ldap_lookup 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: b5b583715ad3b95d22f008c3daab7402cc11a348559c0447c7aec8d5bd4010bc
+  data.tar.gz: 595f735c9a167784f00c4d5b4d92dd097a51b0dbc9b7ae94399960b7d8979220
+SHA512:
+  metadata.gz: 843e17377dd313b7c0eda8c030030bc65953cb3998d80a1a1ea8a75920f9967c119859f6b62793649d198c276aaf6d253e8c5c08f166ec8c17b8507552a1f59f
+  data.tar.gz: abff197d0a1631afbe7f03bf94b0c90b3cf5a8bff6f669a325f85a68aa57f422ca27249861610fc775a0c80b96bbb34cee23bf29aa748682b16ac2d1fcaa7895

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.gem

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,74 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at rsmoke@umich.edu. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

data/Gemfile

@@ -0,0 +1,6 @@
+source "https://rubygems.org"
+
+git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
+
+# Specify your gem's dependencies in ldap_lookup.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2018 Rick Smoke
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,102 @@
+# LdapLookup for Ruby
+
+Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/ldap_lookup`. To experiment with that code, run `bin/console` for an interactive prompt.
+
+### Description
+This module is to be used for anonymous lookup of user attributes in the MCommunity service provide at the University of Michigan. It can be easily modifed to use other LDAP server configurations.
+
+---
+
+### Try it out
+
+Requirements:
+* Ruby at least 2.0.0
+* Gem 'net-ldap' ~> '0.16.1'
+> Install by running the following command at your command prompt_for_action
+> *The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has a Missing SSL Certificate Validation.*
+```bash
+gem install net-ldap
+```
+
+To try the module out:
+1. Clone the repo
+2. Edit the configurations by opening ldaptest.rb and set the *CONFIGURATION BLOCK* to your environment.
+```ruby
+LdapLookup.configuration do |config|
+      config.host = < your host > # "ldap.umich.edu"
+      config.base = < your LDAP base > # "dc=umich,dc=edu"
+      config.dept_attribute = < your dept attribute > # "umichPostalAddressData"
+      config.group_attribute = < your group email attribute > # "umichGroupEmail"
+end
+```
+
+3. run the ldaptest.rb script
+```ruby
+ruby ./ldaptest.rb
+```
+
+---
+
+### Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'ldap_lookup'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install ldap_lookup
+
+In your application create a file config/initializers/ldap_lookup.rb
+```ruby
+LdapLookup.configuration do |config|
+    config.host = < your host > # "ldap.umich.edu"
+    config.port = < your port > # "954" port 389 is set by default
+    config.base = < your LDAP base > # "dc=umich,dc=edu"
+    config.dept_attribute = < your dept attribute > # "umichPostalAddressData"
+    config.group_attribute = < your group email attribute > # "umichGroupEmail"
+end
+```
+
+---
+
+### Methods available
+
+get_simple_name: returns the Display Name
+```
+LdapLookup.get_simple_name(uniqname = nil)
+```
+get_dept: returns the users Department_name
+```
+LdapLookup.get_dept(uniqname = nil)
+```
+get_email: returns the users email address
+```
+LdapLookup.get_email(uniqname = nil)
+```
+is_member_of_group?: returns true/false if uniqname is a member of the specified group
+```
+LdapLookup.is_member_of_group?(uid = nil, group_name = nil)
+```
+get_email_distribution_list: Returns the list of emails that are associated to a group.
+```
+LdapLookup.get_email_distribution_list(group_name = nil)
+```
+
+### Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/rsmoke/ldap_lookup. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+
+### License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+### Code of Conduct
+
+Everyone interacting in the LdapLookup project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/ldap_lookup/blob/master/CODE_OF_CONDUCT.md).

data/Rakefile

@@ -0,0 +1,2 @@
+require "bundler/gem_tasks"
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "ldap_lookup"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/ldap_lookup.gemspec

@@ -0,0 +1,27 @@
+
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "ldap_lookup/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "ldap_lookup"
+  spec.version       = LdapLookup::VERSION
+  spec.authors       = ["Rick Smoke"]
+  spec.email         = ["rsmoke@umich.edu"]
+
+  spec.summary       = %q{For anonymous lookup of user LDAP attributes.}
+  spec.description   = %q{This module is to be used for anonymous lookup of attributes in the MCommunity service provide at the University of Michigan. It can be easily modifed to use other LDAP server configurations.}
+  spec.homepage      = "https://github.com/rsmoke/ldap_lookup.git"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.16"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_dependency 'net-ldap', '~> 0.16.1'
+end

data/ldaptest.rb

@@ -0,0 +1,98 @@
+#!/usr/bin/env ruby
+
+require_relative 'lib/ldap_lookup'
+
+class Ldaptest
+
+  include LdapLookup
+
+############## CONFIGURATION BLOCK ###################
+  LdapLookup.configuration do |config|
+    config.host = "ldap.umich.edu"
+    config.base = "dc=umich,dc=edu"
+    config.dept_attribute = "umichPostalAddressData"
+    config.group_attribute = "umichGroupEmail"
+  end
+#######################################################
+
+  def initialize(name=nil)
+    @uid = name
+    @group_uid = nil
+  end
+
+  def reset_uid
+    puts "Enter a valid UID"
+    @uid = gets.chomp.to_s
+    return "UID is now set to #{@uid}"
+  end
+
+  def reset_group_uid
+    puts "Enter a valid group_name"
+    @group_uid = gets.chomp.to_s
+    return "group_name is now set to #{@group_uid}"
+  end
+
+  def result_box(answer)
+    print "\e[2J\e[f"
+    2.times { puts " " }
+    puts "Your Results"
+    puts "======================================================"
+    puts " "
+    puts "#{answer}"
+    puts " "
+    puts "======================================================"
+    puts "current values:\n UID set to=> #{@uid}\n group_uid set to=> #{@group_uid}"
+    puts "------------------------------------------------------"
+    2.times { puts " " }
+  end
+
+  def timestamp
+    Time.now.asctime
+  end
+
+  def prompt_for_action
+    puts "What would you like to do?"
+    puts "================================="
+    puts "1: set new uid"
+    puts "2: set new group_uid"
+    puts "+++++++++++++++++++++++++"
+    puts "3: get users full name"
+    puts "4: get users department"
+    puts "5: get users email"
+    puts "+++++++++++++++++++++++++"
+    puts "6: get ldap group-name member listing"
+    puts "7: check if uid is member of a group"
+    puts "+++++++++++++++++++++++++"
+    puts "8: what time is it?"
+    puts "0: exit"
+
+    case gets.chomp.to_i
+    when 1 then result_box(reset_uid)
+    when 2 then result_box(reset_group_uid)
+    when 3 then result_box(LdapLookup.get_simple_name(@uid))
+    when 4 then result_box(LdapLookup.get_dept(@uid))
+    when 5 then result_box(LdapLookup.get_email(@uid))
+    when 6 then result_box(LdapLookup.get_email_distribution_list(@group_uid))
+    when 7 then result_box(LdapLookup.is_member_of_group?(@uid,@group_uid))
+    when 8 then result_box(timestamp)
+    when 0 then puts "you chose exit!"
+      throw(:done)
+    else
+      print "\e[2J\e[f"
+      puts "====> Please type 1,2,3,4,5,6,7,8 or 0 only"
+      2.times { puts " " }
+    end
+  end
+
+  def run
+    catch(:done) do
+      loop do
+        prompt_for_action
+      end
+    end
+  end
+end
+print "\e[2J\e[f"
+print "Enter a valid UID=> "
+name = gets.chomp.to_s
+program1 = Ldaptest.new(name).run

data/lib/helpers/configuration.rb

@@ -0,0 +1,25 @@
+module Configuration
+  def configuration
+    yield self
+  end
+
+  def define_setting(name, default = nil)
+    class_variable_set("@@#{name}", default)
+
+    define_class_method "#{name}=" do |value|
+      class_variable_set("@@#{name}", value)
+    end
+
+    define_class_method name do
+      class_variable_get("@@#{name}")
+    end
+  end
+
+  private
+
+  def define_class_method(name, &block)
+    (class << self; self; end).instance_eval do
+      define_method name, &block
+    end
+  end
+end

data/lib/ldap_lookup.rb

@@ -0,0 +1,136 @@
+require_relative 'helpers/configuration'
+
+module LdapLookup
+  require 'net/ldap'
+
+  extend Configuration
+
+  define_setting :host
+  define_setting :port, "389"
+  define_setting :base
+  define_setting :dept_attribute
+  define_setting :group_attribute
+
+    # this was developed using guidence from this gist:
+    # https://gist.githubusercontent.com/jeffjohnson9046/7012167/raw/86587b9637ddc2ece7a42df774980fa9c0aac9b3/ruby-ldap-sample.rb
+
+    #######################################################################################################################
+    ## HELPER/UTILITY METHOD
+    ##   This method interprets the response/return code from an LDAP bind operation (bind, search, add, modify, rename,
+    ##   delete).  This method isn't necessarily complete, but it's a good starting point for handling the response codes
+    ##   from an LDAP bind operation.
+    ##
+    ##   Additional details for the get_operation_result method can be found here:
+    ##   http://net-ldap.rubyforge.org/Net/LDAP.html#method-i-get_operation_result
+    ########################################################################################################################
+    def self.get_ldap_response(ldap)
+      msg = "Response Code: #{ ldap.get_operation_result.code }, Message: #{ ldap.get_operation_result.message }"
+      raise msg unless ldap.get_operation_result.code == 0
+    end
+
+    #######################################################################################################################
+    # SET UP LDAP CONNECTION
+    # Setting up a connection to the LDAP server using .new() does not actually send any network traffic to the LDAP
+    # server.  When you call an operation on ldap (e.g. add or search), .bind is called implicitly.  *That's* when the
+    # connection is made to the LDAP server.  This means that each operation called on the ldap object will create its own
+    # network connection to the LDAP server.
+    #######################################################################################################################
+    def self.ldap_connection
+      ldap = Net::LDAP.new  host: LdapLookup.host, # your LDAP host name or IP goes here,
+        port: LdapLookup.port, # your LDAP host port goes here,
+        base: LdapLookup.base, # the base of your AD tree goes here,
+        auth: {
+          :method => :anonymous
+        }
+    end
+
+    # GET THE DISPLAY NAME FOR A SINGLE USER
+    def LdapLookup.get_simple_name(uniqname = nil)
+      ldap = ldap_connection
+      search_param = uniqname # the AD account goes here
+      result_attrs = ["displayName"] # Whatever you want to bring back in your result set goes here
+      # Build filter
+      search_filter = Net::LDAP::Filter.eq("uid", search_param)
+      # Execute search
+      ldap.search(filter: search_filter, attributes: result_attrs) { |item|
+        return item.displayName.first
+      }
+      get_ldap_response(ldap)
+    end
+
+    # GET THE PRIMARY DEPARTMENT FOR A SINGLE USER
+    def LdapLookup.get_dept(uniqname = nil)
+      ldap = ldap_connection
+      search_param = uniqname # the AD account goes here
+      result_attrs = [LdapLookup.dept_attribute] # Whatever you want to bring back in your result set goes here
+      # Build filter
+      search_filter = Net::LDAP::Filter.eq("uid", search_param)
+      # Execute search
+      ldap.search(filter: search_filter, attributes: result_attrs) { |item|
+        return dept_name = item.umichpostaladdressdata.first.split("}:{").first.split("=")[1] unless item.umichpostaladdressdata.first.nil?
+      }
+      get_ldap_response(ldap)
+    end
+
+    # GET THE E-MAIL ADDRESS FOR A SINGLE USER
+    def LdapLookup.get_email(uniqname = nil)
+      ldap = ldap_connection
+      search_param = uniqname # the AD account goes here
+      result_attrs = ["mail"] # Whatever you want to bring back in your result set goes here
+      # Build filter
+      search_filter = Net::LDAP::Filter.eq("uid", search_param)
+      # Execute search
+      ldap.search(filter: search_filter, attributes: result_attrs) { |item|
+        return item.mail.first
+      }
+      get_ldap_response(ldap)
+    end
+
+    # ---------------------------------------------------------------------------------------------------------------------
+    # Check if the UID is a member of an LDAP group. This function returns TRUE
+    # if uid passed in is a member of group_name passed in. Otherwise it will
+    # return false.
+    def LdapLookup.is_member_of_group?(uid = nil, group_name = nil)
+      ldap = ldap_connection
+      # GET THE MEMBERS OF AN E-MAIL DISTRIBUTION LIST
+      search_param = group_name # the name of the distribution list you're looking for goes here
+      result_attrs = ["member"]
+      # Build filter
+      search_filter = Net::LDAP::Filter.eq("cn", search_param)
+      group_filter = Net::LDAP::Filter.eq("objectClass", "group")
+      composite_filter = Net::LDAP::Filter.join(search_filter, group_filter)
+      # Execute search, extracting the AD account name from each member of the distribution list
+      ldap.search(filter: composite_filter, attributes: result_attrs) do |item|
+        item.member.each do |entry|
+          if entry.split(",").first.split("=")[1] == uid
+            return true
+          end
+        end
+      end
+      return FALSE
+      get_ldap_response(ldap)
+    end
+
+    # ---------------------------------------------------------------------------------------------------------------------
+    # Get the Name email and members of an LDAP group as a hash
+    def LdapLookup.get_email_distribution_list(group_name = nil)
+      ldap = ldap_connection
+      result_hash = {}
+      member_hash = {}
+      # GET THE MEMBERS OF AN E-MAIL DISTRIBUTION LIST
+      search_param = group_name # the name of the distribution list you're looking for goes here
+      result_attrs = ["cn", LdapLookup.group_attribute, "member"]
+      # Build filter
+      search_filter = Net::LDAP::Filter.eq("cn", search_param)
+      group_filter = Net::LDAP::Filter.eq("objectClass", "group")
+      composite_filter = Net::LDAP::Filter.join(search_filter, group_filter)
+      # Execute search, extracting the AD account name from each member of the distribution list
+      ldap.search(filter: composite_filter, attributes: result_attrs) do |item|
+        result_hash["group_name"] = item.cn.first
+        result_hash["group_email"] = item.umichGroupEmail.first
+        result_hash["members"] = item.member
+      end
+      return result_hash
+      get_ldap_response(ldap)
+    end
+  end

data/lib/ldap_lookup/version.rb

@@ -0,0 +1,3 @@
+module LdapLookup
+  VERSION = "0.1.1"
+end

metadata

@@ -0,0 +1,101 @@
+--- !ruby/object:Gem::Specification
+name: ldap_lookup
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- Rick Smoke
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2018-04-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: net-ldap
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.16.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.16.1
+description: This module is to be used for anonymous lookup of attributes in the MCommunity
+  service provide at the University of Michigan. It can be easily modifed to use other
+  LDAP server configurations.
+email:
+- rsmoke@umich.edu
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- CODE_OF_CONDUCT.md
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- ldap_lookup.gemspec
+- ldaptest.rb
+- lib/helpers/configuration.rb
+- lib/ldap_lookup.rb
+- lib/ldap_lookup/version.rb
+homepage: https://github.com/rsmoke/ldap_lookup.git
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.2
+signing_key: 
+specification_version: 4
+summary: For anonymous lookup of user LDAP attributes.
+test_files: []