bsb_active_directory 8.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/LICENSE +675 -0
- data/README.md +43 -0
- data/VERSION +1 -0
- data/lib/bsb_active_directory/attributes/group_type.rb +11 -0
- data/lib/bsb_active_directory/attributes/sam_account_type.rb +16 -0
- data/lib/bsb_active_directory/attributes.rb +3 -0
- data/lib/bsb_active_directory/base.rb +645 -0
- data/lib/bsb_active_directory/computer.rb +35 -0
- data/lib/bsb_active_directory/container.rb +114 -0
- data/lib/bsb_active_directory/field_type/binary.rb +39 -0
- data/lib/bsb_active_directory/field_type/date.rb +39 -0
- data/lib/bsb_active_directory/field_type/dn_array.rb +40 -0
- data/lib/bsb_active_directory/field_type/group_dn_array.rb +40 -0
- data/lib/bsb_active_directory/field_type/member_dn_array.rb +47 -0
- data/lib/bsb_active_directory/field_type/password.rb +41 -0
- data/lib/bsb_active_directory/field_type/timestamp.rb +45 -0
- data/lib/bsb_active_directory/field_type/user_dn_array.rb +40 -0
- data/lib/bsb_active_directory/group.rb +160 -0
- data/lib/bsb_active_directory/member.rb +53 -0
- data/lib/bsb_active_directory/user.rb +182 -0
- data/lib/bsb_active_directory/version.rb +3 -0
- data/lib/bsb_active_directory.rb +94 -0
- metadata +110 -0
@@ -0,0 +1,182 @@
|
|
1
|
+
#-- license
|
2
|
+
#
|
3
|
+
# Based on original code by Justin Mecham and James Hunt
|
4
|
+
# at http://rubyforge.org/projects/activedirectory
|
5
|
+
#
|
6
|
+
# This program is free software: you can redistribute it and/or modify
|
7
|
+
# it under the terms of the GNU General Public License as published by
|
8
|
+
# the Free Software Foundation, either version 3 of the License, or
|
9
|
+
# (at your option) any later version.
|
10
|
+
#
|
11
|
+
# This program is distributed in the hope that it will be useful,
|
12
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
13
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
14
|
+
# GNU General Public License for more details.
|
15
|
+
#
|
16
|
+
# You should have received a copy of the GNU General Public License
|
17
|
+
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
18
|
+
#
|
19
|
+
#++ license
|
20
|
+
|
21
|
+
module ActiveDirectory
|
22
|
+
class User < Base
|
23
|
+
include Member
|
24
|
+
|
25
|
+
UAC_ACCOUNT_DISABLED = 0x0002
|
26
|
+
UAC_NORMAL_ACCOUNT = 0x0200 # 512
|
27
|
+
UAC_PASSWORD_NEVER_EXPIRES = 0x10000 # 65536
|
28
|
+
|
29
|
+
def self.filter # :nodoc:
|
30
|
+
Net::LDAP::Filter.eq(:objectClass, 'user') & ~Net::LDAP::Filter.eq(:objectClass, 'computer')
|
31
|
+
end
|
32
|
+
|
33
|
+
def self.required_attributes #:nodoc:
|
34
|
+
{ objectClass: %w[top organizationalPerson person user] }
|
35
|
+
end
|
36
|
+
|
37
|
+
# Try to authenticate the current User against Active Directory
|
38
|
+
# using the supplied password. Returns false upon failure.
|
39
|
+
#
|
40
|
+
# Authenticate can fail for a variety of reasons, primarily:
|
41
|
+
#
|
42
|
+
# * The password is wrong
|
43
|
+
# * The account is locked
|
44
|
+
# * The account is disabled
|
45
|
+
#
|
46
|
+
# User#locked? and User#disabled? can be used to identify the
|
47
|
+
# latter two cases, and if the account is enabled and unlocked,
|
48
|
+
# Athe password is probably invalid.
|
49
|
+
#
|
50
|
+
def authenticate(password)
|
51
|
+
return false if password.to_s.empty?
|
52
|
+
|
53
|
+
auth_ldap = @@ldap.dup.bind_as(
|
54
|
+
filter: "(sAMAccountName=#{sAMAccountName})",
|
55
|
+
password: password
|
56
|
+
)
|
57
|
+
end
|
58
|
+
|
59
|
+
#
|
60
|
+
# Return the User's manager (another User object), depending on
|
61
|
+
# what is stored in the manager attribute.
|
62
|
+
#
|
63
|
+
# Returns nil if the schema does not include the manager attribute
|
64
|
+
# or if no manager has been configured.
|
65
|
+
#
|
66
|
+
def manager
|
67
|
+
return nil if @entry.manager.nil?
|
68
|
+
User.find_by_distinguishedName(@entry.manager.to_s)
|
69
|
+
end
|
70
|
+
|
71
|
+
#
|
72
|
+
# Returns an array of Group objects that this User belongs to.
|
73
|
+
# Only the immediate parent groups are returned, so if the user
|
74
|
+
# Sally is in a group called Sales, and Sales is in a group
|
75
|
+
# called Marketting, this method would only return the Sales group.
|
76
|
+
#
|
77
|
+
def groups
|
78
|
+
@groups ||= Group.find(:all, distinguishedname: @entry[:memberOf])
|
79
|
+
end
|
80
|
+
|
81
|
+
#
|
82
|
+
# Returns an array of User objects that have this
|
83
|
+
# User as their manager.
|
84
|
+
#
|
85
|
+
def direct_reports
|
86
|
+
return [] if @entry.directReports.nil?
|
87
|
+
@direct_reports ||= User.find(:all, @entry.directReports)
|
88
|
+
end
|
89
|
+
|
90
|
+
#
|
91
|
+
# Returns true if this account has been locked out
|
92
|
+
# (usually because of too many invalid authentication attempts).
|
93
|
+
#
|
94
|
+
# Locked accounts can be unlocked with the User#unlock! method.
|
95
|
+
#
|
96
|
+
def locked?
|
97
|
+
!lockoutTime.nil? && lockoutTime.to_i != 0
|
98
|
+
end
|
99
|
+
|
100
|
+
#
|
101
|
+
# Returns true if this account has been disabled.
|
102
|
+
#
|
103
|
+
def disabled?
|
104
|
+
userAccountControl.to_i & UAC_ACCOUNT_DISABLED != 0
|
105
|
+
end
|
106
|
+
|
107
|
+
#
|
108
|
+
# Disables the account
|
109
|
+
#
|
110
|
+
def disable
|
111
|
+
new_mask = userAccountControl.to_i | UAC_ACCOUNT_DISABLED
|
112
|
+
update_attributes userAccountControl: new_mask.to_s
|
113
|
+
end
|
114
|
+
|
115
|
+
#
|
116
|
+
# Enables the account
|
117
|
+
#
|
118
|
+
def enable
|
119
|
+
new_mask = userAccountControl.to_i ^ UAC_ACCOUNT_DISABLED
|
120
|
+
update_attributes userAccountControl: new_mask.to_s
|
121
|
+
end
|
122
|
+
|
123
|
+
#
|
124
|
+
# Returns true if this account is expired.
|
125
|
+
#
|
126
|
+
def expired?
|
127
|
+
!lockoutTime.nil? && lockoutTime.to_i != 0
|
128
|
+
end
|
129
|
+
|
130
|
+
#
|
131
|
+
# Returns true if this account has a password that does not expire.
|
132
|
+
#
|
133
|
+
def password_never_expires?
|
134
|
+
userAccountControl.to_i & UAC_PASSWORD_NEVER_EXPIRES != 0
|
135
|
+
end
|
136
|
+
|
137
|
+
#
|
138
|
+
# Returns true if the user should be able to log in with a correct
|
139
|
+
# password (essentially, their account is not disabled or locked
|
140
|
+
# out).
|
141
|
+
#
|
142
|
+
def can_login?
|
143
|
+
!disabled? && !locked?
|
144
|
+
end
|
145
|
+
|
146
|
+
#
|
147
|
+
# Change the password for this account.
|
148
|
+
#
|
149
|
+
# This operation requires that the bind user specified in
|
150
|
+
# Base.setup have heightened privileges. It also requires an
|
151
|
+
# SSL connection.
|
152
|
+
#
|
153
|
+
# If the force_change argument is passed as true, the password will
|
154
|
+
# be marked as 'expired', forcing the user to change it the next
|
155
|
+
# time they successfully log into the domain.
|
156
|
+
#
|
157
|
+
def change_password(new_password, force_change = false)
|
158
|
+
settings = @@settings.dup.merge(
|
159
|
+
port: 636,
|
160
|
+
encryption: { method: :simple_tls }
|
161
|
+
)
|
162
|
+
|
163
|
+
ldap = Net::LDAP.new(settings)
|
164
|
+
ldap.modify(
|
165
|
+
dn: distinguishedName,
|
166
|
+
operations: [
|
167
|
+
[:replace, :lockoutTime, ['0']],
|
168
|
+
[:replace, :unicodePwd, [FieldType::Password.encode(new_password)]],
|
169
|
+
[:replace, :userAccountControl, [UAC_NORMAL_ACCOUNT.to_s]],
|
170
|
+
[:replace, :pwdLastSet, [(force_change ? '0' : '-1')]]
|
171
|
+
]
|
172
|
+
)
|
173
|
+
end
|
174
|
+
|
175
|
+
#
|
176
|
+
# Unlocks this account.
|
177
|
+
#
|
178
|
+
def unlock!
|
179
|
+
@@ldap.replace_attribute(distinguishedName, :lockoutTime, ['0'])
|
180
|
+
end
|
181
|
+
end
|
182
|
+
end
|
@@ -0,0 +1,94 @@
|
|
1
|
+
#-- license
|
2
|
+
#
|
3
|
+
# Based on original code by Justin Mecham and James Hunt
|
4
|
+
# at http://rubyforge.org/projects/activedirectory
|
5
|
+
#
|
6
|
+
# This program is free software: you can redistribute it and/or modify
|
7
|
+
# it under the terms of the GNU General Public License as published by
|
8
|
+
# the Free Software Foundation, either version 3 of the License, or
|
9
|
+
# (at your option) any later version.
|
10
|
+
#
|
11
|
+
# This program is distributed in the hope that it will be useful,
|
12
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
13
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
14
|
+
# GNU General Public License for more details.
|
15
|
+
#
|
16
|
+
# You should have received a copy of the GNU General Public License
|
17
|
+
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
18
|
+
#
|
19
|
+
#++ license
|
20
|
+
|
21
|
+
require 'net/ldap'
|
22
|
+
|
23
|
+
require 'bsb_active_directory/base.rb'
|
24
|
+
require 'bsb_active_directory/container.rb'
|
25
|
+
require 'bsb_active_directory/member.rb'
|
26
|
+
|
27
|
+
require 'bsb_active_directory/user.rb'
|
28
|
+
require 'bsb_active_directory/group.rb'
|
29
|
+
require 'bsb_active_directory/computer.rb'
|
30
|
+
|
31
|
+
require 'bsb_active_directory/field_type/password.rb'
|
32
|
+
require 'bsb_active_directory/field_type/binary.rb'
|
33
|
+
require 'bsb_active_directory/field_type/date.rb'
|
34
|
+
require 'bsb_active_directory/field_type/timestamp.rb'
|
35
|
+
require 'bsb_active_directory/field_type/dn_array.rb'
|
36
|
+
require 'bsb_active_directory/field_type/user_dn_array.rb'
|
37
|
+
require 'bsb_active_directory/field_type/group_dn_array.rb'
|
38
|
+
require 'bsb_active_directory/field_type/member_dn_array.rb'
|
39
|
+
|
40
|
+
module ActiveDirectory
|
41
|
+
# Special Fields
|
42
|
+
def self.special_fields
|
43
|
+
@@special_fields
|
44
|
+
end
|
45
|
+
|
46
|
+
def self.special_fields=(sp_fields)
|
47
|
+
@@special_fields = sp_fields
|
48
|
+
end
|
49
|
+
|
50
|
+
@@special_fields = {
|
51
|
+
|
52
|
+
# All objects in the AD
|
53
|
+
Base: {
|
54
|
+
objectguid: :Binary,
|
55
|
+
whencreated: :Date,
|
56
|
+
whenchanged: :Date,
|
57
|
+
memberof: :DnArray
|
58
|
+
},
|
59
|
+
|
60
|
+
# User objects
|
61
|
+
User: {
|
62
|
+
objectguid: :Binary,
|
63
|
+
whencreated: :Date,
|
64
|
+
whenchanged: :Date,
|
65
|
+
objectsid: :Binary,
|
66
|
+
msexchmailboxguid: :Binary,
|
67
|
+
msexchmailboxsecuritydescriptor: :Binary,
|
68
|
+
lastlogontimestamp: :Timestamp,
|
69
|
+
pwdlastset: :Timestamp,
|
70
|
+
accountexpires: :Timestamp,
|
71
|
+
memberof: :MemberDnArray
|
72
|
+
},
|
73
|
+
|
74
|
+
# Group objects
|
75
|
+
Group: {
|
76
|
+
objectguid: :Binary,
|
77
|
+
whencreate: :Date,
|
78
|
+
whenchanged: :Date,
|
79
|
+
objectsid: :Binary,
|
80
|
+
memberof: :GroupDnArray,
|
81
|
+
member: :MemberDnArray
|
82
|
+
},
|
83
|
+
|
84
|
+
# Computer objects
|
85
|
+
Computer: {
|
86
|
+
objectguid: :Binary,
|
87
|
+
whencreated: :Date,
|
88
|
+
whenchanged: :Date,
|
89
|
+
objectsid: :Binary,
|
90
|
+
memberof: :GroupDnArray,
|
91
|
+
member: :MemberDnArray
|
92
|
+
}
|
93
|
+
}
|
94
|
+
end
|
metadata
ADDED
@@ -0,0 +1,110 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: bsb_active_directory
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: '8.0'
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Simon Arnaud
|
8
|
+
- Adam T Kerr
|
9
|
+
- Keith Pitty
|
10
|
+
- James Hunt
|
11
|
+
autorequire:
|
12
|
+
bindir: bin
|
13
|
+
cert_chain: []
|
14
|
+
date: 2022-05-05 00:00:00.000000000 Z
|
15
|
+
dependencies:
|
16
|
+
- !ruby/object:Gem::Dependency
|
17
|
+
name: net-ldap
|
18
|
+
requirement: !ruby/object:Gem::Requirement
|
19
|
+
requirements:
|
20
|
+
- - "~>"
|
21
|
+
- !ruby/object:Gem::Version
|
22
|
+
version: '0'
|
23
|
+
type: :runtime
|
24
|
+
prerelease: false
|
25
|
+
version_requirements: !ruby/object:Gem::Requirement
|
26
|
+
requirements:
|
27
|
+
- - "~>"
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: '0'
|
30
|
+
- !ruby/object:Gem::Dependency
|
31
|
+
name: bindata
|
32
|
+
requirement: !ruby/object:Gem::Requirement
|
33
|
+
requirements:
|
34
|
+
- - "~>"
|
35
|
+
- !ruby/object:Gem::Version
|
36
|
+
version: '2'
|
37
|
+
type: :runtime
|
38
|
+
prerelease: false
|
39
|
+
version_requirements: !ruby/object:Gem::Requirement
|
40
|
+
requirements:
|
41
|
+
- - "~>"
|
42
|
+
- !ruby/object:Gem::Version
|
43
|
+
version: '2'
|
44
|
+
- !ruby/object:Gem::Dependency
|
45
|
+
name: minitest
|
46
|
+
requirement: !ruby/object:Gem::Requirement
|
47
|
+
requirements:
|
48
|
+
- - "~>"
|
49
|
+
- !ruby/object:Gem::Version
|
50
|
+
version: '5'
|
51
|
+
type: :development
|
52
|
+
prerelease: false
|
53
|
+
version_requirements: !ruby/object:Gem::Requirement
|
54
|
+
requirements:
|
55
|
+
- - "~>"
|
56
|
+
- !ruby/object:Gem::Version
|
57
|
+
version: '5'
|
58
|
+
description: " Fork of some other guys code\n"
|
59
|
+
email: active_directory.ruby.maz@kabalo.org
|
60
|
+
executables: []
|
61
|
+
extensions: []
|
62
|
+
extra_rdoc_files:
|
63
|
+
- README.md
|
64
|
+
files:
|
65
|
+
- LICENSE
|
66
|
+
- README.md
|
67
|
+
- VERSION
|
68
|
+
- lib/bsb_active_directory.rb
|
69
|
+
- lib/bsb_active_directory/attributes.rb
|
70
|
+
- lib/bsb_active_directory/attributes/group_type.rb
|
71
|
+
- lib/bsb_active_directory/attributes/sam_account_type.rb
|
72
|
+
- lib/bsb_active_directory/base.rb
|
73
|
+
- lib/bsb_active_directory/computer.rb
|
74
|
+
- lib/bsb_active_directory/container.rb
|
75
|
+
- lib/bsb_active_directory/field_type/binary.rb
|
76
|
+
- lib/bsb_active_directory/field_type/date.rb
|
77
|
+
- lib/bsb_active_directory/field_type/dn_array.rb
|
78
|
+
- lib/bsb_active_directory/field_type/group_dn_array.rb
|
79
|
+
- lib/bsb_active_directory/field_type/member_dn_array.rb
|
80
|
+
- lib/bsb_active_directory/field_type/password.rb
|
81
|
+
- lib/bsb_active_directory/field_type/timestamp.rb
|
82
|
+
- lib/bsb_active_directory/field_type/user_dn_array.rb
|
83
|
+
- lib/bsb_active_directory/group.rb
|
84
|
+
- lib/bsb_active_directory/member.rb
|
85
|
+
- lib/bsb_active_directory/user.rb
|
86
|
+
- lib/bsb_active_directory/version.rb
|
87
|
+
homepage: http://github.com/mazwak/active_directory
|
88
|
+
licenses:
|
89
|
+
- GPL-3.0
|
90
|
+
metadata: {}
|
91
|
+
post_install_message:
|
92
|
+
rdoc_options: []
|
93
|
+
require_paths:
|
94
|
+
- lib
|
95
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
96
|
+
requirements:
|
97
|
+
- - ">="
|
98
|
+
- !ruby/object:Gem::Version
|
99
|
+
version: '2'
|
100
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
101
|
+
requirements:
|
102
|
+
- - ">="
|
103
|
+
- !ruby/object:Gem::Version
|
104
|
+
version: '0'
|
105
|
+
requirements: []
|
106
|
+
rubygems_version: 3.3.7
|
107
|
+
signing_key:
|
108
|
+
specification_version: 4
|
109
|
+
summary: An interface library for accessing Microsoft's Active Directory.
|
110
|
+
test_files: []
|