ldap_fluff 0.3.4 → 0.3.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of ldap_fluff might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/README.rdoc +12 -0
- data/lib/ldap_fluff/config.rb +9 -7
- data/lib/ldap_fluff/generic.rb +5 -4
- data/lib/ldap_fluff/ldap_fluff.rb +45 -13
- data/test/config_test.rb +5 -0
- metadata +20 -21
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d9bbb3a76eb304f5d32ed7cb7b4cbc0e8b2551be
|
|
4
|
+
data.tar.gz: 179e0be4fe95dd4da12e036d64691fe8c8597df9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bdd878bcb8282f68359fac8376931d32b09f1c5b02b3fb25ca777855e3507460102711337129969f90f86ddc03a69a66ef97593c57956cebc4ef72e5154fd5bc
|
|
7
|
+
data.tar.gz: dbd1e8e105c879941c04a50b2c7e1a0aafa705e287ff38b2b62fbcd7bef983494c3ecaf517476ca5574409606208cb2192345dea3fac6e2307273c7c2e89d921
|
data/README.rdoc
CHANGED
|
@@ -56,6 +56,7 @@ Your global configuration must provide information about your LDAP host to funct
|
|
|
56
56
|
service_user: # service account for authenticating LDAP calls. required unless you enable anon
|
|
57
57
|
service_pass: # service password for authenticating LDAP calls. required unless you enable anon
|
|
58
58
|
anon_queries: # false by default, true if you don't want to use the service user
|
|
59
|
+
instrumentation_service: # nil by default, an object that supports the ActiveSupport::Notifications API
|
|
59
60
|
|
|
60
61
|
You can pass these arguments as a hash to LdapFluff to get a valid LdapFluff object.
|
|
61
62
|
|
|
@@ -85,6 +86,17 @@ service_user (formatted as "ad_domain/username") and service_pass OR anon_querie
|
|
|
85
86
|
ldap_fluff appends cn=groups,cn=accounts to the beginning of all BIND calls. You do not need to
|
|
86
87
|
include this in your base_dn string
|
|
87
88
|
|
|
89
|
+
=== Instrumentation
|
|
90
|
+
|
|
91
|
+
Both net-ldap and ldap_fluff support instrumentation of API calls, which can help debug performance issues or
|
|
92
|
+
to find what LDAP queries are being made.
|
|
93
|
+
|
|
94
|
+
The :instrumentation_service item in the configuration should support an equivalent API to
|
|
95
|
+
ActiveSupport::Notifications. ldap_fluff will use this and also pass it to net-ldap.
|
|
96
|
+
|
|
97
|
+
When using Rails, pass `:instrumentation_service => ActiveSupport::Notifications` and then subscribe to, and
|
|
98
|
+
optionally log events (e.g. https://gist.github.com/mnutt/566725).
|
|
99
|
+
|
|
88
100
|
=== License
|
|
89
101
|
|
|
90
102
|
ldap_fluff is licensed under the GPLv2. Please read LICENSE for more information.
|
data/lib/ldap_fluff/config.rb
CHANGED
|
@@ -3,15 +3,17 @@ require 'active_support/core_ext/hash'
|
|
|
3
3
|
|
|
4
4
|
class LdapFluff::Config
|
|
5
5
|
ATTRIBUTES = %w[host port encryption base_dn group_base server_type service_user
|
|
6
|
-
service_pass anon_queries attr_login search_filter
|
|
6
|
+
service_pass anon_queries attr_login search_filter
|
|
7
|
+
instrumentation_service ]
|
|
7
8
|
ATTRIBUTES.each { |attr| attr_reader attr.to_sym }
|
|
8
9
|
|
|
9
|
-
DEFAULT_CONFIG = { 'port'
|
|
10
|
-
'encryption'
|
|
11
|
-
'base_dn'
|
|
12
|
-
'group_base'
|
|
13
|
-
'server_type'
|
|
14
|
-
'anon_queries' => false
|
|
10
|
+
DEFAULT_CONFIG = { 'port' => 389,
|
|
11
|
+
'encryption' => nil,
|
|
12
|
+
'base_dn' => 'dc=company,dc=com',
|
|
13
|
+
'group_base' => 'dc=company,dc=com',
|
|
14
|
+
'server_type' => :free_ipa,
|
|
15
|
+
'anon_queries' => false,
|
|
16
|
+
'instrumentation_service' => nil }
|
|
15
17
|
|
|
16
18
|
def initialize(config)
|
|
17
19
|
raise ArgumentError unless config.respond_to?(:to_hash)
|
data/lib/ldap_fluff/generic.rb
CHANGED
|
@@ -2,10 +2,11 @@ class LdapFluff::Generic
|
|
|
2
2
|
attr_accessor :ldap, :member_service
|
|
3
3
|
|
|
4
4
|
def initialize(config = {})
|
|
5
|
-
@ldap = Net::LDAP.new(:host
|
|
6
|
-
:base
|
|
7
|
-
:port
|
|
8
|
-
:encryption => config.encryption
|
|
5
|
+
@ldap = Net::LDAP.new(:host => config.host,
|
|
6
|
+
:base => config.base_dn,
|
|
7
|
+
:port => config.port,
|
|
8
|
+
:encryption => config.encryption,
|
|
9
|
+
:instrumentation_service => config.instrumentation_service)
|
|
9
10
|
@bind_user = config.service_user
|
|
10
11
|
@bind_pass = config.service_pass
|
|
11
12
|
@anon = config.anon_queries
|
|
@@ -2,7 +2,7 @@ require 'rubygems'
|
|
|
2
2
|
require 'net/ldap'
|
|
3
3
|
|
|
4
4
|
class LdapFluff
|
|
5
|
-
attr_accessor :ldap
|
|
5
|
+
attr_accessor :ldap, :instrumentation_service
|
|
6
6
|
|
|
7
7
|
def initialize(config = {})
|
|
8
8
|
config = LdapFluff::Config.new(config)
|
|
@@ -16,53 +16,85 @@ class LdapFluff
|
|
|
16
16
|
else
|
|
17
17
|
raise 'unknown server_type'
|
|
18
18
|
end
|
|
19
|
+
@instrumentation_service = config.instrumentation_service
|
|
19
20
|
end
|
|
20
21
|
|
|
21
22
|
def authenticate?(uid, password)
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
23
|
+
instrument('authenticate.ldap_fluff', :uid => uid) do |payload|
|
|
24
|
+
if password.nil? || password.empty?
|
|
25
|
+
false
|
|
26
|
+
else
|
|
27
|
+
!!@ldap.bind?(uid, password)
|
|
28
|
+
end
|
|
26
29
|
end
|
|
27
30
|
end
|
|
28
31
|
|
|
29
32
|
def test
|
|
30
|
-
|
|
33
|
+
instrument('test.ldap_fluff') do |payload|
|
|
34
|
+
@ldap.ldap.open {}
|
|
35
|
+
end
|
|
31
36
|
end
|
|
32
37
|
|
|
33
38
|
# return a list[] of users for a given gid
|
|
34
39
|
def user_list(gid)
|
|
35
|
-
|
|
40
|
+
instrument('user_list.ldap_fluff', :gid => gid) do |payload|
|
|
41
|
+
@ldap.users_for_gid(gid)
|
|
42
|
+
end
|
|
36
43
|
end
|
|
37
44
|
|
|
38
45
|
# return a list[] of groups for a given uid
|
|
39
46
|
def group_list(uid)
|
|
40
|
-
|
|
47
|
+
instrument('group_list.ldap_fluff', :uid => uid) do |payload|
|
|
48
|
+
@ldap.groups_for_uid(uid)
|
|
49
|
+
end
|
|
41
50
|
end
|
|
42
51
|
|
|
43
52
|
# return true if a user is in all of the groups
|
|
44
53
|
# in grouplist
|
|
45
54
|
def is_in_groups?(uid, grouplist)
|
|
46
|
-
|
|
55
|
+
instrument('is_in_groups?.ldap_fluff', :uid => uid, :grouplist => grouplist) do |payload|
|
|
56
|
+
@ldap.is_in_groups(uid, grouplist, true)
|
|
57
|
+
end
|
|
47
58
|
end
|
|
48
59
|
|
|
49
60
|
# return true if uid exists
|
|
50
61
|
def valid_user?(uid)
|
|
51
|
-
|
|
62
|
+
instrument('valid_user?.ldap_fluff', :uid => uid) do |payload|
|
|
63
|
+
@ldap.user_exists? uid
|
|
64
|
+
end
|
|
52
65
|
end
|
|
53
66
|
|
|
54
67
|
# return true if group exists
|
|
55
68
|
def valid_group?(gid)
|
|
56
|
-
|
|
69
|
+
instrument('valid_group?.ldap_fluff', :gid => gid) do |payload|
|
|
70
|
+
@ldap.group_exists? gid
|
|
71
|
+
end
|
|
57
72
|
end
|
|
58
73
|
|
|
59
74
|
# return ldap entry
|
|
60
75
|
def find_user(uid)
|
|
61
|
-
|
|
76
|
+
instrument('find_user.ldap_fluff', :uid => uid) do |payload|
|
|
77
|
+
@ldap.member_service.find_user(uid)
|
|
78
|
+
end
|
|
62
79
|
end
|
|
63
80
|
|
|
64
81
|
# return ldap entry
|
|
65
82
|
def find_group(gid)
|
|
66
|
-
|
|
83
|
+
instrument('find_group.ldap_fluff', :gid => gid) do |payload|
|
|
84
|
+
@ldap.member_service.find_group(gid)
|
|
85
|
+
end
|
|
86
|
+
end
|
|
87
|
+
|
|
88
|
+
private
|
|
89
|
+
|
|
90
|
+
def instrument(event, payload = {})
|
|
91
|
+
payload = (payload || {}).dup
|
|
92
|
+
if instrumentation_service
|
|
93
|
+
instrumentation_service.instrument(event, payload) do |payload|
|
|
94
|
+
payload[:result] = yield(payload) if block_given?
|
|
95
|
+
end
|
|
96
|
+
else
|
|
97
|
+
yield(payload) if block_given?
|
|
98
|
+
end
|
|
67
99
|
end
|
|
68
100
|
end
|
data/test/config_test.rb
CHANGED
|
@@ -22,4 +22,9 @@ class ConfigTest < MiniTest::Test
|
|
|
22
22
|
assert_instance_of LdapFluff::FreeIPA, ldap.ldap
|
|
23
23
|
end
|
|
24
24
|
|
|
25
|
+
def test_instrumentation_service
|
|
26
|
+
is = Object.new
|
|
27
|
+
net_ldap = LdapFluff.new(config_hash.update :instrumentation_service => is).ldap.ldap
|
|
28
|
+
assert_equal is, net_ldap.send(:instrumentation_service)
|
|
29
|
+
end
|
|
25
30
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ldap_fluff
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jordan O'Mara
|
|
@@ -12,7 +12,7 @@ authors:
|
|
|
12
12
|
autorequire:
|
|
13
13
|
bindir: bin
|
|
14
14
|
cert_chain: []
|
|
15
|
-
date: 2015-
|
|
15
|
+
date: 2015-05-12 00:00:00.000000000 Z
|
|
16
16
|
dependencies:
|
|
17
17
|
- !ruby/object:Gem::Dependency
|
|
18
18
|
name: net-ldap
|
|
@@ -83,29 +83,29 @@ extra_rdoc_files:
|
|
|
83
83
|
- README.rdoc
|
|
84
84
|
- LICENSE
|
|
85
85
|
files:
|
|
86
|
+
- LICENSE
|
|
87
|
+
- README.rdoc
|
|
86
88
|
- lib/ldap_fluff.rb
|
|
87
|
-
- lib/ldap_fluff/
|
|
88
|
-
- lib/ldap_fluff/
|
|
89
|
+
- lib/ldap_fluff/active_directory.rb
|
|
90
|
+
- lib/ldap_fluff/ad_member_service.rb
|
|
91
|
+
- lib/ldap_fluff/config.rb
|
|
92
|
+
- lib/ldap_fluff/error.rb
|
|
89
93
|
- lib/ldap_fluff/freeipa.rb
|
|
90
94
|
- lib/ldap_fluff/freeipa_member_service.rb
|
|
91
|
-
- lib/ldap_fluff/
|
|
95
|
+
- lib/ldap_fluff/generic.rb
|
|
96
|
+
- lib/ldap_fluff/generic_member_service.rb
|
|
92
97
|
- lib/ldap_fluff/ldap_fluff.rb
|
|
93
|
-
- lib/ldap_fluff/active_directory.rb
|
|
94
|
-
- lib/ldap_fluff/posix_member_service.rb
|
|
95
|
-
- lib/ldap_fluff/config.rb
|
|
96
98
|
- lib/ldap_fluff/posix.rb
|
|
97
|
-
- lib/ldap_fluff/
|
|
99
|
+
- lib/ldap_fluff/posix_member_service.rb
|
|
98
100
|
- test/ad_member_services_test.rb
|
|
99
|
-
- test/config_test.rb
|
|
100
|
-
- test/ldap_test.rb
|
|
101
|
-
- test/posix_member_services_test.rb
|
|
102
101
|
- test/ad_test.rb
|
|
103
|
-
- test/
|
|
102
|
+
- test/config_test.rb
|
|
104
103
|
- test/ipa_member_services_test.rb
|
|
104
|
+
- test/ipa_test.rb
|
|
105
|
+
- test/ldap_test.rb
|
|
105
106
|
- test/lib/ldap_test_helper.rb
|
|
107
|
+
- test/posix_member_services_test.rb
|
|
106
108
|
- test/posix_test.rb
|
|
107
|
-
- README.rdoc
|
|
108
|
-
- LICENSE
|
|
109
109
|
homepage: https://github.com/theforeman/ldap_fluff
|
|
110
110
|
licenses:
|
|
111
111
|
- GPLv2
|
|
@@ -126,18 +126,17 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
126
126
|
version: '0'
|
|
127
127
|
requirements: []
|
|
128
128
|
rubyforge_project:
|
|
129
|
-
rubygems_version: 2.
|
|
129
|
+
rubygems_version: 2.4.4
|
|
130
130
|
signing_key:
|
|
131
131
|
specification_version: 4
|
|
132
132
|
summary: LDAP querying tools for Active Directory, FreeIPA and POSIX-style
|
|
133
133
|
test_files:
|
|
134
|
-
- test/
|
|
135
|
-
- test/config_test.rb
|
|
136
|
-
- test/ldap_test.rb
|
|
134
|
+
- test/ipa_member_services_test.rb
|
|
137
135
|
- test/posix_member_services_test.rb
|
|
138
136
|
- test/ad_test.rb
|
|
139
137
|
- test/ipa_test.rb
|
|
140
|
-
- test/
|
|
138
|
+
- test/ldap_test.rb
|
|
141
139
|
- test/lib/ldap_test_helper.rb
|
|
142
140
|
- test/posix_test.rb
|
|
143
|
-
|
|
141
|
+
- test/ad_member_services_test.rb
|
|
142
|
+
- test/config_test.rb
|