bsb_active_directory 8.0

data/lib/bsb_active_directory/user.rb

@@ -0,0 +1,182 @@
+#-- license
+#
+#  Based on original code by Justin Mecham and James Hunt
+#  at http://rubyforge.org/projects/activedirectory
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#++ license
+
+module ActiveDirectory
+  class User < Base
+    include Member
+
+    UAC_ACCOUNT_DISABLED = 0x0002
+    UAC_NORMAL_ACCOUNT   = 0x0200 # 512
+    UAC_PASSWORD_NEVER_EXPIRES = 0x10000 # 65536
+
+    def self.filter # :nodoc:
+      Net::LDAP::Filter.eq(:objectClass, 'user') & ~Net::LDAP::Filter.eq(:objectClass, 'computer')
+    end
+
+    def self.required_attributes #:nodoc:
+      { objectClass: %w[top organizationalPerson person user] }
+    end
+
+    # Try to authenticate the current User against Active Directory
+    # using the supplied password. Returns false upon failure.
+    #
+    # Authenticate can fail for a variety of reasons, primarily:
+    #
+    # * The password is wrong
+    # * The account is locked
+    # * The account is disabled
+    #
+    # User#locked? and User#disabled? can be used to identify the
+    # latter two cases, and if the account is enabled and unlocked,
+    # Athe password is probably invalid.
+    #
+    def authenticate(password)
+      return false if password.to_s.empty?
+
+      auth_ldap = @@ldap.dup.bind_as(
+        filter: "(sAMAccountName=#{sAMAccountName})",
+        password: password
+      )
+    end
+
+    #
+    # Return the User's manager (another User object), depending on
+    # what is stored in the manager attribute.
+    #
+    # Returns nil if the schema does not include the manager attribute
+    # or if no manager has been configured.
+    #
+    def manager
+      return nil if @entry.manager.nil?
+      User.find_by_distinguishedName(@entry.manager.to_s)
+    end
+
+    #
+    # Returns an array of Group objects that this User belongs to.
+    # Only the immediate parent groups are returned, so if the user
+    # Sally is in a group called Sales, and Sales is in a group
+    # called Marketting, this method would only return the Sales group.
+    #
+    def groups
+      @groups ||= Group.find(:all, distinguishedname: @entry[:memberOf])
+    end
+
+    #
+    # Returns an array of User objects that have this
+    # User as their manager.
+    #
+    def direct_reports
+      return [] if @entry.directReports.nil?
+      @direct_reports ||= User.find(:all, @entry.directReports)
+    end
+
+    #
+    # Returns true if this account has been locked out
+    # (usually because of too many invalid authentication attempts).
+    #
+    # Locked accounts can be unlocked with the User#unlock! method.
+    #
+    def locked?
+      !lockoutTime.nil? && lockoutTime.to_i != 0
+    end
+
+    #
+    # Returns true if this account has been disabled.
+    #
+    def disabled?
+      userAccountControl.to_i & UAC_ACCOUNT_DISABLED != 0
+    end
+
+    #
+    # Disables the account
+    #
+    def disable
+      new_mask = userAccountControl.to_i | UAC_ACCOUNT_DISABLED
+      update_attributes userAccountControl: new_mask.to_s
+    end
+
+    #
+    # Enables the account
+    #
+    def enable
+      new_mask = userAccountControl.to_i ^ UAC_ACCOUNT_DISABLED
+      update_attributes userAccountControl: new_mask.to_s
+    end
+
+    #
+    # Returns true if this account is expired.
+    #
+    def expired?
+      !lockoutTime.nil? && lockoutTime.to_i != 0
+    end
+
+    #
+    # Returns true if this account has a password that does not expire.
+    #
+    def password_never_expires?
+      userAccountControl.to_i & UAC_PASSWORD_NEVER_EXPIRES != 0
+    end
+
+    #
+    # Returns true if the user should be able to log in with a correct
+    # password (essentially, their account is not disabled or locked
+    # out).
+    #
+    def can_login?
+      !disabled? && !locked?
+    end
+
+    #
+    # Change the password for this account.
+    #
+    # This operation requires that the bind user specified in
+    # Base.setup have heightened privileges. It also requires an
+    # SSL connection.
+    #
+    # If the force_change argument is passed as true, the password will
+    # be marked as 'expired', forcing the user to change it the next
+    # time they successfully log into the domain.
+    #
+    def change_password(new_password, force_change = false)
+      settings = @@settings.dup.merge(
+        port: 636,
+        encryption: { method: :simple_tls }
+      )
+
+      ldap = Net::LDAP.new(settings)
+      ldap.modify(
+        dn: distinguishedName,
+        operations: [
+          [:replace, :lockoutTime, ['0']],
+          [:replace, :unicodePwd, [FieldType::Password.encode(new_password)]],
+          [:replace, :userAccountControl, [UAC_NORMAL_ACCOUNT.to_s]],
+          [:replace, :pwdLastSet, [(force_change ? '0' : '-1')]]
+        ]
+      )
+    end
+
+    #
+    # Unlocks this account.
+    #
+    def unlock!
+      @@ldap.replace_attribute(distinguishedName, :lockoutTime, ['0'])
+    end
+  end
+end

data/lib/bsb_active_directory/version.rb

@@ -0,0 +1,3 @@
+module ActiveDirectory
+  VERSION = '1.6.1.1'.freeze
+end

data/lib/bsb_active_directory.rb

@@ -0,0 +1,94 @@
+#-- license
+#
+#  Based on original code by Justin Mecham and James Hunt
+#  at http://rubyforge.org/projects/activedirectory
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#++ license
+
+require 'net/ldap'
+
+require 'bsb_active_directory/base.rb'
+require 'bsb_active_directory/container.rb'
+require 'bsb_active_directory/member.rb'
+
+require 'bsb_active_directory/user.rb'
+require 'bsb_active_directory/group.rb'
+require 'bsb_active_directory/computer.rb'
+
+require 'bsb_active_directory/field_type/password.rb'
+require 'bsb_active_directory/field_type/binary.rb'
+require 'bsb_active_directory/field_type/date.rb'
+require 'bsb_active_directory/field_type/timestamp.rb'
+require 'bsb_active_directory/field_type/dn_array.rb'
+require 'bsb_active_directory/field_type/user_dn_array.rb'
+require 'bsb_active_directory/field_type/group_dn_array.rb'
+require 'bsb_active_directory/field_type/member_dn_array.rb'
+
+module ActiveDirectory
+  # Special Fields
+  def self.special_fields
+    @@special_fields
+  end
+
+  def self.special_fields=(sp_fields)
+    @@special_fields = sp_fields
+  end
+
+  @@special_fields = {
+
+    # All objects in the AD
+    Base: {
+      objectguid: :Binary,
+      whencreated: :Date,
+      whenchanged: :Date,
+      memberof: :DnArray
+    },
+
+    # User objects
+    User: {
+      objectguid: :Binary,
+      whencreated: :Date,
+      whenchanged: :Date,
+      objectsid: :Binary,
+      msexchmailboxguid: :Binary,
+      msexchmailboxsecuritydescriptor: :Binary,
+      lastlogontimestamp: :Timestamp,
+      pwdlastset: :Timestamp,
+      accountexpires: :Timestamp,
+      memberof: :MemberDnArray
+    },
+
+    # Group objects
+    Group: {
+      objectguid: :Binary,
+      whencreate: :Date,
+      whenchanged: :Date,
+      objectsid: :Binary,
+      memberof: :GroupDnArray,
+      member: :MemberDnArray
+    },
+
+    # Computer objects
+    Computer: {
+      objectguid: :Binary,
+      whencreated: :Date,
+      whenchanged: :Date,
+      objectsid: :Binary,
+      memberof: :GroupDnArray,
+      member: :MemberDnArray
+    }
+  }
+end

metadata

@@ -0,0 +1,110 @@
+--- !ruby/object:Gem::Specification
+name: bsb_active_directory
+version: !ruby/object:Gem::Version
+  version: '8.0'
+platform: ruby
+authors:
+- Simon Arnaud
+- Adam T Kerr
+- Keith Pitty
+- James Hunt
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2022-05-05 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: net-ldap
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bindata
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5'
+description: "  Fork of some other guys code\n"
+email: active_directory.ruby.maz@kabalo.org
+executables: []
+extensions: []
+extra_rdoc_files:
+- README.md
+files:
+- LICENSE
+- README.md
+- VERSION
+- lib/bsb_active_directory.rb
+- lib/bsb_active_directory/attributes.rb
+- lib/bsb_active_directory/attributes/group_type.rb
+- lib/bsb_active_directory/attributes/sam_account_type.rb
+- lib/bsb_active_directory/base.rb
+- lib/bsb_active_directory/computer.rb
+- lib/bsb_active_directory/container.rb
+- lib/bsb_active_directory/field_type/binary.rb
+- lib/bsb_active_directory/field_type/date.rb
+- lib/bsb_active_directory/field_type/dn_array.rb
+- lib/bsb_active_directory/field_type/group_dn_array.rb
+- lib/bsb_active_directory/field_type/member_dn_array.rb
+- lib/bsb_active_directory/field_type/password.rb
+- lib/bsb_active_directory/field_type/timestamp.rb
+- lib/bsb_active_directory/field_type/user_dn_array.rb
+- lib/bsb_active_directory/group.rb
+- lib/bsb_active_directory/member.rb
+- lib/bsb_active_directory/user.rb
+- lib/bsb_active_directory/version.rb
+homepage: http://github.com/mazwak/active_directory
+licenses:
+- GPL-3.0
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '2'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.3.7
+signing_key:
+specification_version: 4
+summary: An interface library for accessing Microsoft's Active Directory.
+test_files: []