bsb_active_directory 8.0

data/lib/bsb_active_directory/container.rb

@@ -0,0 +1,114 @@
+#-- license
+#
+#  Based on original code by Justin Mecham and James Hunt
+#  at http://rubyforge.org/projects/activedirectory
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#++ license
+
+module ActiveDirectory
+  #
+  # The ActiveDirectory::Container class represents a more malleable way
+  # of dealing with LDAP Distinguished Names (dn), like
+  # "cn=UserName,ou=Users,dc=example,dc=org".
+  #
+  # The following two representations of the above dn are identical:
+  #
+  #   dn = "cn=UserName,ou=Users,dc=example,dc=org"
+  #   dn = ActiveDirectory::Container.dc('org').dc('example').ou('Users').cn('UserName').to_s
+  #
+  class Container
+    attr_reader :type
+    attr_reader :name
+    attr_reader :parent
+
+    def initialize(type, name, node = nil) #:nodoc:
+      @type = type
+      @name = name
+      @node = node
+    end
+
+    #
+    # Creates a starting OU (Organizational Unit) dn part.
+    #
+    #   # ou_part = "ou=OrganizationalUnit"
+    #   ou_part = ActiveDirectory::Container.ou('OrganizationalUnit').to_s
+    #
+    def self.ou(name)
+      new(:ou, name, nil)
+    end
+
+    #
+    # Creates a starting DC (Domain Component) dn part.
+    #
+    #   # dc_part = "dc=net"
+    #   dc_part = ActiveDirectory::Container.dc('net').to_s
+    #
+    def self.dc(name)
+      new(:dc, name, nil)
+    end
+
+    #
+    # Creates a starting CN (Canonical Name) dn part.
+    #
+    #   # cn_part = "cn=CanonicalName"
+    #   cn_part = ActiveDirectory::Container.cn('CanonicalName').to_s
+    #
+    def self.cn(name)
+      new(:cn, name, nil)
+    end
+
+    #
+    # Appends an OU (Organizational Unit) dn part to another Container.
+    #
+    #   # ou = "ou=InfoTech,dc=net"
+    #   ou = ActiveDirectory::Container.dc("net").ou("InfoTech").to_s
+    #
+    def ou(name)
+      self.class.new(:ou, name, self)
+    end
+
+    #
+    # Appends a DC (Domain Component) dn part to another Container.
+    #
+    #   # base = "dc=example,dc=net"
+    #   base = ActiveDirectory::Container.dc("net").dc("example").to_s
+    #
+    def dc(name)
+      self.class.new(:dc, name, self)
+    end
+
+    #
+    # Appends a CN (Canonical Name) dn part to another Container.
+    #
+    #    # user = "cn=UID,ou=Users"
+    #    user = ActiveDirectory::Container.ou("Users").cn("UID")
+    #
+    def cn(name)
+      self.class.new(:cn, name, self)
+    end
+
+    #
+    # Converts the Container object to its String representation.
+    #
+    def to_s
+      @node ? "#{@type}=#{name},#{@node}" : "#{@type}=#{name}"
+    end
+
+    def ==(other) #:nodoc:
+      to_s.casecmp(other.to_s.downcase).zero?
+    end
+  end
+end

data/lib/bsb_active_directory/field_type/binary.rb

@@ -0,0 +1,39 @@
+#-- license
+#
+#  Based on original code by Justin Mecham and James Hunt
+#  at http://rubyforge.org/projects/activedirectory
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#++ license
+
+module ActiveDirectory
+  module FieldType
+    class Binary
+      #
+      # Encodes a hex string into a GUID
+      #
+      def self.encode(hex_string)
+        [hex_string].pack('H*')
+      end
+
+      #
+      # Decodes a binary GUID as a hex string
+      #
+      def self.decode(guid)
+        guid.unpack('H*').first.to_s
+      end
+    end
+  end
+end

data/lib/bsb_active_directory/field_type/date.rb

@@ -0,0 +1,39 @@
+#-- license
+#
+#  Based on original code by Justin Mecham and James Hunt
+#  at http://rubyforge.org/projects/activedirectory
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#++ license
+
+module ActiveDirectory
+  module FieldType
+    class Date
+      #
+      # Converts a time object into an ISO8601 format compatable with Active Directory
+      #
+      def self.encode(local_time)
+        local_time.strftime('%Y%m%d%H%M%S.0Z')
+      end
+
+      #
+      # Decodes an Active Directory date when stored as ISO8601
+      #
+      def self.decode(remote_time)
+        Time.parse(remote_time)
+      end
+    end
+  end
+end

data/lib/bsb_active_directory/field_type/dn_array.rb

@@ -0,0 +1,40 @@
+#-- license
+#
+#  Based on original code by Justin Mecham and James Hunt
+#  at http://rubyforge.org/projects/activedirectory
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#++ license
+
+module ActiveDirectory
+  module FieldType
+    class DnArray
+      #
+      # Encodes an array of objects into a list of dns
+      #
+      def self.encode(obj_array)
+        obj_array.collect(&:dn)
+      end
+
+      #
+      # Decodes a list of DNs into the objects that they are
+      #
+      def self.decode(dn_array)
+        # How to do user or group?
+        Base.find(:all, distinguishedname: dn_array)
+      end
+    end
+  end
+end

data/lib/bsb_active_directory/field_type/group_dn_array.rb

@@ -0,0 +1,40 @@
+#-- license
+#
+#  Based on original code by Justin Mecham and James Hunt
+#  at http://rubyforge.org/projects/activedirectory
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#++ license
+
+module ActiveDirectory
+  module FieldType
+    class GroupDnArray
+      #
+      # Encodes an array of objects into a list of dns
+      #
+      def self.encode(obj_array)
+        obj_array.collect(&:dn)
+      end
+
+      #
+      # Decodes a list of DNs into the objects that they are
+      #
+      def self.decode(dn_array)
+        # How to do user or group?
+        Group.find(:all, distinguishedname: dn_array)
+      end
+    end
+  end
+end

data/lib/bsb_active_directory/field_type/member_dn_array.rb

@@ -0,0 +1,47 @@
+#-- license
+#
+#  Based on original code by Justin Mecham and James Hunt
+#  at http://rubyforge.org/projects/activedirectory
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#++ license
+
+module ActiveDirectory
+  module FieldType
+    class MemberDnArray
+      #
+      # Encodes an array of objects into a list of dns
+      #
+      def self.encode(obj_array)
+        obj_array.collect(&:dn)
+      end
+
+      #
+      # Decodes a list of DNs into the objects that they are
+      #
+      def self.decode(dn_array)
+        # Ensures that the objects are cast correctly
+        users = User.find(:all, distinguishedname: dn_array)
+        groups = Group.find(:all, distinguishedname: dn_array)
+
+        arr = []
+        arr << users unless users.nil?
+        arr << groups unless groups.nil?
+
+        arr.flatten
+      end
+    end
+  end
+end

data/lib/bsb_active_directory/field_type/password.rb

@@ -0,0 +1,41 @@
+#-- license
+#
+#  Based on original code by Justin Mecham and James Hunt
+#  at http://rubyforge.org/projects/activedirectory
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#++ license
+
+module ActiveDirectory
+  module FieldType
+    class Password
+      #
+      # Encodes an unencrypted password into an encrypted password
+      # that the Active Directory server will understand.
+      #
+      def self.encode(password)
+        ("\"#{password}\"".split(//).collect { |c| "#{c}\000" }).join
+      end
+
+      #
+      # Always returns nil, since you can't decrypt the User's encrypted
+      # password.
+      #
+      def self.decode(_hashed)
+        nil
+      end
+    end
+  end
+end

data/lib/bsb_active_directory/field_type/timestamp.rb

@@ -0,0 +1,45 @@
+#-- license
+#
+#  Based on original code by Justin Mecham and James Hunt
+#  at http://rubyforge.org/projects/activedirectory
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#++ license
+
+module ActiveDirectory
+  module FieldType
+    class Timestamp
+      AD_DIVISOR = 10_000_000     #:nodoc:
+      AD_OFFSET  = 11_644_473_600 #:nodoc:
+
+      #
+      # Encodes a local Time object (or the number of seconds since January
+      # 1, 1970) into a timestamp that the Active Directory server can
+      # understand (number of 100 nanosecond time units since January 1, 1600)
+      #
+      def self.encode(local_time)
+        (local_time.to_i + AD_OFFSET) * AD_DIVISOR
+      end
+
+      #
+      # Decodes an Active Directory timestamp (the number of 100 nanosecond time
+      # units since January 1, 1600) into a Ruby Time object.
+      #
+      def self.decode(remote_time)
+        Time.at((remote_time.to_i / AD_DIVISOR) - AD_OFFSET)
+      end
+    end
+  end
+end

data/lib/bsb_active_directory/field_type/user_dn_array.rb

@@ -0,0 +1,40 @@
+#-- license
+#
+#  Based on original code by Justin Mecham and James Hunt
+#  at http://rubyforge.org/projects/activedirectory
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#++ license
+
+module ActiveDirectory
+  module FieldType
+    class UserDnArray
+      #
+      # Encodes an array of objects into a list of dns
+      #
+      def self.encode(obj_array)
+        obj_array.collect(&:dn)
+      end
+
+      #
+      # Decodes a list of DNs into the objects that they are
+      #
+      def self.decode(dn_array)
+        # How to do user or group?
+        User.find(:all, distinguishedname: dn_array)
+      end
+    end
+  end
+end

data/lib/bsb_active_directory/group.rb

@@ -0,0 +1,160 @@
+#-- license
+#
+#  Based on original code by Justin Mecham and James Hunt
+#  at http://rubyforge.org/projects/activedirectory
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#++ license
+
+require 'bsb_active_directory/attributes'
+
+module ActiveDirectory
+  class Group < Base
+    include Member
+
+    def self.filter # :nodoc:
+      Net::LDAP::Filter.eq(:objectClass, 'group')
+    end
+
+    def self.required_attributes # :nodoc:
+      { objectClass: %w[top group] }
+    end
+
+    def reload # :nodoc:
+      @member_users_non_r  = nil
+      @member_users_r      = nil
+      @member_groups_non_r = nil
+      @member_groups_r     = nil
+      @groups              = nil
+      super
+    end
+
+    #
+    # Returns true if the passed User or Group object belongs to
+    # this group. For performance reasons, the check is handled
+    # by the User or Group object passed.
+    #
+    def has_member?(user)
+      user.member_of?(self)
+    end
+
+    def self.create_security_group(ou, name, type)
+      type_mask = GroupType::SECURITY_ENABLED
+      case type
+      when :local
+        type_mask |= GroupType::RESSOURCE_GROUP
+      when :global
+        type_mask |= GroupType::ACCOUNT_GROUP
+      when :universal
+        type_mask |= GroupType::UNIVERSAL_GROUP
+      else
+        raise "Unknown type specified : #{type}"
+      end
+      dn = 'CN=' + name + ',' + ou
+      attributes = {
+        objectClass: %w[top group],
+        sAMAccountName: name,
+        objectCategory: 'CN=Group,CN=Schema,CN=Configuration,DC=afssa,DC=fr',
+        groupType: type_mask.to_s
+      }
+      @@ldap.add(dn: dn, attributes: attributes)
+      from_dn(dn)
+    end
+
+    #
+    # Add the passed User or Group object to this Group. Returns true if
+    # the User or Group is already a member of the group, or if the operation
+    # to add them succeeds.
+    #
+    def add(new_member)
+      return false unless new_member.is_a?(User) || new_member.is_a?(Group)
+      if @@ldap.modify(dn: distinguishedName, operations: [
+                         [:add, :member, new_member.distinguishedName]
+                       ])
+        return true
+      else
+        return has_member?(new_member)
+      end
+    end
+
+    #
+    # Remove a User or Group from this Group. Returns true if the User or
+    # Group does not belong to this Group, or if the oepration to remove them
+    # succeeds.
+    #
+    def remove(member)
+      return false unless member.is_a?(User) || member.is_a?(Group)
+      if @@ldap.modify(dn: distinguishedName, operations: [
+                         [:delete, :member, member.distinguishedName]
+                       ])
+        return true
+      else
+        return !has_member?(member)
+      end
+    end
+
+    def has_members?
+      return @entry.member.nil? || @entry.member.empty? ? false : true
+    rescue NoMethodError
+      return false
+    end
+
+    #
+    # Returns an array of all User objects that belong to this group.
+    #
+    # If the recursive argument is passed as false, then only Users who
+    # belong explicitly to this Group are returned.
+    #
+    # If the recursive argument is passed as true, then all Users who
+    # belong to this Group, or any of its subgroups, are returned.
+    #
+    def member_users(recursive = false)
+      @member_users = User.find(:all, distinguishedname: @entry[:member]).delete_if(&:nil?)
+      if recursive
+        member_groups.each do |group|
+          @member_users.concat(group.member_users(true))
+        end
+      end
+      @member_users
+    end
+
+    #
+    # Returns an array of all Group objects that belong to this group.
+    #
+    # If the recursive argument is passed as false, then only Groups that
+    # belong explicitly to this Group are returned.
+    #
+    # If the recursive argument is passed as true, then all Groups that
+    # belong to this Group, or any of its subgroups, are returned.
+    #
+    def member_groups(recursive = false)
+      @member_groups ||= Group.find(:all, distinguishedname: @entry[:member]).delete_if(&:nil?)
+      if recursive
+        member_groups.each do |group|
+          @member_groups.concat(group.member_groups(true))
+        end
+      end
+      @member_groups
+    end
+
+    #
+    # Returns an array of Group objects that this Group belongs to.
+    #
+    def groups
+      return [] if memberOf.nil?
+      @groups ||= Group.find(:all, distinguishedname: @entry.memberOf).delete_if(&:nil?)
+    end
+  end
+end

data/lib/bsb_active_directory/member.rb

@@ -0,0 +1,53 @@
+#-- license
+#
+#  Based on original code by Justin Mecham and James Hunt
+#  at http://rubyforge.org/projects/activedirectory
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#++ license
+
+module ActiveDirectory
+  module Member
+    #
+    # Returns true if this member (User or Group) is a member of
+    # the passed Group object.
+    #
+    def member_of?(usergroup)
+      group_dns = memberOf
+      return false if group_dns.nil? || group_dns.empty?
+      # group_dns = [group_dns] unless group_dns.is_a?(Array)
+      group_dns.map(&:dn).include?(usergroup.dn)
+    end
+
+    #
+    # Add the member to the passed Group object. Returns true if this object
+    # is already a member of the Group, or if the operation to add it succeeded.
+    #
+    def join(group)
+      return false unless group.is_a?(Group)
+      group.add(self)
+    end
+
+    #
+    # Remove the member from the passed Group object. Returns true if this
+    # object is not a member of the Group, or if the operation to remove it
+    # succeeded.
+    #
+    def unjoin(group)
+      return false unless group.is_a?(Group)
+      group.remove(self)
+    end
+  end
+end