bsb_active_directory 8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,182 @@
1
+ #-- license
2
+ #
3
+ # Based on original code by Justin Mecham and James Hunt
4
+ # at http://rubyforge.org/projects/activedirectory
5
+ #
6
+ # This program is free software: you can redistribute it and/or modify
7
+ # it under the terms of the GNU General Public License as published by
8
+ # the Free Software Foundation, either version 3 of the License, or
9
+ # (at your option) any later version.
10
+ #
11
+ # This program is distributed in the hope that it will be useful,
12
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
13
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
+ # GNU General Public License for more details.
15
+ #
16
+ # You should have received a copy of the GNU General Public License
17
+ # along with this program. If not, see <http://www.gnu.org/licenses/>.
18
+ #
19
+ #++ license
20
+
21
+ module ActiveDirectory
22
+ class User < Base
23
+ include Member
24
+
25
+ UAC_ACCOUNT_DISABLED = 0x0002
26
+ UAC_NORMAL_ACCOUNT = 0x0200 # 512
27
+ UAC_PASSWORD_NEVER_EXPIRES = 0x10000 # 65536
28
+
29
+ def self.filter # :nodoc:
30
+ Net::LDAP::Filter.eq(:objectClass, 'user') & ~Net::LDAP::Filter.eq(:objectClass, 'computer')
31
+ end
32
+
33
+ def self.required_attributes #:nodoc:
34
+ { objectClass: %w[top organizationalPerson person user] }
35
+ end
36
+
37
+ # Try to authenticate the current User against Active Directory
38
+ # using the supplied password. Returns false upon failure.
39
+ #
40
+ # Authenticate can fail for a variety of reasons, primarily:
41
+ #
42
+ # * The password is wrong
43
+ # * The account is locked
44
+ # * The account is disabled
45
+ #
46
+ # User#locked? and User#disabled? can be used to identify the
47
+ # latter two cases, and if the account is enabled and unlocked,
48
+ # Athe password is probably invalid.
49
+ #
50
+ def authenticate(password)
51
+ return false if password.to_s.empty?
52
+
53
+ auth_ldap = @@ldap.dup.bind_as(
54
+ filter: "(sAMAccountName=#{sAMAccountName})",
55
+ password: password
56
+ )
57
+ end
58
+
59
+ #
60
+ # Return the User's manager (another User object), depending on
61
+ # what is stored in the manager attribute.
62
+ #
63
+ # Returns nil if the schema does not include the manager attribute
64
+ # or if no manager has been configured.
65
+ #
66
+ def manager
67
+ return nil if @entry.manager.nil?
68
+ User.find_by_distinguishedName(@entry.manager.to_s)
69
+ end
70
+
71
+ #
72
+ # Returns an array of Group objects that this User belongs to.
73
+ # Only the immediate parent groups are returned, so if the user
74
+ # Sally is in a group called Sales, and Sales is in a group
75
+ # called Marketting, this method would only return the Sales group.
76
+ #
77
+ def groups
78
+ @groups ||= Group.find(:all, distinguishedname: @entry[:memberOf])
79
+ end
80
+
81
+ #
82
+ # Returns an array of User objects that have this
83
+ # User as their manager.
84
+ #
85
+ def direct_reports
86
+ return [] if @entry.directReports.nil?
87
+ @direct_reports ||= User.find(:all, @entry.directReports)
88
+ end
89
+
90
+ #
91
+ # Returns true if this account has been locked out
92
+ # (usually because of too many invalid authentication attempts).
93
+ #
94
+ # Locked accounts can be unlocked with the User#unlock! method.
95
+ #
96
+ def locked?
97
+ !lockoutTime.nil? && lockoutTime.to_i != 0
98
+ end
99
+
100
+ #
101
+ # Returns true if this account has been disabled.
102
+ #
103
+ def disabled?
104
+ userAccountControl.to_i & UAC_ACCOUNT_DISABLED != 0
105
+ end
106
+
107
+ #
108
+ # Disables the account
109
+ #
110
+ def disable
111
+ new_mask = userAccountControl.to_i | UAC_ACCOUNT_DISABLED
112
+ update_attributes userAccountControl: new_mask.to_s
113
+ end
114
+
115
+ #
116
+ # Enables the account
117
+ #
118
+ def enable
119
+ new_mask = userAccountControl.to_i ^ UAC_ACCOUNT_DISABLED
120
+ update_attributes userAccountControl: new_mask.to_s
121
+ end
122
+
123
+ #
124
+ # Returns true if this account is expired.
125
+ #
126
+ def expired?
127
+ !lockoutTime.nil? && lockoutTime.to_i != 0
128
+ end
129
+
130
+ #
131
+ # Returns true if this account has a password that does not expire.
132
+ #
133
+ def password_never_expires?
134
+ userAccountControl.to_i & UAC_PASSWORD_NEVER_EXPIRES != 0
135
+ end
136
+
137
+ #
138
+ # Returns true if the user should be able to log in with a correct
139
+ # password (essentially, their account is not disabled or locked
140
+ # out).
141
+ #
142
+ def can_login?
143
+ !disabled? && !locked?
144
+ end
145
+
146
+ #
147
+ # Change the password for this account.
148
+ #
149
+ # This operation requires that the bind user specified in
150
+ # Base.setup have heightened privileges. It also requires an
151
+ # SSL connection.
152
+ #
153
+ # If the force_change argument is passed as true, the password will
154
+ # be marked as 'expired', forcing the user to change it the next
155
+ # time they successfully log into the domain.
156
+ #
157
+ def change_password(new_password, force_change = false)
158
+ settings = @@settings.dup.merge(
159
+ port: 636,
160
+ encryption: { method: :simple_tls }
161
+ )
162
+
163
+ ldap = Net::LDAP.new(settings)
164
+ ldap.modify(
165
+ dn: distinguishedName,
166
+ operations: [
167
+ [:replace, :lockoutTime, ['0']],
168
+ [:replace, :unicodePwd, [FieldType::Password.encode(new_password)]],
169
+ [:replace, :userAccountControl, [UAC_NORMAL_ACCOUNT.to_s]],
170
+ [:replace, :pwdLastSet, [(force_change ? '0' : '-1')]]
171
+ ]
172
+ )
173
+ end
174
+
175
+ #
176
+ # Unlocks this account.
177
+ #
178
+ def unlock!
179
+ @@ldap.replace_attribute(distinguishedName, :lockoutTime, ['0'])
180
+ end
181
+ end
182
+ end
@@ -0,0 +1,3 @@
1
+ module ActiveDirectory
2
+ VERSION = '1.6.1.1'.freeze
3
+ end
@@ -0,0 +1,94 @@
1
+ #-- license
2
+ #
3
+ # Based on original code by Justin Mecham and James Hunt
4
+ # at http://rubyforge.org/projects/activedirectory
5
+ #
6
+ # This program is free software: you can redistribute it and/or modify
7
+ # it under the terms of the GNU General Public License as published by
8
+ # the Free Software Foundation, either version 3 of the License, or
9
+ # (at your option) any later version.
10
+ #
11
+ # This program is distributed in the hope that it will be useful,
12
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
13
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
+ # GNU General Public License for more details.
15
+ #
16
+ # You should have received a copy of the GNU General Public License
17
+ # along with this program. If not, see <http://www.gnu.org/licenses/>.
18
+ #
19
+ #++ license
20
+
21
+ require 'net/ldap'
22
+
23
+ require 'bsb_active_directory/base.rb'
24
+ require 'bsb_active_directory/container.rb'
25
+ require 'bsb_active_directory/member.rb'
26
+
27
+ require 'bsb_active_directory/user.rb'
28
+ require 'bsb_active_directory/group.rb'
29
+ require 'bsb_active_directory/computer.rb'
30
+
31
+ require 'bsb_active_directory/field_type/password.rb'
32
+ require 'bsb_active_directory/field_type/binary.rb'
33
+ require 'bsb_active_directory/field_type/date.rb'
34
+ require 'bsb_active_directory/field_type/timestamp.rb'
35
+ require 'bsb_active_directory/field_type/dn_array.rb'
36
+ require 'bsb_active_directory/field_type/user_dn_array.rb'
37
+ require 'bsb_active_directory/field_type/group_dn_array.rb'
38
+ require 'bsb_active_directory/field_type/member_dn_array.rb'
39
+
40
+ module ActiveDirectory
41
+ # Special Fields
42
+ def self.special_fields
43
+ @@special_fields
44
+ end
45
+
46
+ def self.special_fields=(sp_fields)
47
+ @@special_fields = sp_fields
48
+ end
49
+
50
+ @@special_fields = {
51
+
52
+ # All objects in the AD
53
+ Base: {
54
+ objectguid: :Binary,
55
+ whencreated: :Date,
56
+ whenchanged: :Date,
57
+ memberof: :DnArray
58
+ },
59
+
60
+ # User objects
61
+ User: {
62
+ objectguid: :Binary,
63
+ whencreated: :Date,
64
+ whenchanged: :Date,
65
+ objectsid: :Binary,
66
+ msexchmailboxguid: :Binary,
67
+ msexchmailboxsecuritydescriptor: :Binary,
68
+ lastlogontimestamp: :Timestamp,
69
+ pwdlastset: :Timestamp,
70
+ accountexpires: :Timestamp,
71
+ memberof: :MemberDnArray
72
+ },
73
+
74
+ # Group objects
75
+ Group: {
76
+ objectguid: :Binary,
77
+ whencreate: :Date,
78
+ whenchanged: :Date,
79
+ objectsid: :Binary,
80
+ memberof: :GroupDnArray,
81
+ member: :MemberDnArray
82
+ },
83
+
84
+ # Computer objects
85
+ Computer: {
86
+ objectguid: :Binary,
87
+ whencreated: :Date,
88
+ whenchanged: :Date,
89
+ objectsid: :Binary,
90
+ memberof: :GroupDnArray,
91
+ member: :MemberDnArray
92
+ }
93
+ }
94
+ end
metadata ADDED
@@ -0,0 +1,110 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: bsb_active_directory
3
+ version: !ruby/object:Gem::Version
4
+ version: '8.0'
5
+ platform: ruby
6
+ authors:
7
+ - Simon Arnaud
8
+ - Adam T Kerr
9
+ - Keith Pitty
10
+ - James Hunt
11
+ autorequire:
12
+ bindir: bin
13
+ cert_chain: []
14
+ date: 2022-05-05 00:00:00.000000000 Z
15
+ dependencies:
16
+ - !ruby/object:Gem::Dependency
17
+ name: net-ldap
18
+ requirement: !ruby/object:Gem::Requirement
19
+ requirements:
20
+ - - "~>"
21
+ - !ruby/object:Gem::Version
22
+ version: '0'
23
+ type: :runtime
24
+ prerelease: false
25
+ version_requirements: !ruby/object:Gem::Requirement
26
+ requirements:
27
+ - - "~>"
28
+ - !ruby/object:Gem::Version
29
+ version: '0'
30
+ - !ruby/object:Gem::Dependency
31
+ name: bindata
32
+ requirement: !ruby/object:Gem::Requirement
33
+ requirements:
34
+ - - "~>"
35
+ - !ruby/object:Gem::Version
36
+ version: '2'
37
+ type: :runtime
38
+ prerelease: false
39
+ version_requirements: !ruby/object:Gem::Requirement
40
+ requirements:
41
+ - - "~>"
42
+ - !ruby/object:Gem::Version
43
+ version: '2'
44
+ - !ruby/object:Gem::Dependency
45
+ name: minitest
46
+ requirement: !ruby/object:Gem::Requirement
47
+ requirements:
48
+ - - "~>"
49
+ - !ruby/object:Gem::Version
50
+ version: '5'
51
+ type: :development
52
+ prerelease: false
53
+ version_requirements: !ruby/object:Gem::Requirement
54
+ requirements:
55
+ - - "~>"
56
+ - !ruby/object:Gem::Version
57
+ version: '5'
58
+ description: " Fork of some other guys code\n"
59
+ email: active_directory.ruby.maz@kabalo.org
60
+ executables: []
61
+ extensions: []
62
+ extra_rdoc_files:
63
+ - README.md
64
+ files:
65
+ - LICENSE
66
+ - README.md
67
+ - VERSION
68
+ - lib/bsb_active_directory.rb
69
+ - lib/bsb_active_directory/attributes.rb
70
+ - lib/bsb_active_directory/attributes/group_type.rb
71
+ - lib/bsb_active_directory/attributes/sam_account_type.rb
72
+ - lib/bsb_active_directory/base.rb
73
+ - lib/bsb_active_directory/computer.rb
74
+ - lib/bsb_active_directory/container.rb
75
+ - lib/bsb_active_directory/field_type/binary.rb
76
+ - lib/bsb_active_directory/field_type/date.rb
77
+ - lib/bsb_active_directory/field_type/dn_array.rb
78
+ - lib/bsb_active_directory/field_type/group_dn_array.rb
79
+ - lib/bsb_active_directory/field_type/member_dn_array.rb
80
+ - lib/bsb_active_directory/field_type/password.rb
81
+ - lib/bsb_active_directory/field_type/timestamp.rb
82
+ - lib/bsb_active_directory/field_type/user_dn_array.rb
83
+ - lib/bsb_active_directory/group.rb
84
+ - lib/bsb_active_directory/member.rb
85
+ - lib/bsb_active_directory/user.rb
86
+ - lib/bsb_active_directory/version.rb
87
+ homepage: http://github.com/mazwak/active_directory
88
+ licenses:
89
+ - GPL-3.0
90
+ metadata: {}
91
+ post_install_message:
92
+ rdoc_options: []
93
+ require_paths:
94
+ - lib
95
+ required_ruby_version: !ruby/object:Gem::Requirement
96
+ requirements:
97
+ - - ">="
98
+ - !ruby/object:Gem::Version
99
+ version: '2'
100
+ required_rubygems_version: !ruby/object:Gem::Requirement
101
+ requirements:
102
+ - - ">="
103
+ - !ruby/object:Gem::Version
104
+ version: '0'
105
+ requirements: []
106
+ rubygems_version: 3.3.7
107
+ signing_key:
108
+ specification_version: 4
109
+ summary: An interface library for accessing Microsoft's Active Directory.
110
+ test_files: []