bsb_active_directory 8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/LICENSE +675 -0
- data/README.md +43 -0
- data/VERSION +1 -0
- data/lib/bsb_active_directory/attributes/group_type.rb +11 -0
- data/lib/bsb_active_directory/attributes/sam_account_type.rb +16 -0
- data/lib/bsb_active_directory/attributes.rb +3 -0
- data/lib/bsb_active_directory/base.rb +645 -0
- data/lib/bsb_active_directory/computer.rb +35 -0
- data/lib/bsb_active_directory/container.rb +114 -0
- data/lib/bsb_active_directory/field_type/binary.rb +39 -0
- data/lib/bsb_active_directory/field_type/date.rb +39 -0
- data/lib/bsb_active_directory/field_type/dn_array.rb +40 -0
- data/lib/bsb_active_directory/field_type/group_dn_array.rb +40 -0
- data/lib/bsb_active_directory/field_type/member_dn_array.rb +47 -0
- data/lib/bsb_active_directory/field_type/password.rb +41 -0
- data/lib/bsb_active_directory/field_type/timestamp.rb +45 -0
- data/lib/bsb_active_directory/field_type/user_dn_array.rb +40 -0
- data/lib/bsb_active_directory/group.rb +160 -0
- data/lib/bsb_active_directory/member.rb +53 -0
- data/lib/bsb_active_directory/user.rb +182 -0
- data/lib/bsb_active_directory/version.rb +3 -0
- data/lib/bsb_active_directory.rb +94 -0
- metadata +110 -0
@@ -0,0 +1,182 @@
|
|
1
|
+
#-- license
|
2
|
+
#
|
3
|
+
# Based on original code by Justin Mecham and James Hunt
|
4
|
+
# at http://rubyforge.org/projects/activedirectory
|
5
|
+
#
|
6
|
+
# This program is free software: you can redistribute it and/or modify
|
7
|
+
# it under the terms of the GNU General Public License as published by
|
8
|
+
# the Free Software Foundation, either version 3 of the License, or
|
9
|
+
# (at your option) any later version.
|
10
|
+
#
|
11
|
+
# This program is distributed in the hope that it will be useful,
|
12
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
13
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
14
|
+
# GNU General Public License for more details.
|
15
|
+
#
|
16
|
+
# You should have received a copy of the GNU General Public License
|
17
|
+
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
18
|
+
#
|
19
|
+
#++ license
|
20
|
+
|
21
|
+
module ActiveDirectory
|
22
|
+
class User < Base
|
23
|
+
include Member
|
24
|
+
|
25
|
+
UAC_ACCOUNT_DISABLED = 0x0002
|
26
|
+
UAC_NORMAL_ACCOUNT = 0x0200 # 512
|
27
|
+
UAC_PASSWORD_NEVER_EXPIRES = 0x10000 # 65536
|
28
|
+
|
29
|
+
def self.filter # :nodoc:
|
30
|
+
Net::LDAP::Filter.eq(:objectClass, 'user') & ~Net::LDAP::Filter.eq(:objectClass, 'computer')
|
31
|
+
end
|
32
|
+
|
33
|
+
def self.required_attributes #:nodoc:
|
34
|
+
{ objectClass: %w[top organizationalPerson person user] }
|
35
|
+
end
|
36
|
+
|
37
|
+
# Try to authenticate the current User against Active Directory
|
38
|
+
# using the supplied password. Returns false upon failure.
|
39
|
+
#
|
40
|
+
# Authenticate can fail for a variety of reasons, primarily:
|
41
|
+
#
|
42
|
+
# * The password is wrong
|
43
|
+
# * The account is locked
|
44
|
+
# * The account is disabled
|
45
|
+
#
|
46
|
+
# User#locked? and User#disabled? can be used to identify the
|
47
|
+
# latter two cases, and if the account is enabled and unlocked,
|
48
|
+
# Athe password is probably invalid.
|
49
|
+
#
|
50
|
+
def authenticate(password)
|
51
|
+
return false if password.to_s.empty?
|
52
|
+
|
53
|
+
auth_ldap = @@ldap.dup.bind_as(
|
54
|
+
filter: "(sAMAccountName=#{sAMAccountName})",
|
55
|
+
password: password
|
56
|
+
)
|
57
|
+
end
|
58
|
+
|
59
|
+
#
|
60
|
+
# Return the User's manager (another User object), depending on
|
61
|
+
# what is stored in the manager attribute.
|
62
|
+
#
|
63
|
+
# Returns nil if the schema does not include the manager attribute
|
64
|
+
# or if no manager has been configured.
|
65
|
+
#
|
66
|
+
def manager
|
67
|
+
return nil if @entry.manager.nil?
|
68
|
+
User.find_by_distinguishedName(@entry.manager.to_s)
|
69
|
+
end
|
70
|
+
|
71
|
+
#
|
72
|
+
# Returns an array of Group objects that this User belongs to.
|
73
|
+
# Only the immediate parent groups are returned, so if the user
|
74
|
+
# Sally is in a group called Sales, and Sales is in a group
|
75
|
+
# called Marketting, this method would only return the Sales group.
|
76
|
+
#
|
77
|
+
def groups
|
78
|
+
@groups ||= Group.find(:all, distinguishedname: @entry[:memberOf])
|
79
|
+
end
|
80
|
+
|
81
|
+
#
|
82
|
+
# Returns an array of User objects that have this
|
83
|
+
# User as their manager.
|
84
|
+
#
|
85
|
+
def direct_reports
|
86
|
+
return [] if @entry.directReports.nil?
|
87
|
+
@direct_reports ||= User.find(:all, @entry.directReports)
|
88
|
+
end
|
89
|
+
|
90
|
+
#
|
91
|
+
# Returns true if this account has been locked out
|
92
|
+
# (usually because of too many invalid authentication attempts).
|
93
|
+
#
|
94
|
+
# Locked accounts can be unlocked with the User#unlock! method.
|
95
|
+
#
|
96
|
+
def locked?
|
97
|
+
!lockoutTime.nil? && lockoutTime.to_i != 0
|
98
|
+
end
|
99
|
+
|
100
|
+
#
|
101
|
+
# Returns true if this account has been disabled.
|
102
|
+
#
|
103
|
+
def disabled?
|
104
|
+
userAccountControl.to_i & UAC_ACCOUNT_DISABLED != 0
|
105
|
+
end
|
106
|
+
|
107
|
+
#
|
108
|
+
# Disables the account
|
109
|
+
#
|
110
|
+
def disable
|
111
|
+
new_mask = userAccountControl.to_i | UAC_ACCOUNT_DISABLED
|
112
|
+
update_attributes userAccountControl: new_mask.to_s
|
113
|
+
end
|
114
|
+
|
115
|
+
#
|
116
|
+
# Enables the account
|
117
|
+
#
|
118
|
+
def enable
|
119
|
+
new_mask = userAccountControl.to_i ^ UAC_ACCOUNT_DISABLED
|
120
|
+
update_attributes userAccountControl: new_mask.to_s
|
121
|
+
end
|
122
|
+
|
123
|
+
#
|
124
|
+
# Returns true if this account is expired.
|
125
|
+
#
|
126
|
+
def expired?
|
127
|
+
!lockoutTime.nil? && lockoutTime.to_i != 0
|
128
|
+
end
|
129
|
+
|
130
|
+
#
|
131
|
+
# Returns true if this account has a password that does not expire.
|
132
|
+
#
|
133
|
+
def password_never_expires?
|
134
|
+
userAccountControl.to_i & UAC_PASSWORD_NEVER_EXPIRES != 0
|
135
|
+
end
|
136
|
+
|
137
|
+
#
|
138
|
+
# Returns true if the user should be able to log in with a correct
|
139
|
+
# password (essentially, their account is not disabled or locked
|
140
|
+
# out).
|
141
|
+
#
|
142
|
+
def can_login?
|
143
|
+
!disabled? && !locked?
|
144
|
+
end
|
145
|
+
|
146
|
+
#
|
147
|
+
# Change the password for this account.
|
148
|
+
#
|
149
|
+
# This operation requires that the bind user specified in
|
150
|
+
# Base.setup have heightened privileges. It also requires an
|
151
|
+
# SSL connection.
|
152
|
+
#
|
153
|
+
# If the force_change argument is passed as true, the password will
|
154
|
+
# be marked as 'expired', forcing the user to change it the next
|
155
|
+
# time they successfully log into the domain.
|
156
|
+
#
|
157
|
+
def change_password(new_password, force_change = false)
|
158
|
+
settings = @@settings.dup.merge(
|
159
|
+
port: 636,
|
160
|
+
encryption: { method: :simple_tls }
|
161
|
+
)
|
162
|
+
|
163
|
+
ldap = Net::LDAP.new(settings)
|
164
|
+
ldap.modify(
|
165
|
+
dn: distinguishedName,
|
166
|
+
operations: [
|
167
|
+
[:replace, :lockoutTime, ['0']],
|
168
|
+
[:replace, :unicodePwd, [FieldType::Password.encode(new_password)]],
|
169
|
+
[:replace, :userAccountControl, [UAC_NORMAL_ACCOUNT.to_s]],
|
170
|
+
[:replace, :pwdLastSet, [(force_change ? '0' : '-1')]]
|
171
|
+
]
|
172
|
+
)
|
173
|
+
end
|
174
|
+
|
175
|
+
#
|
176
|
+
# Unlocks this account.
|
177
|
+
#
|
178
|
+
def unlock!
|
179
|
+
@@ldap.replace_attribute(distinguishedName, :lockoutTime, ['0'])
|
180
|
+
end
|
181
|
+
end
|
182
|
+
end
|
@@ -0,0 +1,94 @@
|
|
1
|
+
#-- license
|
2
|
+
#
|
3
|
+
# Based on original code by Justin Mecham and James Hunt
|
4
|
+
# at http://rubyforge.org/projects/activedirectory
|
5
|
+
#
|
6
|
+
# This program is free software: you can redistribute it and/or modify
|
7
|
+
# it under the terms of the GNU General Public License as published by
|
8
|
+
# the Free Software Foundation, either version 3 of the License, or
|
9
|
+
# (at your option) any later version.
|
10
|
+
#
|
11
|
+
# This program is distributed in the hope that it will be useful,
|
12
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
13
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
14
|
+
# GNU General Public License for more details.
|
15
|
+
#
|
16
|
+
# You should have received a copy of the GNU General Public License
|
17
|
+
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
18
|
+
#
|
19
|
+
#++ license
|
20
|
+
|
21
|
+
require 'net/ldap'
|
22
|
+
|
23
|
+
require 'bsb_active_directory/base.rb'
|
24
|
+
require 'bsb_active_directory/container.rb'
|
25
|
+
require 'bsb_active_directory/member.rb'
|
26
|
+
|
27
|
+
require 'bsb_active_directory/user.rb'
|
28
|
+
require 'bsb_active_directory/group.rb'
|
29
|
+
require 'bsb_active_directory/computer.rb'
|
30
|
+
|
31
|
+
require 'bsb_active_directory/field_type/password.rb'
|
32
|
+
require 'bsb_active_directory/field_type/binary.rb'
|
33
|
+
require 'bsb_active_directory/field_type/date.rb'
|
34
|
+
require 'bsb_active_directory/field_type/timestamp.rb'
|
35
|
+
require 'bsb_active_directory/field_type/dn_array.rb'
|
36
|
+
require 'bsb_active_directory/field_type/user_dn_array.rb'
|
37
|
+
require 'bsb_active_directory/field_type/group_dn_array.rb'
|
38
|
+
require 'bsb_active_directory/field_type/member_dn_array.rb'
|
39
|
+
|
40
|
+
module ActiveDirectory
|
41
|
+
# Special Fields
|
42
|
+
def self.special_fields
|
43
|
+
@@special_fields
|
44
|
+
end
|
45
|
+
|
46
|
+
def self.special_fields=(sp_fields)
|
47
|
+
@@special_fields = sp_fields
|
48
|
+
end
|
49
|
+
|
50
|
+
@@special_fields = {
|
51
|
+
|
52
|
+
# All objects in the AD
|
53
|
+
Base: {
|
54
|
+
objectguid: :Binary,
|
55
|
+
whencreated: :Date,
|
56
|
+
whenchanged: :Date,
|
57
|
+
memberof: :DnArray
|
58
|
+
},
|
59
|
+
|
60
|
+
# User objects
|
61
|
+
User: {
|
62
|
+
objectguid: :Binary,
|
63
|
+
whencreated: :Date,
|
64
|
+
whenchanged: :Date,
|
65
|
+
objectsid: :Binary,
|
66
|
+
msexchmailboxguid: :Binary,
|
67
|
+
msexchmailboxsecuritydescriptor: :Binary,
|
68
|
+
lastlogontimestamp: :Timestamp,
|
69
|
+
pwdlastset: :Timestamp,
|
70
|
+
accountexpires: :Timestamp,
|
71
|
+
memberof: :MemberDnArray
|
72
|
+
},
|
73
|
+
|
74
|
+
# Group objects
|
75
|
+
Group: {
|
76
|
+
objectguid: :Binary,
|
77
|
+
whencreate: :Date,
|
78
|
+
whenchanged: :Date,
|
79
|
+
objectsid: :Binary,
|
80
|
+
memberof: :GroupDnArray,
|
81
|
+
member: :MemberDnArray
|
82
|
+
},
|
83
|
+
|
84
|
+
# Computer objects
|
85
|
+
Computer: {
|
86
|
+
objectguid: :Binary,
|
87
|
+
whencreated: :Date,
|
88
|
+
whenchanged: :Date,
|
89
|
+
objectsid: :Binary,
|
90
|
+
memberof: :GroupDnArray,
|
91
|
+
member: :MemberDnArray
|
92
|
+
}
|
93
|
+
}
|
94
|
+
end
|
metadata
ADDED
@@ -0,0 +1,110 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: bsb_active_directory
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: '8.0'
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Simon Arnaud
|
8
|
+
- Adam T Kerr
|
9
|
+
- Keith Pitty
|
10
|
+
- James Hunt
|
11
|
+
autorequire:
|
12
|
+
bindir: bin
|
13
|
+
cert_chain: []
|
14
|
+
date: 2022-05-05 00:00:00.000000000 Z
|
15
|
+
dependencies:
|
16
|
+
- !ruby/object:Gem::Dependency
|
17
|
+
name: net-ldap
|
18
|
+
requirement: !ruby/object:Gem::Requirement
|
19
|
+
requirements:
|
20
|
+
- - "~>"
|
21
|
+
- !ruby/object:Gem::Version
|
22
|
+
version: '0'
|
23
|
+
type: :runtime
|
24
|
+
prerelease: false
|
25
|
+
version_requirements: !ruby/object:Gem::Requirement
|
26
|
+
requirements:
|
27
|
+
- - "~>"
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: '0'
|
30
|
+
- !ruby/object:Gem::Dependency
|
31
|
+
name: bindata
|
32
|
+
requirement: !ruby/object:Gem::Requirement
|
33
|
+
requirements:
|
34
|
+
- - "~>"
|
35
|
+
- !ruby/object:Gem::Version
|
36
|
+
version: '2'
|
37
|
+
type: :runtime
|
38
|
+
prerelease: false
|
39
|
+
version_requirements: !ruby/object:Gem::Requirement
|
40
|
+
requirements:
|
41
|
+
- - "~>"
|
42
|
+
- !ruby/object:Gem::Version
|
43
|
+
version: '2'
|
44
|
+
- !ruby/object:Gem::Dependency
|
45
|
+
name: minitest
|
46
|
+
requirement: !ruby/object:Gem::Requirement
|
47
|
+
requirements:
|
48
|
+
- - "~>"
|
49
|
+
- !ruby/object:Gem::Version
|
50
|
+
version: '5'
|
51
|
+
type: :development
|
52
|
+
prerelease: false
|
53
|
+
version_requirements: !ruby/object:Gem::Requirement
|
54
|
+
requirements:
|
55
|
+
- - "~>"
|
56
|
+
- !ruby/object:Gem::Version
|
57
|
+
version: '5'
|
58
|
+
description: " Fork of some other guys code\n"
|
59
|
+
email: active_directory.ruby.maz@kabalo.org
|
60
|
+
executables: []
|
61
|
+
extensions: []
|
62
|
+
extra_rdoc_files:
|
63
|
+
- README.md
|
64
|
+
files:
|
65
|
+
- LICENSE
|
66
|
+
- README.md
|
67
|
+
- VERSION
|
68
|
+
- lib/bsb_active_directory.rb
|
69
|
+
- lib/bsb_active_directory/attributes.rb
|
70
|
+
- lib/bsb_active_directory/attributes/group_type.rb
|
71
|
+
- lib/bsb_active_directory/attributes/sam_account_type.rb
|
72
|
+
- lib/bsb_active_directory/base.rb
|
73
|
+
- lib/bsb_active_directory/computer.rb
|
74
|
+
- lib/bsb_active_directory/container.rb
|
75
|
+
- lib/bsb_active_directory/field_type/binary.rb
|
76
|
+
- lib/bsb_active_directory/field_type/date.rb
|
77
|
+
- lib/bsb_active_directory/field_type/dn_array.rb
|
78
|
+
- lib/bsb_active_directory/field_type/group_dn_array.rb
|
79
|
+
- lib/bsb_active_directory/field_type/member_dn_array.rb
|
80
|
+
- lib/bsb_active_directory/field_type/password.rb
|
81
|
+
- lib/bsb_active_directory/field_type/timestamp.rb
|
82
|
+
- lib/bsb_active_directory/field_type/user_dn_array.rb
|
83
|
+
- lib/bsb_active_directory/group.rb
|
84
|
+
- lib/bsb_active_directory/member.rb
|
85
|
+
- lib/bsb_active_directory/user.rb
|
86
|
+
- lib/bsb_active_directory/version.rb
|
87
|
+
homepage: http://github.com/mazwak/active_directory
|
88
|
+
licenses:
|
89
|
+
- GPL-3.0
|
90
|
+
metadata: {}
|
91
|
+
post_install_message:
|
92
|
+
rdoc_options: []
|
93
|
+
require_paths:
|
94
|
+
- lib
|
95
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
96
|
+
requirements:
|
97
|
+
- - ">="
|
98
|
+
- !ruby/object:Gem::Version
|
99
|
+
version: '2'
|
100
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
101
|
+
requirements:
|
102
|
+
- - ">="
|
103
|
+
- !ruby/object:Gem::Version
|
104
|
+
version: '0'
|
105
|
+
requirements: []
|
106
|
+
rubygems_version: 3.3.7
|
107
|
+
signing_key:
|
108
|
+
specification_version: 4
|
109
|
+
summary: An interface library for accessing Microsoft's Active Directory.
|
110
|
+
test_files: []
|