el_dap 0.0.1

data/.gitignore

@@ -0,0 +1,5 @@
+*.gem
+.bundle
+Gemfile.lock
+pkg/*
+test.rb

data/.rspec

@@ -0,0 +1,2 @@
+--colour
+--format progress

data/.rvmrc

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+environment_id="ruby-1.9.2-head@el_dap"
+
+if [[ -d "${rvm_path:-$HOME/.rvm}/environments" \
+  && -s "${rvm_path:-$HOME/.rvm}/environments/$environment_id" ]] ; then
+  \. "${rvm_path:-$HOME/.rvm}/environments/$environment_id"
+else
+  # If the environment file has not yet been created, use the RVM CLI to select.
+  rvm --create  "$environment_id"
+fi
+

data/CHANGELOG

@@ -0,0 +1,8 @@
+0.0.1
+=====
+
+Initial release.
+
+Features:
+* Perform directory service search
+* Perform authentication against directory service

data/Gemfile

@@ -0,0 +1,16 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in el_dap.gemspec
+gemspec
+
+gem 'net-ldap'
+
+group :development, :test do
+  gem 'autotest'
+  gem 'autotest-notification'
+  gem 'bundler'
+  gem 'launchy'
+  gem 'rcov'
+  gem 'rspec'
+end
+

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2011 Ed James
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,70 @@
+= El Dap
+
+A simple search and authentication tool for Active Directory using LDAP.
+
+== Why make this?
+
+The need for this gem arose out of a business requirement for all user authentication to be done against Active Directory. 
+Our users were tired of having to remember multiple usernames and passwords, and asked if they could simply use their network 
+credentials to log into our applications. This gem passes off their username and password to an Active Directory / LDAP 
+server for authentication.
+
+Additionally, users are also able to search the Active Directory.
+
+== Installation
+
+Just add this to your gem file:
+
+  gem 'el_dap'
+
+== Features
+
+* Easily perform authentication against an Active Directory / LDAP server
+* Search an Active Directory based on wildcard search criteria
+
+== Usage
+
+Assuming we have an Active Directory called *ad.domain.com* which can also be referred to simply as *ad*, 
+the following examples are valid:
+
+=== Authenticate a user
+
+  ElDap.configure do |c|
+    c.server_ips = ['127.0.0.1']
+    c.treebase = 'dc=ad,dc=domain,dc=com'
+  end
+
+  ElDap.validate("ad\\ed.james", 'password') # will return true if username and password are valid
+  ElDap.validate("ed.james@ad.domain.com", 'password') # will return true if username and password are valid
+
+=== Search the directory
+
+  ElDap.configure do |c|
+    c.username = 'service.account@ad.domain.com'
+    c.password = 'password'
+    c.server_ips = ['127.0.0.1']
+    c.treebase = 'dc=ad,dc=domain,dc=com'
+  end
+
+  ElDap.search('some guy') # will return an array of OpenStruct objects for each matching search result.
+
+== Contributing to El Dap
+
+My understanding of LDAP limited. This gem has only been tested on a Linux server which queries Active Directory. The gem is in 
+production, but I'm not sure how well it will perform in another kind of LDAP-enabled architecture. Any comments or assistence 
+would be greatly appreciated.
+
+If you want to contribute:
+
+* Check out the latest master to make sure the feature hasn’t been implemented or the bug hasn’t been fixed yet
+* Check out the issue tracker to make sure someone already hasn’t requested it and/or contributed it
+* Fork the project
+* Start a feature/bugfix branch
+* Commit and push until you are happy with your contribution
+* Make sure to add tests for it. This is important so I don’t break it in a future version unintentionally.
+* Please try not to mess with the Rakefile, version, or history.
+
+== Copyright
+
+Copyright (c) 2011 Ed James. See LICENSE for details.
+

data/Rakefile

@@ -0,0 +1,2 @@
+require 'bundler'
+Bundler::GemHelper.install_tasks

data/el_dap.gemspec

@@ -0,0 +1,21 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "el_dap/version"
+
+Gem::Specification.new do |s|
+  s.name        = "el_dap"
+  s.version     = ElDap::VERSION
+  s.platform    = Gem::Platform::RUBY
+  s.authors     = ["Ed James"]
+  s.email       = ["ed.james.email@gmail.com"]
+  s.homepage    = "https://github.com/edjames/el_dap"
+  s.summary     = %q{A simple search and authentication tool for Active Directory using LDAP.}
+  s.description = %q{A simple search and authentication tool for Active Directory using LDAP.}
+
+  s.rubyforge_project = "el_dap"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+end

data/lib/el_dap.rb

@@ -0,0 +1,9 @@
+require 'net/ldap'
+require 'timeout'
+require 'el_dap/api_methods'
+require 'el_dap/constants'
+require 'el_dap/base'
+
+module ElDap
+  extend(ApiMethods)
+end

data/lib/el_dap/.rvmrc

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+environment_id="ruby-1.9.2-head@el_dap"
+
+if [[ -d "${rvm_path:-$HOME/.rvm}/environments" \
+  && -s "${rvm_path:-$HOME/.rvm}/environments/$environment_id" ]] ; then
+  \. "${rvm_path:-$HOME/.rvm}/environments/$environment_id"
+else
+  rvm --create  "$environment_id"
+fi
+

data/lib/el_dap/api_methods.rb

@@ -0,0 +1,18 @@
+module ElDap
+  module ApiMethods
+    
+    def configure
+      @@worker = Base.new
+      yield(@@worker)
+    end
+    
+    def validate(username, password)
+      @@worker.validate(username, password)
+    end
+    
+    def search(search_string)
+      @@worker.search(search_string)
+    end
+    
+  end
+end

data/lib/el_dap/base.rb

@@ -0,0 +1,79 @@
+module ElDap
+  class Base
+    include Constants
+    
+    attr_accessor :server_ips, :username, :password, :timeout, :treebase
+    
+    def initialize
+      @server_ips = []
+      @timeout = 15
+      yield(self) if block_given?
+    end
+    
+    def validate(uname, pword)
+      return false if uname.nil? || uname.empty? || pword.nil? || pword.empty?
+      workers(uname, pword).each do |worker|
+        begin
+          Timeout::timeout(self.timeout) do
+            return worker.bind
+          end
+        rescue Timeout::Error
+          next
+        end
+      end
+      false
+    end
+    
+    def search(search_string)
+      return nil if search_string.nil? || search_string.empty?
+      search_result = nil
+      workers(self.username, self.password).each do |worker|
+        begin
+          Timeout::timeout(self.timeout) do
+            search_result ||= search_active_directory(worker, search_string)
+          end
+        rescue Timeout::Error
+          next
+        end
+      end
+      create_result_collection search_result
+    end
+    
+    private
+    def workers(uname = self.username, pword = self.password)
+      self.server_ips.map do |ip|
+        create_worker uname, pword, ip
+      end
+    end
+
+    def create_worker(uname, pword, server_ip)
+      obj = ::Net::LDAP.new
+      obj.host = server_ip
+      obj.auth uname, pword
+      obj
+    end
+    
+    def search_active_directory(worker, search_string)
+      filters = LDAP_FILTERS & ::Net::LDAP::Filter.eq(LDAP_SEARCH_FIELD, "*#{search_string}*")
+      result = worker.search(:base => self.treebase,
+                             :filter => filters,
+                             :attributes => LDAP_ATTRS,
+                             :return_result => true)
+      # search will return false if unable to bind
+      # e.g. service account credentials have expired
+      result || []
+    end
+
+    def create_result_collection(collection = [])
+      collection ||= []
+      collection.map { |entry| create_struct entry }
+    end
+
+    def create_struct(hash = {})
+      key_values = {}
+      hash.each{|k, v| key_values[k] = v[0]}
+      OpenStruct.new(key_values)
+    end
+    
+  end
+end

data/lib/el_dap/constants.rb

@@ -0,0 +1,7 @@
+module ElDap
+  module Constants
+    LDAP_ATTRS        = ['cn', 'samaccountname', 'displayname', 'name', 'telephonenumber', 'userprincipalname', 'mail']
+    LDAP_FILTERS      = ::Net::LDAP::Filter.eq("objectcategory", "person")
+    LDAP_SEARCH_FIELD = "cn"
+  end
+end

data/lib/el_dap/version.rb

@@ -0,0 +1,3 @@
+module ElDap
+  VERSION = "0.0.1"
+end

data/spec/el_dap/api_methods_spec.rb

@@ -0,0 +1,36 @@
+require 'spec_helper'
+
+module ElDap
+  describe ApiMethods do
+    before(:each) do
+      @base = mock(ElDap::Base)      
+    end
+    
+    it "should setup a new instance of the Base class" do
+      @base.should_receive(:username=).with('username')
+      @base.should_receive(:password=).with('password')
+      @base.should_receive(:server_ips=).with(['1.2.3.4'])
+      @base.should_receive(:treebase=).with('dc=ad,dc=example,dc=com')
+      ElDap::Base.should_receive(:new).and_return(@base)
+      ElDap.configure do |l|
+        l.username = 'username'
+        l.password = 'password'
+        l.server_ips = ['1.2.3.4']
+        l.treebase = 'dc=ad,dc=example,dc=com'
+      end
+    end
+    
+    it "should perform the validate method on the worker" do
+      ElDap::ApiMethods.class_variable_set(:@@worker, @base)
+      @base.should_receive(:validate).with('username', 'password')
+      ElDap.validate('username', 'password')
+    end
+    
+    it "should perform the search method on the worker" do
+      ElDap::ApiMethods.class_variable_set(:@@worker, @base)
+      @base.should_receive(:search).with('search string')
+      ElDap.search('search string')
+    end
+    
+  end
+end

data/spec/el_dap/base_spec.rb

@@ -0,0 +1,111 @@
+require 'spec_helper'
+
+module ElDap
+  describe Base do
+    
+    before(:each) do
+      @instance = Base.new
+      @ldap = mock(Net::LDAP)
+    end
+
+    describe "ElDap check for blank parameters" do
+      it "should not attempt validation if username or password are blank" do
+        @instance.validate('username', '').should be_false
+        @instance.validate('username', nil).should be_false
+        @instance.validate('', 'password').should be_false
+        @instance.validate(nil, 'password').should be_false
+        @instance.validate('', '').should be_false
+        @instance.validate(nil, nil).should be_false
+      end
+
+      it "should not attempt to search if no search criteria are provided" do
+        @worker.should_not_receive(:search)
+        @instance.search('').should be_false
+        @instance.search(nil).should be_nil
+      end
+    end
+
+    describe "protected methods" do
+      it "should create an internal worker for each ip address" do
+        @instance.stub!(:server_ips).and_return(['1.1.1.1', '2.2.2.2'])
+        @instance.should_receive(:create_worker).with('username', 'password', '1.1.1.1').and_return('worker1')
+        @instance.should_receive(:create_worker).with('username', 'password', '2.2.2.2').and_return('worker2')
+        @instance.send(:workers, 'username', 'password').should == ['worker1', 'worker2']
+      end
+
+      it "should create a Net::LDAP instance with the correct parameters" do
+        Net::LDAP.should_receive(:new).and_return(@ldap)
+        @ldap.should_receive(:host=).with('1.1.1.1')
+        @ldap.should_receive(:auth).with(/username/, /password/)
+        @instance.send(:create_worker, 'username', 'password', '1.1.1.1').should == @ldap
+      end
+
+      it "should transform a search result into a collection of structs" do
+        @instance.stub!(:create_struct).and_return('struct')
+        @instance.send(:create_result_collection, ['result']).should == ['struct']
+      end
+
+      it "should create a struct from a search result hash" do
+        search_result = {:cn => ['cn'], :mail => ['mail']}
+        struct = OpenStruct.new(:cn => 'cn',:mail => 'mail')
+        @instance.send(:create_struct, search_result).should == struct
+      end
+
+      describe "search_active_directory method" do
+        it "should search active directory using the correct filters and parameters" do
+          filter1 = Net::LDAP::Filter.eq("objectcategory", "person")
+          filter2 = Net::LDAP::Filter.eq("cn", "*search-string*")
+          @ldap.should_receive(:search).with(
+            :base => @instance.treebase,
+            :filter => filter1 & filter2,
+            :attributes => Base.const_get('LDAP_ATTRS'),
+            :return_result => true
+          ).and_return(['result'])
+          @instance.send(:search_active_directory, @ldap, 'search-string').should == ['result']
+        end
+
+        it "should return a valid result when search cannot bind to the domain" do
+          @ldap.should_receive(:search).and_return(false)
+          @instance.send(:search_active_directory, @ldap, 'search-string').should == []
+        end
+      end
+
+      describe "validate method" do
+        it "should attempt validation when username and password are provided" do
+          @instance.should_receive(:workers).with(/username/, /password/).and_return([@ldap])
+          @ldap.should_receive(:bind).and_return(true)
+          @instance.validate('username', 'password').should be_true
+        end
+
+        it "should stop the validation cycle when the first result if received" do
+          ldap2 = mock(Net::LDAP)
+          ldap2.should_not_receive(:bind)
+          @ldap.should_receive(:bind).and_return(true)
+          @instance.stub!(:workers).and_return([@ldap, ldap2])
+          @instance.validate('username', 'password').should be_true
+        end
+
+        it "should return false when a timeout occurs" do
+          @instance.stub!(:workers).and_return([@ldap])
+          @ldap.should_receive(:bind).and_raise(Timeout::Error)
+          @instance.validate('username', 'password').should be_false
+        end
+      end
+
+      describe 'search method' do
+        it "should complete gracefully if invalid credentials are used for search (search returns false)" do
+          @instance.should_receive(:workers).and_return([@ldap])
+          @ldap.should_receive(:search).and_return(false)
+          @instance.search('string').should == []
+        end
+
+        it "should sanitize the Net::LDAP search result into an array of generic structures" do
+          @instance.should_receive(:workers).and_return([])
+          @instance.should_receive(:create_result_collection).and_return([])
+          @instance.search('search-string').should == []
+        end
+      end
+    end
+
+  end
+end

data/spec/el_dap/constants_spec.rb

@@ -0,0 +1,23 @@
+require 'spec_helper'
+
+module ElDap
+  describe Constants do
+    class TestThing
+      include ElDap::Constants
+    end
+    
+    it "should define LDAP_ATTRS" do
+      TestThing.const_get('LDAP_ATTRS').
+        should == ['cn', 'samaccountname', 'displayname', 'name', 'telephonenumber', 'userprincipalname', 'mail']
+    end
+
+    it "should define LDAP_FILTERS" do
+      TestThing.const_get('LDAP_FILTERS').should == Net::LDAP::Filter.eq("objectcategory", "person")
+    end
+    
+    it "should define LDAP_SEARCH_FIELD" do
+      TestThing.const_get('LDAP_SEARCH_FIELD').should == 'cn'
+    end
+    
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,13 @@
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+require 'rubygems'
+require 'rspec'
+require 'el_dap'
+
+# Requires supporting files with custom matchers and macros, etc,
+# in ./support/ and its subdirectories.
+Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
+
+RSpec.configure do |config|
+  
+end

metadata

@@ -0,0 +1,64 @@
+--- !ruby/object:Gem::Specification
+name: el_dap
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Ed James
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2011-04-19 00:00:00.000000000Z
+dependencies: []
+description: A simple search and authentication tool for Active Directory using LDAP.
+email:
+- ed.james.email@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- .rvmrc
+- CHANGELOG
+- Gemfile
+- LICENSE
+- README.rdoc
+- Rakefile
+- el_dap.gemspec
+- lib/el_dap.rb
+- lib/el_dap/.rvmrc
+- lib/el_dap/api_methods.rb
+- lib/el_dap/base.rb
+- lib/el_dap/constants.rb
+- lib/el_dap/version.rb
+- spec/el_dap/api_methods_spec.rb
+- spec/el_dap/base_spec.rb
+- spec/el_dap/constants_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/edjames/el_dap
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: el_dap
+rubygems_version: 1.7.2
+signing_key: 
+specification_version: 3
+summary: A simple search and authentication tool for Active Directory using LDAP.
+test_files: []