adap 0.0.10 → 0.0.12

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/adap/adap.rb +143 -39
  3. data/lib/adap/version.rb +1 -1
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3a74e61b5e3e18366156d599bc06934cac304203d0160874850be5dd0726a533
4
- data.tar.gz: 44ae5471294aa70674cca0bcb8123f1ade2bc458b6e1f550cf4af1eaa4a56ee1
3
+ metadata.gz: ee6e3514fa3c73373536ae3998baa47a70c1a2e528274d7a0b78f49a6a24188d
4
+ data.tar.gz: 226aed513502e093d6b53bbe3e959ce56b123ac5292643e0497a45d50556694d
5
5
  SHA512:
6
- metadata.gz: b68ffd625a78bc5cd5f1180ff411c963e6dfd2cde48f4a32df30f837d601d5471a9e8779f6dc307e838e4cef9a55bf6bc4e0b295def2fe27dbb6f67aa2d4ec4f
7
- data.tar.gz: ae1eda60ee121c4b9c44fba035385955bd447e26f66420a47233058b15626cf63a418d2018d738dc929fa878f48eff211c110c291f995a6e6fad0a97e12b1dc6
6
+ metadata.gz: 55950748cc4a1c3fb4fd2c6cea48a432760808b26e42773937beb6786771842c433f2e9f62b5923bc529acc35a98eb1d17c8df5a5ab7ef92a330f9045114f404
7
+ data.tar.gz: d3254d935e294f91dd803ba4128cdec7e29d0e9fe34cee6dfaaf9895ec819a7b2299d7def2ac23e102bf4fa4850aedefd636e9e63a87fba9d4c9b0c008133b1e
data/lib/adap/adap.rb CHANGED
@@ -210,7 +210,7 @@ class Adap
210
210
 
211
211
  ad_entry.each do |key, value|
212
212
  ad_key_sym = key.downcase.to_sym
213
- ldap_key = (key != "unixHomeDirectory" ? key : "homeDirectory")
213
+ ldap_key = (key != :unixhomedirectory ? key : :homedirectory)
214
214
  ldap_key_sym = ldap_key.downcase.to_sym
215
215
 
216
216
  if USER_REQUIRED_ATTRIBUTES.include?(ad_key_sym)
@@ -221,7 +221,7 @@ class Adap
221
221
 
222
222
  ldap_entry.each do |key, value|
223
223
  ldap_key_sym = key.downcase.to_sym
224
- ad_key = (key != "homeDirectory" ? key : "unixHomeDirectory")
224
+ ad_key = (key != :homedirectory ? key : :unixhomedirectory)
225
225
 
226
226
  if USER_REQUIRED_ATTRIBUTES.include?(ldap_key_sym)
227
227
  operations.push([:delete, ldap_key_sym, nil]) if ad_entry[ad_key] == nil
@@ -248,23 +248,28 @@ class Adap
248
248
  return {:code => ret_code, :operations => [:delete_user], :message => nil}
249
249
  end
250
250
 
251
- def sync_group_of_user(uid, primary_gid)
251
+ def sync_group_of_user(uid, primary_gid_number)
252
252
  ad_group_map = {}
253
253
  ldap_group_map = {}
254
254
 
255
255
  # Creating AD ldapsearch filter
256
256
 
257
- ad_filter = if primary_gid == nil then
257
+ ad_filter = if primary_gid_number == nil then
258
258
  Net::LDAP::Filter.construct(
259
259
  "(&(objectCategory=CN=Group,CN=Schema,CN=Configuration,#{@ad_basedn})(member=CN=#{uid},CN=Users,#{@ad_basedn}))")
260
260
  else
261
261
  Net::LDAP::Filter.construct(
262
- "(&(objectCategory=CN=Group,CN=Schema,CN=Configuration,#{@ad_basedn})(|(member=CN=#{uid},CN=Users,#{@ad_basedn})(gidNumber=#{primary_gid})))")
262
+ "(&(objectCategory=CN=Group,CN=Schema,CN=Configuration,#{@ad_basedn})(|(member=CN=#{uid},CN=Users,#{@ad_basedn})(gidNumber=#{primary_gid_number})))")
263
263
  end
264
264
 
265
265
  # Get groups from AD
266
+ # entry = {
267
+ # :gidnumber => xxx,
268
+ # }
269
+ #
266
270
  @ad_client.search(:base => @ad_basedn, :filter => ad_filter) do |entry|
267
- ad_group_map[entry[:name]] = nil
271
+ ad_group_map[entry[:name].first] = {:gidnumber => entry[:gidnumber]}
272
+ #ad_group_map[entry[:name]] = nil
268
273
  end
269
274
  ret_code = @ad_client.get_operation_result.code
270
275
 
@@ -272,14 +277,15 @@ class Adap
272
277
  :code => ret_code,
273
278
  :operations => [:search_groups_from_ad],
274
279
  :message => "Failed to get groups of a user #{uid} from AD to sync them. " + @ad_client.get_operation_result.error_message
275
- } if ret_code != 0
280
+ } if ret_code != 0 && ret_code != 32
276
281
 
277
282
  # Create LDAP ldapsearch filter
278
283
  ldap_filter = Net::LDAP::Filter.construct("(memberUid=#{uid})")
279
284
 
280
285
  # Get groups from LDAP
281
- @ldap_client.search(:base => "ou=Users," + @ldap_basedn, :filter => ldap_filter) do |entry|
282
- ldap_group_map[entry[:cn]] = nil
286
+ @ldap_client.search(:base => "ou=Groups," + @ldap_basedn, :filter => ldap_filter) do |entry|
287
+ # gidnumber is not necessary for LDAP entry
288
+ ldap_group_map[entry[:cn].first] = nil
283
289
  end
284
290
  ret_code = @ldap_client.get_operation_result.code
285
291
 
@@ -290,67 +296,165 @@ class Adap
290
296
  } if ret_code != 0
291
297
 
292
298
  # Comparing name of AD's entry and cn of LDAP's entry
293
- operation_with_dn = create_sync_group_of_user_operation(ad_group_map, ldap_group_map, uid)
299
+ operation_pool = create_sync_group_of_user_operation(ad_group_map, ldap_group_map, uid)
300
+ ret = do_sync_group_of_user_operation(operation_pool)
294
301
 
295
302
  return {
296
- :code => 0,
303
+ :code => ret[:code],
297
304
  :operations => [:modify_group_of_user],
298
- :message => "There are not any groups of user to sync"
299
- } if operation_with_dn.length == 0
305
+ :message => (ret[:code] == 0 ? nil: ret[:message])
306
+ }
307
+ end
308
+
309
+ # {
310
+ # "cn=foo,ou=Groups,dc=mysite,dc=example,dc=com": {
311
+ # :cn => "foo",
312
+ # :gidnumber => xxx,
313
+ # :operations => [[:add, :memberuid, uid]]
314
+ # }
315
+ # "cn=bar,ou=Groups,dc=mysite,dc=example,dc=com": {
316
+ # :cn => "bar",
317
+ # :gidnumber => yyy,
318
+ # :operations => [[:delete, :memberuid, uid]]
319
+ # }
320
+ # }
321
+ def create_sync_group_of_user_operation(ad_group_map, ldap_group_map, uid)
322
+ operation_pool = {}
323
+
324
+ ad_group_map.each_key do |key|
325
+ dn = "cn=#{key},ou=Groups,#{@ldap_basedn}"
326
+ # Convert AD entries to LDAP entries to create operation to update LDAP data.
327
+ operation_pool[dn] = {
328
+ :cn => key,
329
+ :gidnumber => ad_group_map[key][:gidnumber],
330
+ :operations => [[:add, :memberuid, uid]]
331
+ } if !ldap_group_map.has_key?(key)
332
+ end
333
+
334
+ ldap_group_map.each_key do |key|
335
+ operation_pool["cn=#{key},ou=Groups,#{@ldap_basedn}"] = {
336
+ # :cn and :gidnumber are not necessary
337
+ :operations => [[:delete, :memberuid, uid]]
338
+ } if !ad_group_map.has_key?(key)
339
+ end
340
+
341
+ operation_pool
342
+ end
300
343
 
301
- # ldap_user_dn = get_ldap_dn(uid)
344
+ def do_sync_group_of_user_operation(operation_pool)
345
+ return {
346
+ :code => 0,
347
+ :operations => nil,
348
+ :message => "There are not any groups of user to sync"
349
+ } if operation_pool.length == 0
350
+
351
+ # ex)
352
+ # entry_key = "cn=bar,ou=Groups,dc=mysite,dc=example,dc=com"
353
+ operation_pool.each_key do |entry_key|
354
+
355
+ # ex)
356
+ # entry = {
357
+ # :cn => "bar",
358
+ # :gidnumber => 1000,
359
+ # :operations => [[:add, :memberuid, uid]] # or [[:delete, :memberuid, uid]]
360
+ # }
361
+ entry = operation_pool[entry_key]
362
+
363
+ if entry[:operations].first.first == :add then
364
+ ret = add_group_if_not_existed(entry_key, entry)
365
+ return ret if ret[:code] != 0
366
+ end
367
+ # The operation will be like...
368
+ # [[:add, :memberuid, "username"]] or [[:delete, :memberuid, "username"]]
302
369
 
303
- operation_with_dn.each_key do |key|
304
370
  @ldap_client.modify({
305
- :dn => key,
306
- :operations => operation_with_dn[key]
371
+ :dn => entry_key,
372
+ :operations => entry[:operations]
307
373
  })
308
374
  ret_code = @ldap_client.get_operation_result.code
309
375
 
310
376
  return {
311
377
  :code => ret_code,
312
378
  :operations => [:modify_group_of_user],
313
- :message => "Failed to modify group \"#{key}\" of user #{uid}. " + @ldap_client.get_operation_result.error_message
379
+ :message => "Failed to modify group \"#{entry_key}\" of user #{entry[:cn]}. " + @ldap_client.get_operation_result.error_message
314
380
  } if ret_code != 0
381
+
382
+ if entry[:operations].first.first == :delete then
383
+ ret = delete_group_if_existed_as_empty(entry_key)
384
+ return ret if ret[:code] != 0
385
+ end
315
386
  end
316
387
 
317
388
  return {:code => 0, :operations => [:modify_group_of_user], :message => nil}
318
389
  end
319
390
 
320
- # {
321
- # "cn=foo,ou=Groups,dc=mysite,dc=example,dc=com": [
322
- # [:add, :memberuid, uid]
323
- # ],
324
- # "cn=bar,ou=Groups,dc=mysite,dc=example,dc=com": [
325
- # [:delete, :memberuid, uid]
326
- # ],
327
- # "cn=baz,ou=Groups,dc=mysite,dc=example,dc=com": [
328
- # [:add, :memberuid, uid]
329
- # ]
330
- # }
331
- def create_sync_group_of_user_operation(ad_group_map, ldap_group_map, uid)
332
- operations_with_dn = {}
391
+ def add_group_if_not_existed(group_dn, entry)
392
+ @ldap_client.search(:base => group_dn)
393
+ ret_code = @ldap_client.get_operation_result.code
333
394
 
334
- ad_group_map.each_key do |key|
335
- operations_with_dn["cn=#{key},ou=Groups,#{@ldap_basedn}"] = [[:add, :memberuid, uid]] if !ldap_group_map.has_key?(key)
336
- end
395
+ # The group already existed
396
+ return {:code => 0, :operations => nil, :message => nil} if ret_code == 0
337
397
 
338
- ldap_group_map.each_key do |key|
339
- operations_with_dn["cn=#{key},ou=Groups,#{@ldap_basedn}"] = [[:delete, :memberuid, uid]] if !ad_group_map.has_key?(key)
398
+ # Failed to query ldapsearch for some reason
399
+ return {
400
+ :code => ret_code,
401
+ :operations => nil,
402
+ :message => "Failed to search LDAP in add_group_if_not_existed(). " + @ldap_client.get_operation_result.error_message
403
+ } if ret_code != 32
404
+
405
+ attributes = {:objectclass => ["top", "posixGroup"]}
406
+ attributes[:gidnumber] = entry[:gidnumber] if entry[:gidnumber] != nil
407
+ attributes[:cn] = entry[:cn] if entry[:cn] != nil
408
+
409
+ @ldap_client.add(
410
+ :dn => group_dn,
411
+ :attributes => attributes
412
+ )
413
+ ret_code = @ldap_client.get_operation_result.code
414
+
415
+ return {
416
+ :code => ret_code,
417
+ :operations => [:add_group],
418
+ :message => (ret_code == 0 ? nil : "Failed to add a group in add_group_if_not_existed(). " + @ldap_client.get_operation_result.error_message)
419
+ }
420
+ end
421
+
422
+ def delete_group_if_existed_as_empty(group_dn)
423
+ is_no_memberuid = false
424
+ # Check whether the group has memberuid
425
+ @ldap_client.search(:base => group_dn, :filter => "(!(memberUid=*))") do |e|
426
+ is_no_memberuid = true
340
427
  end
341
428
 
342
- operations_with_dn
429
+ ret_code = @ldap_client.get_operation_result.code
430
+ return {:code => 0, :operations => nil, :message => nil} \
431
+ if (ret_code == 0 && is_no_memberuid == false) || ret_code == 32
432
+
433
+ return {
434
+ :code => ret_code,
435
+ :operations => nil,
436
+ :message => "Failed to search group in delete_group_if_existed_as_empty(). " + @ldap_client.get_operation_result.error_message
437
+ } if ret_code != 0
438
+
439
+ @ldap_client.delete(:dn => group_dn)
440
+ ret_code = @ldap_client.get_operation_result.code
441
+
442
+ return {
443
+ :code => ret_code,
444
+ :operations => [:delete_group],
445
+ :message => (ret_code == 0 ? nil: "Failed to delete a group in delete_group_if_existed_as_empty(). " + @ldap_client.get_operation_result.error_message)
446
+ }
343
447
  end
344
448
 
345
449
  def get_primary_gidnumber(entry)
346
450
  return nil if entry == nil
347
451
 
348
- if entry[:gidnumber] == nil then
452
+ if entry[:primarygroupid] == nil then
349
453
  ad_result = get_primary_gidnumber_from_ad(entry[:uid].first)
350
454
  return ad_result
351
455
  end
352
456
 
353
- return entry[:gidnumber].first
457
+ return entry[:primarygroupid].first
354
458
  end
355
459
 
356
460
  def get_primary_gidnumber_from_ad(uid)
data/lib/adap/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module ModAdap
2
- VERSION = "0.0.10"
2
+ VERSION = "0.0.12"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: adap
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.10
4
+ version: 0.0.12
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tsutomu Nakamura
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-01-19 00:00:00.000000000 Z
11
+ date: 2020-01-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler