ldap_lookup 2.0.0 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +55 -21
  3. data/lib/ldap_lookup/version.rb +1 -1
  4. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 957c311d5d68fcc94258c7f1263c2c17c4f9c2455f7043832fe5c3791ebd3cc8
4
- data.tar.gz: e3029a5edf0799b9f1d5a13407639658f7360d9a1c8e4cfd663798f014008e06
3
+ metadata.gz: 393d3bdcafb4cadf5648c6916122ebfb7b0c6fefe79c5d50b6c6c57f6d6997cc
4
+ data.tar.gz: de8be14be88d2d4e3102971cf62d4a316cdc6a0aaa7e6268aee62659723e5ca2
5
5
  SHA512:
6
- metadata.gz: 32f0da915876e614ca9374d59a3045e924905b7ff2f218a4b73133d92ca718dec5afdd0f91fbcdf23052b9cddde85c37f075d8311d6a91aac539dce3cf2bfc31
7
- data.tar.gz: 8d788fd099caf5b0df62e6e7eac16303b08ec18ec2b4ec734a5d3e84d0b6a730bf1bfc4b93b8ee6ec5a3af3cfd6409a46a605a8fa2b350a1fe56987d1c50a62e
6
+ metadata.gz: 7dd298be615e445056d806602b27cb05e01a0783556fe09c32d1c5599ff877a18c286d1d2e845f1f5ec30c4b08745668ec5fd8f2717e4393cc7c45dd7e33254d
7
+ data.tar.gz: 6bb46112525a64c3c63fd1cb2d356e151ff48154515684040d5c1519464619681942f36a45ba275d0749abcd5b04afd81bc28ddb9a72d9c403eba5dc093d0970
data/README.md CHANGED
@@ -9,22 +9,35 @@ This module is to be used for authenticated or anonymous lookup of user attribut
9
9
 
10
10
  Requirements:
11
11
  * Ruby at least 2.0.0
12
- * Gem 'net-ldap' ~> '0.17.0'
12
+ * Gem 'net-ldap' ~> '0.18.0'
13
13
  > *The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has a Missing SSL Certificate Validation.*
14
14
 
15
15
  To try the module out:
16
16
  1. Clone the repo
17
- 2. Edit the configurations by opening ldaptest.rb and set the *CONFIGURATION BLOCK* to your environment.
17
+ 2. Copy the env template and set credentials: `cp .env.example .env`
18
+ 3. Load the env vars into your shell (example):
19
+ ```bash
20
+ set -a
21
+ source .env
22
+ set +a
23
+ ```
24
+ 4. Edit the configurations by opening ldaptest.rb and set the *CONFIGURATION BLOCK* to your environment (it reads from the `.env` values you just loaded).
18
25
  <pre>
19
26
  LdapLookup.configuration do |config|
20
- config.host = <em>< your host ></em> # "ldap.umich.edu"
21
- config.port = <em>< your port ></em> # "389" (default) for STARTTLS, "636" for LDAPS
22
- config.base = <em>< your LDAP base ></em> # "dc=umich,dc=edu"
23
- config.username = <em>< your uniqname ></em> # Your UM uniqname (e.g., "rsmoke")
24
- config.password = <em>< your password ></em> # Your UM password
25
- config.encryption = :start_tls # :start_tls (default, port 389) or :simple_tls (LDAPS, port 636)
26
- config.dept_attribute = <em>< your dept attribute ></em> # "umichPostalAddressData"
27
- config.group_attribute = <em>< your group email attribute ></em> # "umichGroupEmail"
27
+ config.host = ENV['LDAP_HOST'] || "ldap.umich.edu"
28
+ config.port = ENV['LDAP_PORT'] || "389"
29
+ config.base = ENV['LDAP_BASE'] || "dc=umich,dc=edu"
30
+ # Leave username/password unset for anonymous binds
31
+ config.username = ENV['LDAP_USERNAME']
32
+ config.password = ENV['LDAP_PASSWORD']
33
+ # Read encryption from ENV, default to start_tls
34
+ encryption_str = ENV['LDAP_ENCRYPTION'] || 'start_tls'
35
+ config.encryption = encryption_str.to_sym
36
+ config.dept_attribute = ENV['LDAP_DEPT_ATTRIBUTE'] || "umichPostalAddressData"
37
+ config.group_attribute = ENV['LDAP_GROUP_ATTRIBUTE'] || "umichGroupEmail"
38
+ # Enable LDAP debug logging in this test runner
39
+ debug_str = ENV['LDAP_DEBUG']
40
+ config.debug = debug_str ? debug_str.to_s.downcase == 'true' : true
28
41
  end
29
42
  </pre>
30
43
 
@@ -36,7 +49,7 @@ end
36
49
 
37
50
  The gem can also perform **anonymous binds** for LDAP servers that allow them. To use anonymous binds, leave `LDAP_USERNAME` and `LDAP_PASSWORD` unset.
38
51
 
39
- 3. run the ldaptest.rb script
52
+ 5. run the ldaptest.rb script
40
53
  ```ruby
41
54
  ruby ./ldaptest.rb
42
55
  ```
@@ -79,21 +92,21 @@ LdapLookup.configuration do |config|
79
92
  config.host = ENV.fetch('LDAP_HOST', 'ldap.umich.edu')
80
93
  config.port = ENV.fetch('LDAP_PORT', '389')
81
94
  config.base = ENV.fetch('LDAP_BASE', 'dc=umich,dc=edu')
82
-
95
+
83
96
  # Authentication (optional for anonymous binds)
84
97
  # Leave unset to use anonymous binds (if your LDAP server allows it)
85
98
  config.username = ENV['LDAP_USERNAME']
86
99
  config.password = ENV['LDAP_PASSWORD']
87
-
100
+
88
101
  # If using a service account with custom bind DN, uncomment and set:
89
102
  # config.bind_dn = 'cn=service-account,ou=Service Accounts,dc=umich,dc=edu'
90
-
103
+
91
104
  # Encryption - REQUIRED (defaults to STARTTLS)
92
105
  config.encryption = ENV.fetch('LDAP_ENCRYPTION', 'start_tls').to_sym
93
106
  # Use :simple_tls for LDAPS on port 636
94
107
  # TLS verification (defaults to true). Set LDAP_TLS_VERIFY=false only for local testing.
95
108
  # Optional custom CA bundle: set LDAP_CA_CERT=/path/to/ca-bundle.pem
96
-
109
+
97
110
  # Optional: Attribute Configuration
98
111
  config.dept_attribute = ENV.fetch('LDAP_DEPT_ATTRIBUTE', 'umichPostalAddressData')
99
112
  config.group_attribute = ENV.fetch('LDAP_GROUP_ATTRIBUTE', 'umichGroupEmail')
@@ -118,19 +131,40 @@ end
118
131
 
119
132
  #### Step 4: Set Environment Variables
120
133
 
121
- **Never hardcode credentials in your code!** Use environment variables (Hatchbox, Heroku, etc.):
134
+ **Never hardcode credentials in your code!** Use environment variables (Hatchbox, Heroku, etc.).
135
+
136
+ **Development with `.env.example` (recommended):**
137
+ 1. Copy the template: `cp .env.example .env`
138
+ 2. Update the values in `.env` for your environment.
139
+ 3. Load the variables into your shell (example):
140
+ ```bash
141
+ set -a
142
+ source .env
143
+ set +a
144
+ ```
122
145
 
146
+ **Typical `.env` values:**
123
147
  ```bash
124
- # In your .env file (for development)
125
148
  LDAP_USERNAME=your_service_account_uniqname
126
149
  LDAP_PASSWORD=your_service_account_password
150
+ ```
151
+
152
+ **Optional settings (override defaults as needed):**
153
+ ```bash
154
+ LDAP_HOST=ldap.umich.edu
155
+ LDAP_PORT=389
156
+ LDAP_BASE=dc=umich,dc=edu
157
+ LDAP_ENCRYPTION=start_tls
158
+ LDAP_TLS_VERIFY=true
159
+ LDAP_CA_CERT=/path/to/ca-bundle.pem
160
+ LDAP_DEPT_ATTRIBUTE=umichPostalAddressData
161
+ LDAP_GROUP_ATTRIBUTE=umichGroupEmail
162
+ ```
127
163
 
128
- # Or export in your shell
164
+ **Alternative: export in your shell**
165
+ ```bash
129
166
  export LDAP_USERNAME=your_service_account_uniqname
130
167
  export LDAP_PASSWORD=your_service_account_password
131
-
132
- # You can also set these (all can be changed without redeploying):
133
- # LDAP_HOST, LDAP_PORT, LDAP_BASE, LDAP_ENCRYPTION, LDAP_TLS_VERIFY, LDAP_CA_CERT
134
168
  ```
135
169
 
136
170
  **For Production:**
data/lib/ldap_lookup/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module LdapLookup
2
- VERSION = "2.0.0"
2
+ VERSION = "2.0.1"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ldap_lookup
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.0
4
+ version: 2.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rick Smoke