ldap_lookup 0.1.7 → 0.1.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 174f93602c6a5158d0f3cce5d846eff7d2718eae02dc41eab13c843afadf86c8
-  data.tar.gz: 3d3de4dd9b981317460607a807b1a1fc0ceb38aa89dbe18fcd97e6aedab8c661
+  metadata.gz: 775477e51275859dcb210f1b996b14b10b9814bc7443df7a3fa9c63736460298
+  data.tar.gz: f1248f24d49b795c196a16f1b5edcaff1b4ab435127561fce5d24c320bd99630
 SHA512:
-  metadata.gz: 8f483e5246550e3aad01cb1185878b44fd7420cdb90d1b7c9126b5067e19fb6b812bbe4f448aa7144b09a8b1bd1fb998c25b281cb98d3b782745b107b8615ea6
-  data.tar.gz: e19cad4c0c17d93c30cfcbd7e1be5f43bbffe49a0e50bcf836938285994866c93a5dbcbeeac03f3c745d50caac996f1521616227a1f3ddcbe0854556cc72f073
+  metadata.gz: ba6cfe2623779bc3e73fde5258bf15bfc83fe0018d04ae8e7f052e95952f216e9a23c30a379bb3e4748453d60160f49c4a95636cda3966f39000714ecf479385
+  data.tar.gz: 84e07889f3a1b37d45c57fc690f62e878246c18b8da37c49a0ad5d65de5691ad2b160869c937af459fc02590297ec07474013fce30658f1a2870f8c0294ffbbb

data/README.md

@@ -9,7 +9,7 @@ This module is to be used for anonymous lookup of user attributes in the MCommun
 
 Requirements:
 * Ruby at least 2.0.0
-* Gem 'net-ldap' ~> '0.16.1'
+* Gem 'net-ldap' ~> '0.17.0'
 > *The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has a Missing SSL Certificate Validation.*
 
 To try the module out:
@@ -63,6 +63,10 @@ end
 
 ### Methods available
 
+__uid_exist?:__ returns true if uid is in LDAP
+```
+LdapLookup.uid_exist?(uniqname)
+```
 __get_simple_name:__ returns the Display Name
 ```
 LdapLookup.get_simple_name(uniqname = nil)

data/ldap_lookup.gemspec

@@ -24,5 +24,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "bundler", "~> 2.2.26"
   spec.add_development_dependency "rake", "~> 13.0"
   spec.add_development_dependency "rspec", "~> 3.7.0"
-  spec.add_dependency 'net-ldap', '~> 0.17.0'
+  spec.add_dependency 'net-ldap', '~> 0.18.0'
 end

data/ldaptest.rb

@@ -56,6 +56,7 @@ class Ldaptest
     puts "2: set new group_uid"
     puts "+++++++++++++++++++++++++"
     puts "3: get users full name"
+    puts "33: check if uid exists"
     puts "4: get users department"
     puts "5: get users email"
     puts "55: get all groups a user is a member of"
@@ -65,11 +66,14 @@ class Ldaptest
     puts "+++++++++++++++++++++++++"
     puts "8: what time is it?"
     puts "0: exit"
+    puts ""
+    print "Enter a number: "
 
     case gets.chomp.to_i
     when 1 then result_box(reset_uid)
     when 2 then result_box(reset_group_uid)
     when 3 then result_box(LdapLookup.get_simple_name(@uid))
+    when 33 then result_box(LdapLookup.uid_exist?(@uid))
     when 4 then result_box(LdapLookup.get_dept(@uid))
     when 5 then result_box(LdapLookup.get_email(@uid))
     when 55 then result_box(LdapLookup.all_groups_for_user(@uid))
@@ -80,7 +84,7 @@ class Ldaptest
 throw(:done)
     else
       print "\e[2J\e[f"
-      puts "====> Please type 1,2,3,4,5,55,6,7,8 or 0 only"
+      puts "====> Please type 1,2,3,33,4,5,55,6,7,8 or 0 only"
       2.times { puts " " }
     end
   end

data/lib/ldap_lookup/version.rb

@@ -1,3 +1,3 @@
 module LdapLookup
-  VERSION = "0.1.7"
+  VERSION = "0.1.8"
 end

data/lib/ldap_lookup.rb

@@ -1,158 +1,155 @@
-require_relative "helpers/configuration"
+require_relative 'helpers/configuration'
+require 'net/ldap'
 
 module LdapLookup
-  require "net/ldap"
-
   extend Configuration
 
   define_setting :host
-  define_setting :port, "389"
+  define_setting :port, '389'
   define_setting :base
   define_setting :dept_attribute
   define_setting :group_attribute
 
-  # this was developed using guidence from this gist:
-  # https://gist.githubusercontent.com/jeffjohnson9046/7012167/raw/86587b9637ddc2ece7a42df774980fa9c0aac9b3/ruby-ldap-sample.rb
-
-  #######################################################################################################################
-  ## HELPER/UTILITY METHOD
-  ##   This method interprets the response/return code from an LDAP bind operation (bind, search, add, modify, rename,
-  ##   delete).  This method isn't necessarily complete, but it's a good starting point for handling the response codes
-  ##   from an LDAP bind operation.
-  ##
-  ##   Additional details for the get_operation_result method can be found here:
-  ##   http://net-ldap.rubyforge.org/Net/LDAP.html#method-i-get_operation_result
-  ########################################################################################################################
   def self.get_ldap_response(ldap)
-    msg = "Response Code: #{ldap.get_operation_result.code}, Message: #{ldap.get_operation_result.message}"
-    raise msg unless ldap.get_operation_result.code == 0
+    response = ldap.get_operation_result
+    raise "Response Code: #{response.code}, Message: #{response.message}" unless response.code.zero?
   end
 
-  #######################################################################################################################
-  # SET UP LDAP CONNECTION
-  # Setting up a connection to the LDAP server using .new() does not actually send any network traffic to the LDAP
-  # server.  When you call an operation on ldap (e.g. add or search), .bind is called implicitly.  *That's* when the
-  # connection is made to the LDAP server.  This means that each operation called on the ldap object will create its own
-  # network connection to the LDAP server.
-  #######################################################################################################################
   def self.ldap_connection
-    ldap = Net::LDAP.new host: host, # your LDAP host name or IP goes here,
-                         port: port, # your LDAP host port goes here,
-                         base: base, # the base of your AD tree goes here,
-                         auth: {
-                           :method => :anonymous,
-                         }
+    Net::LDAP.new(
+      host: host,
+      port: port,
+      base: base,
+      auth: { method: :anonymous }
+    )
   end
 
-  # GET THE DISPLAY NAME FOR A SINGLE USER
-  def self.get_simple_name(uniqname = nil)
+  def self.get_user_attribute(uniqname, attribute)
     ldap = ldap_connection
-    search_param = uniqname # the AD account goes here
-    result_attrs = ["displayName"] # Whatever you want to bring back in your result set goes here
-    # Build filter
-    search_filter = Net::LDAP::Filter.eq("uid", search_param)
-    # Execute search
-    result = ldap.search(filter: search_filter, attributes: result_attrs)
-      if result.length != 0
-        return result.first.displayname.first
-      else
-        return "No such user"
-      end
+    search_param = uniqname
+    result_attrs = [attribute]
+
+    search_filter = Net::LDAP::Filter.eq('uid', search_param)
+
+    ldap.search(filter: search_filter, attributes: result_attrs) do |item|
+      value = item[attribute]&.first
+      return value unless value.nil?
+    end
+
+    "No #{attribute} found for #{uniqname}"
+  ensure
     get_ldap_response(ldap)
   end
 
-  # GET THE PRIMARY DEPARTMENT FOR A SINGLE USER
-  def self.get_dept(uniqname = nil)
+  def self.get_nested_attribute(uniqname, nested_attribute)
     ldap = ldap_connection
-    search_param = uniqname # the AD account goes here
-    result_attrs = [dept_attribute] # Whatever you want to bring back in your result set goes here
-    # Build filter
-    search_filter = Net::LDAP::Filter.eq("uid", search_param)
-    # Execute search
-    ldap.search(filter: search_filter, attributes: result_attrs) { |item|
-      return dept_name = item.umichpostaladdressdata.first.split("}:{").first.split("=")[1] unless item.umichpostaladdressdata.first.nil?
-    }
+    search_param = uniqname
+    # Specify the full nested attribute path using dot notation
+    result_attrs = [nested_attribute.split('.').first]
+  
+    search_filter = Net::LDAP::Filter.eq('uid', search_param)
+  
+    ldap.search(filter: search_filter, attributes: result_attrs) do |item|
+      # Split the string into key-value pairs
+      if string1 = item[nested_attribute.split('.').first]&.first
+        key_value_pairs = string1.split('}:{')
+        # Find the key-value pair for addr1
+        target_pair = key_value_pairs.find { |pair| pair.include?("#{nested_attribute.split('.').last}=") } 
+        # Extract the target value
+        target_pair_value = target_pair.split('=').last
+        return target_pair_value unless target_pair_value.nil?
+      end
+    end
+    "No #{nested_attribute} found for #{uniqname}"
+
+  ensure
     get_ldap_response(ldap)
   end
 
-  # GET THE E-MAIL ADDRESS FOR A SINGLE USER
-  def self.get_email(uniqname = nil)
+  # method to check if a uid exist in LDAP
+  def self.uid_exist?(uniqname)
     ldap = ldap_connection
-    search_param = uniqname # the AD account goes here
-    result_attrs = ["mail"] # Whatever you want to bring back in your result set goes here
-    # Build filter
-    search_filter = Net::LDAP::Filter.eq("uid", search_param)
-    # Execute search
-    ldap.search(filter: search_filter, attributes: result_attrs) { |item|
-      return item.mail.first
-    }
+    search_param = uniqname
+
+    search_filter = Net::LDAP::Filter.eq('uid', search_param)
+
+    ldap.search(filter: search_filter) do |item|
+      return true if item['uid'].first == search_param
+    end
+
+    false
+  ensure
     get_ldap_response(ldap)
   end
 
-  # ---------------------------------------------------------------------------------------------------------------------
-  # Check if the UID is a member of an LDAP group. This function returns TRUE
-  # if uid passed in is a member of group_name passed in. Otherwise it will
-  # return false.
-  def self.is_member_of_group?(uid = nil, group_name = nil)
+  def self.get_simple_name(uniqname)
+    get_user_attribute(uniqname, 'displayname')
+  end
+
+  def self.get_email(uniqname)
+    get_user_attribute(uniqname, 'mail')
+  end
+
+  def self.get_dept(uniqname)
+    get_nested_attribute(uniqname, 'umichpostaladdressdata.addr1')
+  end
+
+  def self.is_member_of_group?(uid, group_name)
     ldap = ldap_connection
-    # GET THE MEMBERS OF AN E-MAIL DISTRIBUTION LIST
-    search_param = group_name # the name of the distribution list you're looking for goes here
-    result_attrs = ["member"]
-    # Build filter
-    search_filter = Net::LDAP::Filter.eq("cn", search_param)
-    group_filter = Net::LDAP::Filter.eq("objectClass", "group")
-    composite_filter = Net::LDAP::Filter.join(search_filter, group_filter)
-    # Execute search, extracting the AD account name from each member of the distribution list
-    ldap.search(filter: composite_filter, attributes: result_attrs) do |item|
-      if item.attribute_names.include?(:member)
-        item.member.each do |entry|
-          if entry.split(",").first.split("=")[1] == uid
-            return true
-          end
-        end
-      end
+    search_param = group_name
+    result_attrs = ['member']
+
+    search_filter = Net::LDAP::Filter.join(
+      Net::LDAP::Filter.eq('cn', search_param),
+      Net::LDAP::Filter.eq('objectClass', 'group')
+    )
+
+    ldap.search(filter: search_filter, attributes: result_attrs) do |item|
+      members = item['member']
+      return true if members&.any? { |entry| entry.split(',').first.split('=')[1] == uid }
     end
-    return false
+
+    false
+  ensure
     get_ldap_response(ldap)
   end
 
-  # ---------------------------------------------------------------------------------------------------------------------
-  # Get the Name email and members of an LDAP group as a hash
-  def self.get_email_distribution_list(group_name = nil)
+  def self.get_email_distribution_list(group_name)
     ldap = ldap_connection
     result_hash = {}
-    member_hash = {}
-    # GET THE MEMBERS OF AN E-MAIL DISTRIBUTION LIST
-    search_param = group_name # the name of the distribution list you're looking for goes here
-    result_attrs = ["cn", group_attribute, "member"]
-    # Build filter
-    search_filter = Net::LDAP::Filter.eq("cn", search_param)
-    group_filter = Net::LDAP::Filter.eq("objectClass", "group")
-    composite_filter = Net::LDAP::Filter.join(search_filter, group_filter)
-    # Execute search, extracting the AD account name from each member of the distribution list
-    ldap.search(filter: composite_filter, attributes: result_attrs) do |item|
-      result_hash["group_name"] = item.cn.first
-      result_hash["group_email"] = item.umichGroupEmail.first
-      individual_array = []
-      item.member.each do |individual|
-        individual_array.push(individual.split(",").first.split("=")[1])
-      end
-      result_hash["members"] = individual_array.sort
+
+    search_param = group_name
+    result_attrs = %w[cn umichGroupEmail member]
+
+    search_filter = Net::LDAP::Filter.join(
+      Net::LDAP::Filter.eq('cn', search_param),
+      Net::LDAP::Filter.eq('objectClass', 'group')
+    )
+
+    ldap.search(filter: search_filter, attributes: result_attrs) do |item|
+      result_hash['group_name'] = item['cn']&.first
+      result_hash['group_email'] = item['umichGroupEmail']&.first
+      members = item['member']&.map { |individual| individual.split(',').first.split('=')[1] }
+      result_hash['members'] = members&.sort || []
     end
-    return result_hash
+
+    result_hash
+  ensure
     get_ldap_response(ldap)
   end
 
-  # ---------------------------------------------------------------------------
-  #  Get the groups a user is a member of
-  def self.all_groups_for_user(uid = nil)
+  def self.all_groups_for_user(uid)
     ldap = ldap_connection
     result_array = []
-    result_attrs = ["dn"]
+
+    result_attrs = ['dn']
+
     ldap.search(filter: "member=uid=#{uid},ou=People,dc=umich,dc=edu", attributes: result_attrs) do |item|
-      item.each { |key, value| result_array << value.first.split("=")[1].split(",")[0] }
+      item.each { |key, value| result_array << value.first.split('=')[1].split(',')[0] }
     end
-    return result_array.sort
+
+    result_array.sort
+  ensure
     get_ldap_response(ldap)
   end
-end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ldap_lookup
 version: !ruby/object:Gem::Version
-  version: 0.1.7
+  version: 0.1.8
 platform: ruby
 authors:
 - Rick Smoke
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-04-11 00:00:00.000000000 Z
+date: 2023-09-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -58,14 +58,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.17.0
+        version: 0.18.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.17.0
+        version: 0.18.0
 description: This module is to be used for anonymous lookup of attributes in the MCommunity
   service provide at the University of Michigan. It can be easily modifed to use other
   LDAP server configurations.
@@ -76,8 +76,6 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".github/dependabot.yml"
-- ".github/workflows/codeql.yml"
-- ".github/workflows/gem-push.yml"
 - ".gitignore"
 - CODE_OF_CONDUCT.md
 - Gemfile
@@ -111,7 +109,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.22
+rubygems_version: 3.4.16
 signing_key:
 specification_version: 4
 summary: For anonymous lookup of user LDAP attributes.

data/.github/workflows/codeql.yml

@@ -1,76 +0,0 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
-name: "CodeQL"
-
-on:
-  push:
-    branches: [ "master" ]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ "master" ]
-  schedule:
-    - cron: '24 23 * * 2'
-
-jobs:
-  analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'ruby' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
-        # Use only 'java' to analyze code written in Java, Kotlin or both
-        # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
-        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v3
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-
-        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
-        # queries: security-extended,security-and-quality
-
-
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
-
-    #   If the Autobuild fails above, remove it and uncomment the following three lines.
-    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
-
-    # - run: |
-    #     echo "Run, Build Application using script"
-    #     ./location_of_script_within_repo/buildscript.sh
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
-      with:
-        category: "/language:${{matrix.language}}"

data/.github/workflows/gem-push.yml

@@ -1,45 +0,0 @@
-name: Ruby Gem
-
-on:
-  push:
-    branches: [ "master" ]
-  pull_request:
-    branches: [ "master" ]
-
-jobs:
-  build:
-    name: Build + Publish
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-
-    steps:
-    - uses: actions/checkout@v3
-    - name: Set up Ruby 2.6
-      uses: actions/setup-ruby@v1
-      with:
-        ruby-version: 2.6.x
-
-    - name: Publish to GPR
-      run: |
-        mkdir -p $HOME/.gem
-        touch $HOME/.gem/credentials
-        chmod 0600 $HOME/.gem/credentials
-        printf -- "---\n:github: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
-        gem build *.gemspec
-        gem push --KEY github --host https://rubygems.pkg.github.com/${OWNER} *.gem
-      env:
-        GEM_HOST_API_KEY: "Bearer ${{secrets.GITHUB_TOKEN}}"
-        OWNER: ${{ github.repository_owner }}
-
-    - name: Publish to RubyGems
-      run: |
-        mkdir -p $HOME/.gem
-        touch $HOME/.gem/credentials
-        chmod 0600 $HOME/.gem/credentials
-        printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
-        gem build *.gemspec
-        gem push *.gem
-      env:
-        GEM_HOST_API_KEY: "${{secrets.RUBYGEMS_AUTH_TOKEN}}"