ldap_lookup 0.1.6 → 0.1.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/dependabot.yml +11 -0
- data/Gemfile.lock +1 -1
- data/README.md +5 -1
- data/ldap_lookup.gemspec +1 -1
- data/ldaptest.rb +5 -1
- data/lib/ldap_lookup/version.rb +1 -1
- data/lib/ldap_lookup.rb +111 -115
- metadata +6 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 775477e51275859dcb210f1b996b14b10b9814bc7443df7a3fa9c63736460298
|
4
|
+
data.tar.gz: f1248f24d49b795c196a16f1b5edcaff1b4ab435127561fce5d24c320bd99630
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ba6cfe2623779bc3e73fde5258bf15bfc83fe0018d04ae8e7f052e95952f216e9a23c30a379bb3e4748453d60160f49c4a95636cda3966f39000714ecf479385
|
7
|
+
data.tar.gz: 84e07889f3a1b37d45c57fc690f62e878246c18b8da37c49a0ad5d65de5691ad2b160869c937af459fc02590297ec07474013fce30658f1a2870f8c0294ffbbb
|
@@ -0,0 +1,11 @@
|
|
1
|
+
# To get started with Dependabot version updates, you'll need to specify which
|
2
|
+
# package ecosystems to update and where the package manifests are located.
|
3
|
+
# Please see the documentation for all configuration options:
|
4
|
+
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
|
5
|
+
|
6
|
+
version: 2
|
7
|
+
updates:
|
8
|
+
- package-ecosystem: "" # See documentation for possible values
|
9
|
+
directory: "/" # Location of package manifests
|
10
|
+
schedule:
|
11
|
+
interval: "weekly"
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -9,7 +9,7 @@ This module is to be used for anonymous lookup of user attributes in the MCommun
|
|
9
9
|
|
10
10
|
Requirements:
|
11
11
|
* Ruby at least 2.0.0
|
12
|
-
* Gem 'net-ldap' ~> '0.
|
12
|
+
* Gem 'net-ldap' ~> '0.17.0'
|
13
13
|
> *The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has a Missing SSL Certificate Validation.*
|
14
14
|
|
15
15
|
To try the module out:
|
@@ -63,6 +63,10 @@ end
|
|
63
63
|
|
64
64
|
### Methods available
|
65
65
|
|
66
|
+
__uid_exist?:__ returns true if uid is in LDAP
|
67
|
+
```
|
68
|
+
LdapLookup.uid_exist?(uniqname)
|
69
|
+
```
|
66
70
|
__get_simple_name:__ returns the Display Name
|
67
71
|
```
|
68
72
|
LdapLookup.get_simple_name(uniqname = nil)
|
data/ldap_lookup.gemspec
CHANGED
@@ -24,5 +24,5 @@ Gem::Specification.new do |spec|
|
|
24
24
|
spec.add_development_dependency "bundler", "~> 2.2.26"
|
25
25
|
spec.add_development_dependency "rake", "~> 13.0"
|
26
26
|
spec.add_development_dependency "rspec", "~> 3.7.0"
|
27
|
-
spec.add_dependency 'net-ldap', '~> 0.
|
27
|
+
spec.add_dependency 'net-ldap', '~> 0.18.0'
|
28
28
|
end
|
data/ldaptest.rb
CHANGED
@@ -56,6 +56,7 @@ class Ldaptest
|
|
56
56
|
puts "2: set new group_uid"
|
57
57
|
puts "+++++++++++++++++++++++++"
|
58
58
|
puts "3: get users full name"
|
59
|
+
puts "33: check if uid exists"
|
59
60
|
puts "4: get users department"
|
60
61
|
puts "5: get users email"
|
61
62
|
puts "55: get all groups a user is a member of"
|
@@ -65,11 +66,14 @@ class Ldaptest
|
|
65
66
|
puts "+++++++++++++++++++++++++"
|
66
67
|
puts "8: what time is it?"
|
67
68
|
puts "0: exit"
|
69
|
+
puts ""
|
70
|
+
print "Enter a number: "
|
68
71
|
|
69
72
|
case gets.chomp.to_i
|
70
73
|
when 1 then result_box(reset_uid)
|
71
74
|
when 2 then result_box(reset_group_uid)
|
72
75
|
when 3 then result_box(LdapLookup.get_simple_name(@uid))
|
76
|
+
when 33 then result_box(LdapLookup.uid_exist?(@uid))
|
73
77
|
when 4 then result_box(LdapLookup.get_dept(@uid))
|
74
78
|
when 5 then result_box(LdapLookup.get_email(@uid))
|
75
79
|
when 55 then result_box(LdapLookup.all_groups_for_user(@uid))
|
@@ -80,7 +84,7 @@ class Ldaptest
|
|
80
84
|
throw(:done)
|
81
85
|
else
|
82
86
|
print "\e[2J\e[f"
|
83
|
-
puts "====> Please type 1,2,3,4,5,55,6,7,8 or 0 only"
|
87
|
+
puts "====> Please type 1,2,3,33,4,5,55,6,7,8 or 0 only"
|
84
88
|
2.times { puts " " }
|
85
89
|
end
|
86
90
|
end
|
data/lib/ldap_lookup/version.rb
CHANGED
data/lib/ldap_lookup.rb
CHANGED
@@ -1,159 +1,155 @@
|
|
1
|
-
require_relative
|
1
|
+
require_relative 'helpers/configuration'
|
2
|
+
require 'net/ldap'
|
2
3
|
|
3
4
|
module LdapLookup
|
4
|
-
require "net/ldap"
|
5
|
-
|
6
5
|
extend Configuration
|
7
6
|
|
8
7
|
define_setting :host
|
9
|
-
define_setting :port,
|
8
|
+
define_setting :port, '389'
|
10
9
|
define_setting :base
|
11
10
|
define_setting :dept_attribute
|
12
11
|
define_setting :group_attribute
|
13
12
|
|
14
|
-
# this was developed using guidence from this gist:
|
15
|
-
# https://gist.githubusercontent.com/jeffjohnson9046/7012167/raw/86587b9637ddc2ece7a42df774980fa9c0aac9b3/ruby-ldap-sample.rb
|
16
|
-
|
17
|
-
#######################################################################################################################
|
18
|
-
## HELPER/UTILITY METHOD
|
19
|
-
## This method interprets the response/return code from an LDAP bind operation (bind, search, add, modify, rename,
|
20
|
-
## delete). This method isn't necessarily complete, but it's a good starting point for handling the response codes
|
21
|
-
## from an LDAP bind operation.
|
22
|
-
##
|
23
|
-
## Additional details for the get_operation_result method can be found here:
|
24
|
-
## http://net-ldap.rubyforge.org/Net/LDAP.html#method-i-get_operation_result
|
25
|
-
########################################################################################################################
|
26
13
|
def self.get_ldap_response(ldap)
|
27
|
-
|
28
|
-
raise
|
14
|
+
response = ldap.get_operation_result
|
15
|
+
raise "Response Code: #{response.code}, Message: #{response.message}" unless response.code.zero?
|
29
16
|
end
|
30
17
|
|
31
|
-
#######################################################################################################################
|
32
|
-
# SET UP LDAP CONNECTION
|
33
|
-
# Setting up a connection to the LDAP server using .new() does not actually send any network traffic to the LDAP
|
34
|
-
# server. When you call an operation on ldap (e.g. add or search), .bind is called implicitly. *That's* when the
|
35
|
-
# connection is made to the LDAP server. This means that each operation called on the ldap object will create its own
|
36
|
-
# network connection to the LDAP server.
|
37
|
-
#######################################################################################################################
|
38
18
|
def self.ldap_connection
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
19
|
+
Net::LDAP.new(
|
20
|
+
host: host,
|
21
|
+
port: port,
|
22
|
+
base: base,
|
23
|
+
auth: { method: :anonymous }
|
24
|
+
)
|
45
25
|
end
|
46
26
|
|
47
|
-
|
48
|
-
def self.get_simple_name(uniqname = nil)
|
27
|
+
def self.get_user_attribute(uniqname, attribute)
|
49
28
|
ldap = ldap_connection
|
50
|
-
search_param = uniqname
|
51
|
-
result_attrs = [
|
52
|
-
|
53
|
-
search_filter = Net::LDAP::Filter.eq(
|
54
|
-
|
55
|
-
ldap.search(filter: search_filter, attributes: result_attrs)
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
29
|
+
search_param = uniqname
|
30
|
+
result_attrs = [attribute]
|
31
|
+
|
32
|
+
search_filter = Net::LDAP::Filter.eq('uid', search_param)
|
33
|
+
|
34
|
+
ldap.search(filter: search_filter, attributes: result_attrs) do |item|
|
35
|
+
value = item[attribute]&.first
|
36
|
+
return value unless value.nil?
|
37
|
+
end
|
38
|
+
|
39
|
+
"No #{attribute} found for #{uniqname}"
|
40
|
+
ensure
|
62
41
|
get_ldap_response(ldap)
|
63
42
|
end
|
64
43
|
|
65
|
-
|
66
|
-
def self.get_dept(uniqname = nil)
|
44
|
+
def self.get_nested_attribute(uniqname, nested_attribute)
|
67
45
|
ldap = ldap_connection
|
68
|
-
search_param = uniqname
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
46
|
+
search_param = uniqname
|
47
|
+
# Specify the full nested attribute path using dot notation
|
48
|
+
result_attrs = [nested_attribute.split('.').first]
|
49
|
+
|
50
|
+
search_filter = Net::LDAP::Filter.eq('uid', search_param)
|
51
|
+
|
52
|
+
ldap.search(filter: search_filter, attributes: result_attrs) do |item|
|
53
|
+
# Split the string into key-value pairs
|
54
|
+
if string1 = item[nested_attribute.split('.').first]&.first
|
55
|
+
key_value_pairs = string1.split('}:{')
|
56
|
+
# Find the key-value pair for addr1
|
57
|
+
target_pair = key_value_pairs.find { |pair| pair.include?("#{nested_attribute.split('.').last}=") }
|
58
|
+
# Extract the target value
|
59
|
+
target_pair_value = target_pair.split('=').last
|
60
|
+
return target_pair_value unless target_pair_value.nil?
|
61
|
+
end
|
62
|
+
end
|
63
|
+
"No #{nested_attribute} found for #{uniqname}"
|
64
|
+
|
65
|
+
ensure
|
76
66
|
get_ldap_response(ldap)
|
77
67
|
end
|
78
68
|
|
79
|
-
#
|
80
|
-
def self.
|
69
|
+
# method to check if a uid exist in LDAP
|
70
|
+
def self.uid_exist?(uniqname)
|
81
71
|
ldap = ldap_connection
|
82
|
-
search_param = uniqname
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
72
|
+
search_param = uniqname
|
73
|
+
|
74
|
+
search_filter = Net::LDAP::Filter.eq('uid', search_param)
|
75
|
+
|
76
|
+
ldap.search(filter: search_filter) do |item|
|
77
|
+
return true if item['uid'].first == search_param
|
78
|
+
end
|
79
|
+
|
80
|
+
false
|
81
|
+
ensure
|
90
82
|
get_ldap_response(ldap)
|
91
83
|
end
|
92
84
|
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
def self.
|
85
|
+
def self.get_simple_name(uniqname)
|
86
|
+
get_user_attribute(uniqname, 'displayname')
|
87
|
+
end
|
88
|
+
|
89
|
+
def self.get_email(uniqname)
|
90
|
+
get_user_attribute(uniqname, 'mail')
|
91
|
+
end
|
92
|
+
|
93
|
+
def self.get_dept(uniqname)
|
94
|
+
get_nested_attribute(uniqname, 'umichpostaladdressdata.addr1')
|
95
|
+
end
|
96
|
+
|
97
|
+
def self.is_member_of_group?(uid, group_name)
|
98
98
|
ldap = ldap_connection
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
ldap.search(filter:
|
108
|
-
|
109
|
-
|
110
|
-
if entry.split(",").first.split("=")[1] == uid
|
111
|
-
return true
|
112
|
-
end
|
113
|
-
end
|
114
|
-
end
|
99
|
+
search_param = group_name
|
100
|
+
result_attrs = ['member']
|
101
|
+
|
102
|
+
search_filter = Net::LDAP::Filter.join(
|
103
|
+
Net::LDAP::Filter.eq('cn', search_param),
|
104
|
+
Net::LDAP::Filter.eq('objectClass', 'group')
|
105
|
+
)
|
106
|
+
|
107
|
+
ldap.search(filter: search_filter, attributes: result_attrs) do |item|
|
108
|
+
members = item['member']
|
109
|
+
return true if members&.any? { |entry| entry.split(',').first.split('=')[1] == uid }
|
115
110
|
end
|
116
|
-
|
111
|
+
|
112
|
+
false
|
113
|
+
ensure
|
117
114
|
get_ldap_response(ldap)
|
118
115
|
end
|
119
116
|
|
120
|
-
|
121
|
-
# Get the Name email and members of an LDAP group as a hash
|
122
|
-
def self.get_email_distribution_list(group_name = nil)
|
117
|
+
def self.get_email_distribution_list(group_name)
|
123
118
|
ldap = ldap_connection
|
124
119
|
result_hash = {}
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
ldap.search(filter:
|
135
|
-
result_hash[
|
136
|
-
result_hash[
|
137
|
-
|
138
|
-
|
139
|
-
individual_array.push(individual.split(",").first.split("=")[1])
|
140
|
-
end
|
141
|
-
result_hash["members"] = individual_array.sort
|
120
|
+
|
121
|
+
search_param = group_name
|
122
|
+
result_attrs = %w[cn umichGroupEmail member]
|
123
|
+
|
124
|
+
search_filter = Net::LDAP::Filter.join(
|
125
|
+
Net::LDAP::Filter.eq('cn', search_param),
|
126
|
+
Net::LDAP::Filter.eq('objectClass', 'group')
|
127
|
+
)
|
128
|
+
|
129
|
+
ldap.search(filter: search_filter, attributes: result_attrs) do |item|
|
130
|
+
result_hash['group_name'] = item['cn']&.first
|
131
|
+
result_hash['group_email'] = item['umichGroupEmail']&.first
|
132
|
+
members = item['member']&.map { |individual| individual.split(',').first.split('=')[1] }
|
133
|
+
result_hash['members'] = members&.sort || []
|
142
134
|
end
|
143
|
-
|
135
|
+
|
136
|
+
result_hash
|
137
|
+
ensure
|
144
138
|
get_ldap_response(ldap)
|
145
139
|
end
|
146
140
|
|
147
|
-
|
148
|
-
# Get the groups a user is a member of
|
149
|
-
def self.all_groups_for_user(uid = nil)
|
141
|
+
def self.all_groups_for_user(uid)
|
150
142
|
ldap = ldap_connection
|
151
143
|
result_array = []
|
152
|
-
|
144
|
+
|
145
|
+
result_attrs = ['dn']
|
146
|
+
|
153
147
|
ldap.search(filter: "member=uid=#{uid},ou=People,dc=umich,dc=edu", attributes: result_attrs) do |item|
|
154
|
-
item.each { |key, value| result_array << value.first.split(
|
148
|
+
item.each { |key, value| result_array << value.first.split('=')[1].split(',')[0] }
|
155
149
|
end
|
156
|
-
|
150
|
+
|
151
|
+
result_array.sort
|
152
|
+
ensure
|
157
153
|
get_ldap_response(ldap)
|
158
154
|
end
|
159
|
-
end
|
155
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ldap_lookup
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.8
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Rick Smoke
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-09-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -58,14 +58,14 @@ dependencies:
|
|
58
58
|
requirements:
|
59
59
|
- - "~>"
|
60
60
|
- !ruby/object:Gem::Version
|
61
|
-
version: 0.
|
61
|
+
version: 0.18.0
|
62
62
|
type: :runtime
|
63
63
|
prerelease: false
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
65
65
|
requirements:
|
66
66
|
- - "~>"
|
67
67
|
- !ruby/object:Gem::Version
|
68
|
-
version: 0.
|
68
|
+
version: 0.18.0
|
69
69
|
description: This module is to be used for anonymous lookup of attributes in the MCommunity
|
70
70
|
service provide at the University of Michigan. It can be easily modifed to use other
|
71
71
|
LDAP server configurations.
|
@@ -75,6 +75,7 @@ executables: []
|
|
75
75
|
extensions: []
|
76
76
|
extra_rdoc_files: []
|
77
77
|
files:
|
78
|
+
- ".github/dependabot.yml"
|
78
79
|
- ".gitignore"
|
79
80
|
- CODE_OF_CONDUCT.md
|
80
81
|
- Gemfile
|
@@ -108,7 +109,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
108
109
|
- !ruby/object:Gem::Version
|
109
110
|
version: '0'
|
110
111
|
requirements: []
|
111
|
-
rubygems_version: 3.
|
112
|
+
rubygems_version: 3.4.16
|
112
113
|
signing_key:
|
113
114
|
specification_version: 4
|
114
115
|
summary: For anonymous lookup of user LDAP attributes.
|