|
325
|
-
# [:delete, :memberuid, uid]
|
326
|
-
# ],
|
327
|
-
# "cn=baz,ou=Groups,dc=mysite,dc=example,dc=com": [
|
328
|
-
# [:add, :memberuid, uid]
|
329
|
-
# ]
|
330
|
-
# }
|
331
|
-
def create_sync_group_of_user_operation(ad_group_map, ldap_group_map, uid)
|
332
|
-
operations_with_dn = {}
|
391
|
+
def add_group_if_not_existed(group_dn, entry)
|
392
|
+
@ldap_client.search(:base => group_dn)
|
393
|
+
ret_code = @ldap_client.get_operation_result.code
|
333
394
|
|
334
|
-
|
335
|
-
|
336
|
-
end
|
395
|
+
# The group already existed
|
396
|
+
return {:code => 0, :operations => nil, :message => nil} if ret_code == 0
|
337
397
|
|
338
|
-
|
339
|
-
|
398
|
+
# Failed to query ldapsearch for some reason
|
399
|
+
return {
|
400
|
+
:code => ret_code,
|
401
|
+
:operations => nil,
|
402
|
+
:message => "Failed to search LDAP in add_group_if_not_existed(). " + @ldap_client.get_operation_result.error_message
|
403
|
+
} if ret_code != 32
|
404
|
+
|
405
|
+
attributes = {:objectclass => ["top", "posixGroup"]}
|
406
|
+
attributes[:gidnumber] = entry[:gidnumber] if entry[:gidnumber] != nil
|
407
|
+
attributes[:cn] = entry[:cn] if entry[:cn] != nil
|
408
|
+
|
409
|
+
@ldap_client.add(
|
410
|
+
:dn => group_dn,
|
411
|
+
:attributes => attributes
|
412
|
+
)
|
413
|
+
ret_code = @ldap_client.get_operation_result.code
|
414
|
+
|
415
|
+
return {
|
416
|
+
:code => ret_code,
|
417
|
+
:operations => [:add_group],
|
418
|
+
:message => (ret_code == 0 ? nil : "Failed to add a group in add_group_if_not_existed(). " + @ldap_client.get_operation_result.error_message)
|
419
|
+
}
|
420
|
+
end
|
421
|
+
|
422
|
+
def delete_group_if_existed_as_empty(group_dn)
|
423
|
+
is_no_memberuid = false
|
424
|
+
# Check whether the group has memberuid
|
425
|
+
@ldap_client.search(:base => group_dn, :filter => "(!(memberUid=*))") do |e|
|
426
|
+
is_no_memberuid = true
|
340
427
|
end
|
341
428
|
|
342
|
-
|
429
|
+
ret_code = @ldap_client.get_operation_result.code
|
430
|
+
return {:code => 0, :operations => nil, :message => nil} \
|
431
|
+
if (ret_code == 0 && is_no_memberuid == false) || ret_code == 32
|
432
|
+
|
433
|
+
return {
|
434
|
+
:code => ret_code,
|
435
|
+
:operations => nil,
|
436
|
+
:message => "Failed to search group in delete_group_if_existed_as_empty(). " + @ldap_client.get_operation_result.error_message
|
437
|
+
} if ret_code != 0
|
438
|
+
|
439
|
+
@ldap_client.delete(:dn => group_dn)
|
440
|
+
ret_code = @ldap_client.get_operation_result.code
|
441
|
+
|
442
|
+
return {
|
443
|
+
:code => ret_code,
|
444
|
+
:operations => [:delete_group],
|
445
|
+
:message => (ret_code == 0 ? nil: "Failed to delete a group in delete_group_if_existed_as_empty(). " + @ldap_client.get_operation_result.error_message)
|
446
|
+
}
|
343
447
|
end
|
344
448
|
|
345
449
|
def get_primary_gidnumber(entry)
|
346
450
|
return nil if entry == nil
|
347
451
|
|
348
|
-
if entry[:
|
452
|
+
if entry[:primarygroupid] == nil then
|
349
453
|
ad_result = get_primary_gidnumber_from_ad(entry[:uid].first)
|
350
454
|
return ad_result
|
351
455
|
end
|
352
456
|
|
353
|
-
return entry[:
|
457
|
+
return entry[:primarygroupid].first
|
354
458
|
end
|
355
459
|
|
356
460
|
def get_primary_gidnumber_from_ad(uid)
|
data/lib/adap/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: adap
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.12
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tsutomu Nakamura
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-01-
|
11
|
+
date: 2020-01-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|