datacom_active_directory 1.5.5.datacom

data/lib/active_directory/field_type/user_dn_array.rb

@@ -0,0 +1,40 @@
+#-- license
+#
+#  Based on original code by Justin Mecham and James Hunt
+#  at http://rubyforge.org/projects/activedirectory
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#++ license
+
+module ActiveDirectory
+	module FieldType
+		class UserDnArray
+			#
+			# Encodes an array of objects into a list of dns
+			# 
+			def self.encode(obj_array)
+				obj_array.collect { |obj| obj.dn }
+			end
+
+			#
+			# Decodes a list of DNs into the objects that they are
+			#
+			def self.decode(dn_array)
+				# How to do user or group?
+				User.find(:all, :distinguishedname => dn_array)
+			end
+		end
+	end
+end

data/lib/active_directory/group.rb

@@ -0,0 +1,138 @@
+#-- license
+#
+#  Based on original code by Justin Mecham and James Hunt
+#  at http://rubyforge.org/projects/activedirectory
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#++ license
+
+module ActiveDirectory
+	class Group < Base
+		include Member
+
+		def self.filter # :nodoc:
+			Net::LDAP::Filter.eq(:objectClass,'group')
+		end
+
+		def self.required_attributes # :nodoc:
+			{ :objectClass => [ 'top', 'group' ] }
+		end
+
+		def reload # :nodoc:
+			@member_users_non_r  = nil
+			@member_users_r      = nil
+			@member_groups_non_r = nil
+			@member_groups_r     = nil
+			@groups              = nil
+			super
+		end
+
+		#
+		# Returns true if the passed User or Group object belongs to
+		# this group. For performance reasons, the check is handled
+		# by the User or Group object passed.
+		#
+		def has_member?(user)
+			user.member_of?(self)
+		end
+
+		#
+		# Add the passed User or Group object to this Group. Returns true if
+		# the User or Group is already a member of the group, or if the operation
+		# to add them succeeds.
+		#
+		def add(new_member)
+			return false unless new_member.is_a?(User) || new_member.is_a?(Group)
+			if @@ldap.modify(:dn => distinguishedName, :operations => [
+				[ :add, :member, new_member.distinguishedName ]
+			])
+				return true
+			else
+				return has_member?(new_member)
+			end
+		end
+
+		#
+		# Remove a User or Group from this Group. Returns true if the User or
+		# Group does not belong to this Group, or if the oepration to remove them
+		# succeeds.
+		#
+		def remove(member)
+			return false unless member.is_a?(User) || member.is_a?(Group)
+			if @@ldap.modify(:dn => distinguishedName, :operations => [
+				[ :delete, :member, member.distinguishedName ]
+			])
+				return true
+			else
+				return !has_member?(member)
+			end
+		end
+
+		def has_members?
+			begin
+				return (@entry.member.nil? || @entry.member.empty?) ? false : true
+			rescue NoMethodError
+				return false
+			end
+		end
+
+		#
+		# Returns an array of all User objects that belong to this group.
+		#
+		# If the recursive argument is passed as false, then only Users who
+		# belong explicitly to this Group are returned.
+		#
+		# If the recursive argument is passed as true, then all Users who
+		# belong to this Group, or any of its subgroups, are returned.
+		# 
+		def member_users(recursive = false)
+			return [] unless @entry.respond_to?(:member)
+                        @member_users = User.find(:all, :distinguishedname => @entry.member).delete_if { |u| u.nil? }
+                        if recursive then
+                          self.member_groups.each do |group|
+                            @member_users.concat(group.member_users(true))
+                          end
+                        end
+                        return @member_users
+		end
+
+		#
+		# Returns an array of all Group objects that belong to this group.
+		#
+		# If the recursive argument is passed as false, then only Groups that
+		# belong explicitly to this Group are returned.
+		#
+		# If the recursive argument is passed as true, then all Groups that
+		# belong to this Group, or any of its subgroups, are returned.
+		# 
+		def member_groups(recursive = false)
+                        @member_groups ||= Group.find(:all, :distinguishedname => @entry.member).delete_if { |g| g.nil? }
+                        if recursive then
+                          self.member_groups.each do |group|
+                            @member_groups.concat(group.member_groups(true))
+                          end
+                        end
+                        return @member_groups
+		end
+
+		#
+		# Returns an array of Group objects that this Group belongs to.
+		#
+		def groups
+			return [] if memberOf.nil?
+			@groups ||= Group.find(:all, :distinguishedname => @entry.memberOf).delete_if { |g| g.nil? }
+		end
+	end
+end

data/lib/active_directory/member.rb

@@ -0,0 +1,53 @@
+#-- license
+#
+#  Based on original code by Justin Mecham and James Hunt
+#  at http://rubyforge.org/projects/activedirectory
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#++ license
+
+module ActiveDirectory
+	module Member
+		#
+		# Returns true if this member (User or Group) is a member of
+		# the passed Group object.
+		#
+		def member_of?(usergroup)
+			group_dns = memberOf
+			return false if group_dns.nil? || group_dns.empty?
+			#group_dns = [group_dns] unless group_dns.is_a?(Array)
+			group_dns.include?(usergroup.dn)
+		end
+
+		#
+		# Add the member to the passed Group object. Returns true if this object
+		# is already a member of the Group, or if the operation to add it succeeded.
+		#
+		def join(group)
+			return false unless group.is_a?(Group)
+			group.add(self)
+		end
+
+		#
+		# Remove the member from the passed Group object. Returns true if this
+		# object is not a member of the Group, or if the operation to remove it
+		# succeeded.
+		#
+		def unjoin(group)
+			return false unless group.is_a?(Group)
+			group.remove(self)
+		end
+	end
+end

data/lib/active_directory/user.rb

@@ -0,0 +1,167 @@
+#-- license
+#
+#  Based on original code by Justin Mecham and James Hunt
+#  at http://rubyforge.org/projects/activedirectory
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#++ license
+
+module ActiveDirectory
+	class User < Base
+		include Member
+
+		UAC_ACCOUNT_DISABLED = 0x0002
+		UAC_NORMAL_ACCOUNT   = 0x0200 # 512
+		UAC_PASSWORD_NEVER_EXPIRES = 0x10000 #65536
+
+		def self.filter # :nodoc:
+			Net::LDAP::Filter.eq(:objectClass,'user') & ~Net::LDAP::Filter.eq(:objectClass,'computer')
+		end
+
+		def self.required_attributes #:nodoc:
+			{ :objectClass => ['top', 'organizationalPerson', 'person', 'user'] }
+		end
+
+		#
+		# Try to authenticate the current User against Active Directory
+		# using the supplied password. Returns false upon failure.
+		#
+		# Authenticate can fail for a variety of reasons, primarily:
+		#
+		# * The password is wrong
+		# * The account is locked
+		# * The account is disabled
+		#
+		# User#locked? and User#disabled? can be used to identify the
+		# latter two cases, and if the account is enabled and unlocked,
+		# Athe password is probably invalid.
+		#
+		def authenticate(password)
+			return false if password.to_s.empty?
+
+			auth_ldap = @@ldap.dup.bind_as(
+				:filter => "(sAMAccountName=#{sAMAccountName})",
+				:password => password
+			)
+		end
+
+		#
+		# Return the User's manager (another User object), depending on
+		# what is stored in the manager attribute.
+		#
+		# Returns nil if the schema does not include the manager attribute
+		# or if no manager has been configured.
+		#
+		def manager
+			return nil if @entry.manager.nil?
+			User.find_by_distinguishedName(@entry.manager.to_s)
+		end
+
+		#
+		# Returns an array of Group objects that this User belongs to.
+		# Only the immediate parent groups are returned, so if the user
+		# Sally is in a group called Sales, and Sales is in a group
+		# called Marketting, this method would only return the Sales group.
+		#
+		def groups
+			@groups ||= Group.find(:all, :distinguishedname => @entry.memberOf)
+		end
+
+		#
+		# Returns an array of User objects that have this
+		# User as their manager.
+		#
+		def direct_reports
+			return [] if @entry.directReports.nil?
+			@direct_reports ||= User.find(:all, @entry.directReports)
+		end
+
+		#
+		# Returns true if this account has been locked out
+		# (usually because of too many invalid authentication attempts).
+		#
+		# Locked accounts can be unlocked with the User#unlock! method.
+		#
+		def locked?
+			!lockoutTime.nil? && lockoutTime.to_i != 0
+		end
+
+		#
+		# Returns true if this account has been disabled.
+		#
+		def disabled?
+			userAccountControl.to_i & UAC_ACCOUNT_DISABLED != 0
+		end
+
+		#
+		# Returns true if this account is expired.
+		#
+		def expired?
+			!lockoutTime.nil? && lockoutTime.to_i != 0
+		end
+
+		#
+		# Returns true if this account has a password that does not expire.
+		#
+		def password_never_expires?
+			userAccountControl.to_i & UAC_PASSWORD_NEVER_EXPIRES != 0
+		end
+
+		#
+		# Returns true if the user should be able to log in with a correct
+		# password (essentially, their account is not disabled or locked
+		# out).
+		#
+		def can_login?
+			!disabled? && !locked?
+		end
+
+		#
+		# Change the password for this account.
+		#
+		# This operation requires that the bind user specified in
+		# Base.setup have heightened privileges. It also requires an
+		# SSL connection.
+		#
+		# If the force_change argument is passed as true, the password will
+		# be marked as 'expired', forcing the user to change it the next
+		# time they successfully log into the domain.
+		#
+		def change_password(new_password, force_change = false)
+			settings = @@settings.dup.merge({
+				:port => 636,
+				:encryption => { :method => :simple_tls }
+			})
+
+			ldap = Net::LDAP.new(settings)
+			ldap.modify(
+				:dn => distinguishedName,
+				:operations => [
+					[ :replace, :lockoutTime, [ '0' ] ],
+					[ :replace, :unicodePwd, [ FieldType::Password.encode(new_password) ] ],
+					[ :replace, :userAccountControl, [ UAC_NORMAL_ACCOUNT.to_s ] ],
+					[ :replace, :pwdLastSet, [ (force_change ? '0' : '-1') ] ]
+				]
+			)
+		end
+
+		#
+		# Unlocks this account.
+		#
+		def unlock!
+			@@ldap.replace_attribute(distinguishedName, :lockoutTime, ['0'])
+		end
+	end
+end

data/lib/active_directory/version.rb

@@ -0,0 +1,3 @@
+module ActiveDirectory
+  VERSION = "1.5.5.datacom"
+end

metadata

@@ -0,0 +1,79 @@
+--- !ruby/object:Gem::Specification
+name: datacom_active_directory
+version: !ruby/object:Gem::Version
+  version: 1.5.5.datacom
+platform: ruby
+authors:
+- Brad Murray
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-03-06 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: datacom-net-ldap
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.5.0.datacom
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.5.0.datacom
+description: ' Datacom NZ fork of ActiveDirectory. Uses Net::LDAP to provide a means
+  of accessing and modifying an Active Directory data store.  This is a fork of the
+  activedirectory gem.'
+email:
+- wyaeld@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- README.md
+- Rakefile
+- active_directory.gemspec
+- lib/active_directory.rb
+- lib/active_directory/base.rb
+- lib/active_directory/computer.rb
+- lib/active_directory/container.rb
+- lib/active_directory/field_type/binary.rb
+- lib/active_directory/field_type/date.rb
+- lib/active_directory/field_type/dn_array.rb
+- lib/active_directory/field_type/group_dn_array.rb
+- lib/active_directory/field_type/member_dn_array.rb
+- lib/active_directory/field_type/password.rb
+- lib/active_directory/field_type/timestamp.rb
+- lib/active_directory/field_type/user_dn_array.rb
+- lib/active_directory/group.rb
+- lib/active_directory/member.rb
+- lib/active_directory/user.rb
+- lib/active_directory/version.rb
+homepage: http://github.com/datacom/active_directory
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>'
+    - !ruby/object:Gem::Version
+      version: 1.3.1
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.1.11
+signing_key: 
+specification_version: 4
+summary: An interface library for accessing Microsoft's Active Directory.
+test_files: []