ldap_fluff 0.3.4 → 0.3.5
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of ldap_fluff might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/README.rdoc +12 -0
- data/lib/ldap_fluff/config.rb +9 -7
- data/lib/ldap_fluff/generic.rb +5 -4
- data/lib/ldap_fluff/ldap_fluff.rb +45 -13
- data/test/config_test.rb +5 -0
- metadata +20 -21
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d9bbb3a76eb304f5d32ed7cb7b4cbc0e8b2551be
|
4
|
+
data.tar.gz: 179e0be4fe95dd4da12e036d64691fe8c8597df9
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: bdd878bcb8282f68359fac8376931d32b09f1c5b02b3fb25ca777855e3507460102711337129969f90f86ddc03a69a66ef97593c57956cebc4ef72e5154fd5bc
|
7
|
+
data.tar.gz: dbd1e8e105c879941c04a50b2c7e1a0aafa705e287ff38b2b62fbcd7bef983494c3ecaf517476ca5574409606208cb2192345dea3fac6e2307273c7c2e89d921
|
data/README.rdoc
CHANGED
@@ -56,6 +56,7 @@ Your global configuration must provide information about your LDAP host to funct
|
|
56
56
|
service_user: # service account for authenticating LDAP calls. required unless you enable anon
|
57
57
|
service_pass: # service password for authenticating LDAP calls. required unless you enable anon
|
58
58
|
anon_queries: # false by default, true if you don't want to use the service user
|
59
|
+
instrumentation_service: # nil by default, an object that supports the ActiveSupport::Notifications API
|
59
60
|
|
60
61
|
You can pass these arguments as a hash to LdapFluff to get a valid LdapFluff object.
|
61
62
|
|
@@ -85,6 +86,17 @@ service_user (formatted as "ad_domain/username") and service_pass OR anon_querie
|
|
85
86
|
ldap_fluff appends cn=groups,cn=accounts to the beginning of all BIND calls. You do not need to
|
86
87
|
include this in your base_dn string
|
87
88
|
|
89
|
+
=== Instrumentation
|
90
|
+
|
91
|
+
Both net-ldap and ldap_fluff support instrumentation of API calls, which can help debug performance issues or
|
92
|
+
to find what LDAP queries are being made.
|
93
|
+
|
94
|
+
The :instrumentation_service item in the configuration should support an equivalent API to
|
95
|
+
ActiveSupport::Notifications. ldap_fluff will use this and also pass it to net-ldap.
|
96
|
+
|
97
|
+
When using Rails, pass `:instrumentation_service => ActiveSupport::Notifications` and then subscribe to, and
|
98
|
+
optionally log events (e.g. https://gist.github.com/mnutt/566725).
|
99
|
+
|
88
100
|
=== License
|
89
101
|
|
90
102
|
ldap_fluff is licensed under the GPLv2. Please read LICENSE for more information.
|
data/lib/ldap_fluff/config.rb
CHANGED
@@ -3,15 +3,17 @@ require 'active_support/core_ext/hash'
|
|
3
3
|
|
4
4
|
class LdapFluff::Config
|
5
5
|
ATTRIBUTES = %w[host port encryption base_dn group_base server_type service_user
|
6
|
-
service_pass anon_queries attr_login search_filter
|
6
|
+
service_pass anon_queries attr_login search_filter
|
7
|
+
instrumentation_service ]
|
7
8
|
ATTRIBUTES.each { |attr| attr_reader attr.to_sym }
|
8
9
|
|
9
|
-
DEFAULT_CONFIG = { 'port'
|
10
|
-
'encryption'
|
11
|
-
'base_dn'
|
12
|
-
'group_base'
|
13
|
-
'server_type'
|
14
|
-
'anon_queries' => false
|
10
|
+
DEFAULT_CONFIG = { 'port' => 389,
|
11
|
+
'encryption' => nil,
|
12
|
+
'base_dn' => 'dc=company,dc=com',
|
13
|
+
'group_base' => 'dc=company,dc=com',
|
14
|
+
'server_type' => :free_ipa,
|
15
|
+
'anon_queries' => false,
|
16
|
+
'instrumentation_service' => nil }
|
15
17
|
|
16
18
|
def initialize(config)
|
17
19
|
raise ArgumentError unless config.respond_to?(:to_hash)
|
data/lib/ldap_fluff/generic.rb
CHANGED
@@ -2,10 +2,11 @@ class LdapFluff::Generic
|
|
2
2
|
attr_accessor :ldap, :member_service
|
3
3
|
|
4
4
|
def initialize(config = {})
|
5
|
-
@ldap = Net::LDAP.new(:host
|
6
|
-
:base
|
7
|
-
:port
|
8
|
-
:encryption => config.encryption
|
5
|
+
@ldap = Net::LDAP.new(:host => config.host,
|
6
|
+
:base => config.base_dn,
|
7
|
+
:port => config.port,
|
8
|
+
:encryption => config.encryption,
|
9
|
+
:instrumentation_service => config.instrumentation_service)
|
9
10
|
@bind_user = config.service_user
|
10
11
|
@bind_pass = config.service_pass
|
11
12
|
@anon = config.anon_queries
|
@@ -2,7 +2,7 @@ require 'rubygems'
|
|
2
2
|
require 'net/ldap'
|
3
3
|
|
4
4
|
class LdapFluff
|
5
|
-
attr_accessor :ldap
|
5
|
+
attr_accessor :ldap, :instrumentation_service
|
6
6
|
|
7
7
|
def initialize(config = {})
|
8
8
|
config = LdapFluff::Config.new(config)
|
@@ -16,53 +16,85 @@ class LdapFluff
|
|
16
16
|
else
|
17
17
|
raise 'unknown server_type'
|
18
18
|
end
|
19
|
+
@instrumentation_service = config.instrumentation_service
|
19
20
|
end
|
20
21
|
|
21
22
|
def authenticate?(uid, password)
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
23
|
+
instrument('authenticate.ldap_fluff', :uid => uid) do |payload|
|
24
|
+
if password.nil? || password.empty?
|
25
|
+
false
|
26
|
+
else
|
27
|
+
!!@ldap.bind?(uid, password)
|
28
|
+
end
|
26
29
|
end
|
27
30
|
end
|
28
31
|
|
29
32
|
def test
|
30
|
-
|
33
|
+
instrument('test.ldap_fluff') do |payload|
|
34
|
+
@ldap.ldap.open {}
|
35
|
+
end
|
31
36
|
end
|
32
37
|
|
33
38
|
# return a list[] of users for a given gid
|
34
39
|
def user_list(gid)
|
35
|
-
|
40
|
+
instrument('user_list.ldap_fluff', :gid => gid) do |payload|
|
41
|
+
@ldap.users_for_gid(gid)
|
42
|
+
end
|
36
43
|
end
|
37
44
|
|
38
45
|
# return a list[] of groups for a given uid
|
39
46
|
def group_list(uid)
|
40
|
-
|
47
|
+
instrument('group_list.ldap_fluff', :uid => uid) do |payload|
|
48
|
+
@ldap.groups_for_uid(uid)
|
49
|
+
end
|
41
50
|
end
|
42
51
|
|
43
52
|
# return true if a user is in all of the groups
|
44
53
|
# in grouplist
|
45
54
|
def is_in_groups?(uid, grouplist)
|
46
|
-
|
55
|
+
instrument('is_in_groups?.ldap_fluff', :uid => uid, :grouplist => grouplist) do |payload|
|
56
|
+
@ldap.is_in_groups(uid, grouplist, true)
|
57
|
+
end
|
47
58
|
end
|
48
59
|
|
49
60
|
# return true if uid exists
|
50
61
|
def valid_user?(uid)
|
51
|
-
|
62
|
+
instrument('valid_user?.ldap_fluff', :uid => uid) do |payload|
|
63
|
+
@ldap.user_exists? uid
|
64
|
+
end
|
52
65
|
end
|
53
66
|
|
54
67
|
# return true if group exists
|
55
68
|
def valid_group?(gid)
|
56
|
-
|
69
|
+
instrument('valid_group?.ldap_fluff', :gid => gid) do |payload|
|
70
|
+
@ldap.group_exists? gid
|
71
|
+
end
|
57
72
|
end
|
58
73
|
|
59
74
|
# return ldap entry
|
60
75
|
def find_user(uid)
|
61
|
-
|
76
|
+
instrument('find_user.ldap_fluff', :uid => uid) do |payload|
|
77
|
+
@ldap.member_service.find_user(uid)
|
78
|
+
end
|
62
79
|
end
|
63
80
|
|
64
81
|
# return ldap entry
|
65
82
|
def find_group(gid)
|
66
|
-
|
83
|
+
instrument('find_group.ldap_fluff', :gid => gid) do |payload|
|
84
|
+
@ldap.member_service.find_group(gid)
|
85
|
+
end
|
86
|
+
end
|
87
|
+
|
88
|
+
private
|
89
|
+
|
90
|
+
def instrument(event, payload = {})
|
91
|
+
payload = (payload || {}).dup
|
92
|
+
if instrumentation_service
|
93
|
+
instrumentation_service.instrument(event, payload) do |payload|
|
94
|
+
payload[:result] = yield(payload) if block_given?
|
95
|
+
end
|
96
|
+
else
|
97
|
+
yield(payload) if block_given?
|
98
|
+
end
|
67
99
|
end
|
68
100
|
end
|
data/test/config_test.rb
CHANGED
@@ -22,4 +22,9 @@ class ConfigTest < MiniTest::Test
|
|
22
22
|
assert_instance_of LdapFluff::FreeIPA, ldap.ldap
|
23
23
|
end
|
24
24
|
|
25
|
+
def test_instrumentation_service
|
26
|
+
is = Object.new
|
27
|
+
net_ldap = LdapFluff.new(config_hash.update :instrumentation_service => is).ldap.ldap
|
28
|
+
assert_equal is, net_ldap.send(:instrumentation_service)
|
29
|
+
end
|
25
30
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ldap_fluff
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.3.
|
4
|
+
version: 0.3.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jordan O'Mara
|
@@ -12,7 +12,7 @@ authors:
|
|
12
12
|
autorequire:
|
13
13
|
bindir: bin
|
14
14
|
cert_chain: []
|
15
|
-
date: 2015-
|
15
|
+
date: 2015-05-12 00:00:00.000000000 Z
|
16
16
|
dependencies:
|
17
17
|
- !ruby/object:Gem::Dependency
|
18
18
|
name: net-ldap
|
@@ -83,29 +83,29 @@ extra_rdoc_files:
|
|
83
83
|
- README.rdoc
|
84
84
|
- LICENSE
|
85
85
|
files:
|
86
|
+
- LICENSE
|
87
|
+
- README.rdoc
|
86
88
|
- lib/ldap_fluff.rb
|
87
|
-
- lib/ldap_fluff/
|
88
|
-
- lib/ldap_fluff/
|
89
|
+
- lib/ldap_fluff/active_directory.rb
|
90
|
+
- lib/ldap_fluff/ad_member_service.rb
|
91
|
+
- lib/ldap_fluff/config.rb
|
92
|
+
- lib/ldap_fluff/error.rb
|
89
93
|
- lib/ldap_fluff/freeipa.rb
|
90
94
|
- lib/ldap_fluff/freeipa_member_service.rb
|
91
|
-
- lib/ldap_fluff/
|
95
|
+
- lib/ldap_fluff/generic.rb
|
96
|
+
- lib/ldap_fluff/generic_member_service.rb
|
92
97
|
- lib/ldap_fluff/ldap_fluff.rb
|
93
|
-
- lib/ldap_fluff/active_directory.rb
|
94
|
-
- lib/ldap_fluff/posix_member_service.rb
|
95
|
-
- lib/ldap_fluff/config.rb
|
96
98
|
- lib/ldap_fluff/posix.rb
|
97
|
-
- lib/ldap_fluff/
|
99
|
+
- lib/ldap_fluff/posix_member_service.rb
|
98
100
|
- test/ad_member_services_test.rb
|
99
|
-
- test/config_test.rb
|
100
|
-
- test/ldap_test.rb
|
101
|
-
- test/posix_member_services_test.rb
|
102
101
|
- test/ad_test.rb
|
103
|
-
- test/
|
102
|
+
- test/config_test.rb
|
104
103
|
- test/ipa_member_services_test.rb
|
104
|
+
- test/ipa_test.rb
|
105
|
+
- test/ldap_test.rb
|
105
106
|
- test/lib/ldap_test_helper.rb
|
107
|
+
- test/posix_member_services_test.rb
|
106
108
|
- test/posix_test.rb
|
107
|
-
- README.rdoc
|
108
|
-
- LICENSE
|
109
109
|
homepage: https://github.com/theforeman/ldap_fluff
|
110
110
|
licenses:
|
111
111
|
- GPLv2
|
@@ -126,18 +126,17 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
126
126
|
version: '0'
|
127
127
|
requirements: []
|
128
128
|
rubyforge_project:
|
129
|
-
rubygems_version: 2.
|
129
|
+
rubygems_version: 2.4.4
|
130
130
|
signing_key:
|
131
131
|
specification_version: 4
|
132
132
|
summary: LDAP querying tools for Active Directory, FreeIPA and POSIX-style
|
133
133
|
test_files:
|
134
|
-
- test/
|
135
|
-
- test/config_test.rb
|
136
|
-
- test/ldap_test.rb
|
134
|
+
- test/ipa_member_services_test.rb
|
137
135
|
- test/posix_member_services_test.rb
|
138
136
|
- test/ad_test.rb
|
139
137
|
- test/ipa_test.rb
|
140
|
-
- test/
|
138
|
+
- test/ldap_test.rb
|
141
139
|
- test/lib/ldap_test_helper.rb
|
142
140
|
- test/posix_test.rb
|
143
|
-
|
141
|
+
- test/ad_member_services_test.rb
|
142
|
+
- test/config_test.rb
|