ldap_tools 0.2.0 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/ldaptools +8 -4
- data/lib/tapjoy/ldap/audit/by_group.rb +0 -0
- data/lib/tapjoy/ldap/audit/by_user.rb +0 -0
- data/lib/tapjoy/ldap/audit/raw.rb +0 -0
- data/lib/tapjoy/ldap/group/add_user.rb +0 -0
- data/lib/tapjoy/ldap/group/create.rb +0 -0
- data/lib/tapjoy/ldap/group/delete.rb +0 -0
- data/lib/tapjoy/ldap/group.rb +23 -0
- data/lib/tapjoy/ldap/key/add.rb +0 -0
- data/lib/tapjoy/ldap/key/list.rb +0 -0
- data/lib/tapjoy/ldap/key/remove.rb +0 -0
- data/lib/tapjoy/ldap/key/show.rb +0 -0
- data/lib/tapjoy/ldap/user/create.rb +83 -0
- data/lib/tapjoy/ldap/user/delete.rb +34 -0
- data/lib/tapjoy/ldap/user.rb +48 -98
- data/lib/tapjoy/ldap/version.rb +1 -1
- data/lib/tapjoy/ldap.rb +1 -0
- metadata +28 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c66ce79c9e09afacf1af7b98f025e5cb352a6504
|
4
|
+
data.tar.gz: 4c9859ca50e52d1ebae2c6b277a8c233fdc44059
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 54b284a95ea1803e305b91ff0a17ee7100eb98584e02e5c6d80e477b11b5f4e19643b96b44d8cacfced68db4ce3462cbf3c7c361686cf3860107f8b4a2031565
|
7
|
+
data.tar.gz: 4ad9fb8fc7dc8d736568e0d5425f18b99cb25dfbdcb9972ca5b6fff21f3dec2bea6d0912506aba08c2e25cf2e2718ec9c7eeafa690878c216325d58b218a97e5
|
data/bin/ldaptools
CHANGED
@@ -1,6 +1,7 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
require 'tapjoy/ldap'
|
3
3
|
|
4
|
+
# @TODO: Remove this in favor of newer methods
|
4
5
|
def commands(synopsis, object, sub_commands)
|
5
6
|
Trollop::options do
|
6
7
|
usage "#{object} [SUB_COMMAND] [options]"
|
@@ -10,14 +11,17 @@ def commands(synopsis, object, sub_commands)
|
|
10
11
|
end
|
11
12
|
|
12
13
|
SUB_COMMANDS = %w(user group key audit)
|
13
|
-
|
14
|
+
Trollop::options do
|
15
|
+
usage '[SUB_COMMAND] [options]'
|
16
|
+
synopsis "\nTool to manage LDAP resources.\nAvailable subcommands are: #{SUB_COMMANDS}"
|
17
|
+
version "#{File.basename($PROGRAM_NAME)} #{Tapjoy::LDAP::VERSION} \u00A9 2015 Tapjoy, Inc."
|
18
|
+
stop_on SUB_COMMANDS
|
19
|
+
end
|
14
20
|
|
15
21
|
cmd = ARGV.shift # get the subcommand
|
16
22
|
case cmd
|
17
23
|
when "user" # run commands associated with user object
|
18
|
-
|
19
|
-
commands('This object is used for user management', cmd, USER_SUB_COMMANDS)
|
20
|
-
Tapjoy::LDAP::User.new
|
24
|
+
Tapjoy::LDAP::User.commands
|
21
25
|
when 'group'
|
22
26
|
GROUP_SUB_COMMANDS = %w(create delete add_user)
|
23
27
|
commands('This object is used for group management', cmd, GROUP_SUB_COMMANDS)
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
data/lib/tapjoy/ldap/group.rb
CHANGED
@@ -1,6 +1,28 @@
|
|
1
1
|
module Tapjoy
|
2
2
|
module LDAP
|
3
3
|
class Group
|
4
|
+
class << self
|
5
|
+
# Lookup GID for the given group
|
6
|
+
def lookup_id(groupname)
|
7
|
+
gidnumber = []
|
8
|
+
|
9
|
+
oc_filter = Net::LDAP::Filter.eq('objectclass', 'posixGroup')
|
10
|
+
cn_filter = Net::LDAP::Filter.eq('cn', groupname)
|
11
|
+
filter = Net::LDAP::Filter.join(oc_filter, cn_filter)
|
12
|
+
|
13
|
+
results = Tapjoy::LDAP::client.search(['gidNumber'], filter)
|
14
|
+
|
15
|
+
# Make sure we return one, and only one group
|
16
|
+
if results.size < 1
|
17
|
+
abort('Group not found')
|
18
|
+
elsif results.size > 1
|
19
|
+
abort('Multiple groups found. Please narrow your search.')
|
20
|
+
end
|
21
|
+
|
22
|
+
results.each { |result| gidnumber = result.gidnumber }
|
23
|
+
return gidnumber[0]
|
24
|
+
end
|
25
|
+
end
|
4
26
|
|
5
27
|
attr_reader :groupname, :servers, :conn
|
6
28
|
|
@@ -22,6 +44,7 @@ module Tapjoy
|
|
22
44
|
end
|
23
45
|
|
24
46
|
# Lookup GID for the given group
|
47
|
+
# @TODO: Remove this in favor of class method
|
25
48
|
def lookup_id(groupname)
|
26
49
|
gidnumber = []
|
27
50
|
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
@@ -0,0 +1,83 @@
|
|
1
|
+
require 'digest'
|
2
|
+
require 'securerandom'
|
3
|
+
module Tapjoy
|
4
|
+
module LDAP
|
5
|
+
module User
|
6
|
+
class Create
|
7
|
+
def opts
|
8
|
+
@opts ||= Trollop::options do
|
9
|
+
# Set help message
|
10
|
+
usage 'user create [options]'
|
11
|
+
synopsis "\nThis command is for creating new LDAP users"
|
12
|
+
|
13
|
+
# Username is two arguments
|
14
|
+
# Trollop will accept more, but we will only parse two later
|
15
|
+
# TODO: support given names that include a space
|
16
|
+
opt :user, "Specify user's first and last name", type: :strings, required: true
|
17
|
+
|
18
|
+
# Groupname is a single string, for primary group setting
|
19
|
+
opt :group, 'Specify name of primary group', type: :string, required: true
|
20
|
+
opt :type, 'Specfy if this is a user or service account', type: :string, default: 'user'
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
def uidnumber
|
25
|
+
@uidnumber ||= Tapjoy::LDAP::client.get_max_id('user', opts[:type])
|
26
|
+
end
|
27
|
+
|
28
|
+
def gidnumber
|
29
|
+
@gidnumber ||= Tapjoy::LDAP::Group.lookup_id(opts[:group])
|
30
|
+
end
|
31
|
+
|
32
|
+
def create
|
33
|
+
# Check for errors
|
34
|
+
Trollop::die :user, 'argument count must be two' if opts[:user].size != 2
|
35
|
+
Trollop::die :type, "argument must be 'user' or 'service'" unless ['user', 'service'].include?opts[:type]
|
36
|
+
|
37
|
+
|
38
|
+
case opts[:type]
|
39
|
+
when 'user'
|
40
|
+
ou = 'People'
|
41
|
+
when 'service'
|
42
|
+
ou = Tapjoy::LDAP::client.service_ou
|
43
|
+
else
|
44
|
+
puts 'Unknown type'
|
45
|
+
end
|
46
|
+
|
47
|
+
dn = "uid=#{ username },ou=#{ou},#{ Tapjoy::LDAP::client.basedn }"
|
48
|
+
puts Tapjoy::LDAP::client.add(dn, ldap_attr)
|
49
|
+
end
|
50
|
+
|
51
|
+
private
|
52
|
+
def create_password
|
53
|
+
# Super-Salt: bad for blood pressure, good for secure passwords
|
54
|
+
# We can get away with this, since we're not planning on using passwords
|
55
|
+
salt = SecureRandom.base64(32)
|
56
|
+
password = SecureRandom.base64(64)
|
57
|
+
password = Digest::SHA1.base64digest(password + salt)
|
58
|
+
end
|
59
|
+
|
60
|
+
def username
|
61
|
+
@username ||= opts[:user].join('.').downcase
|
62
|
+
end
|
63
|
+
|
64
|
+
def ldap_attr
|
65
|
+
@ldap_attr ||= {
|
66
|
+
:uid => username,
|
67
|
+
:cn => "#{opts[:user].join}",
|
68
|
+
:objectclass => ['top','posixAccount','shadowAccount','inetOrgPerson',
|
69
|
+
'organizationalPerson','person', 'ldapPublicKey'],
|
70
|
+
:sn => opts[:user][1],
|
71
|
+
:givenname => opts[:user][0],
|
72
|
+
:homedirectory => "/home/#{ username }",
|
73
|
+
:loginshell => '/bin/bash',
|
74
|
+
:mail => "#{username}@tapjoy.com".downcase,
|
75
|
+
:uidnumber => uidnumber,
|
76
|
+
:gidnumber => gidnumber,
|
77
|
+
:userpassword => '{SSHA}' + create_password
|
78
|
+
}
|
79
|
+
end
|
80
|
+
end
|
81
|
+
end
|
82
|
+
end
|
83
|
+
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
module Tapjoy
|
2
|
+
module LDAP
|
3
|
+
module User
|
4
|
+
class Delete
|
5
|
+
def opts
|
6
|
+
@opts ||= Trollop::options do
|
7
|
+
# Set help message
|
8
|
+
usage "user delete [options]"
|
9
|
+
|
10
|
+
opt(:user, 'Specify username', :type => :string, :required => true)
|
11
|
+
opt(:force, 'Force delete')
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
def delete
|
16
|
+
prompt = '>'
|
17
|
+
dn = "uid=#{ opts[:user] },ou=People,#{ Tapjoy::LDAP::client.basedn }"
|
18
|
+
unless opts[:force]
|
19
|
+
puts "Confirm that you want to delete user: #{ opts[:user] }"
|
20
|
+
print prompt
|
21
|
+
confirm = STDIN.gets.chomp().downcase
|
22
|
+
unless confirm.eql?('y') || confirm.eql?('yes')
|
23
|
+
abort("Deletion of #{ opts[:user] } aborted")
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
puts Tapjoy::LDAP::client.delete(dn)
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
33
|
+
# def delete
|
34
|
+
# options = {}
|
data/lib/tapjoy/ldap/user.rb
CHANGED
@@ -1,114 +1,64 @@
|
|
1
|
-
|
2
|
-
|
1
|
+
require_relative 'user/create'
|
2
|
+
require_relative 'user/delete'
|
3
3
|
|
4
4
|
module Tapjoy
|
5
5
|
module LDAP
|
6
|
-
|
6
|
+
module User
|
7
|
+
class << self
|
8
|
+
SUB_COMMANDS = %w(create delete)
|
7
9
|
|
8
|
-
|
9
|
-
|
10
|
-
|
10
|
+
def commands
|
11
|
+
Trollop::options do
|
12
|
+
usage 'user [SUB_COMMAND] [options]'
|
13
|
+
synopsis "\nThis object is used for user management\nAvailable subcommands are: #{SUB_COMMANDS}"
|
11
14
|
|
12
|
-
|
13
|
-
|
14
|
-
send(command)
|
15
|
-
else
|
16
|
-
raise Tapjoy::LDAP::InvalidArgument
|
17
|
-
end
|
18
|
-
end
|
19
|
-
|
20
|
-
private
|
21
|
-
# Create user in LDAP
|
22
|
-
def create
|
23
|
-
opts = Trollop::options do
|
24
|
-
# Set help message
|
25
|
-
usage "user create [options]"
|
26
|
-
|
27
|
-
# Username is two arguments
|
28
|
-
# Trollop will accept more, but we will only parse two later
|
29
|
-
# TODO: support given names that include a space
|
30
|
-
opt(:user, "Specify user's first and last name",
|
31
|
-
:type => :strings, :required => true)
|
32
|
-
|
33
|
-
# Groupname is a single string, for primary group setting
|
34
|
-
opt(:group, 'Specify name of primary group', :type => :string, :required => true)
|
35
|
-
|
36
|
-
opt(:type, 'Specfy if this is a user or service account',
|
37
|
-
:type => :string, :default => 'user')
|
38
|
-
end
|
39
|
-
|
40
|
-
Trollop::die :user, 'argument count must be two' if opts[:user].size != 2
|
41
|
-
Trollop::die :type, "argument must be 'user' or 'service'" unless ['user', 'service'].include?opts[:type]
|
42
|
-
|
43
|
-
fname, lname = opts[:user]
|
44
|
-
|
45
|
-
# format username
|
46
|
-
username = "#{fname}.#{lname}"
|
47
|
-
username = username.downcase
|
48
|
-
group = Tapjoy::LDAP::Group.new
|
15
|
+
stop_on SUB_COMMANDS
|
16
|
+
end
|
49
17
|
|
50
|
-
|
51
|
-
gidnumber = group.lookup_id(opts[:group])
|
18
|
+
cmd = ARGV.shift
|
52
19
|
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
puts 'Unknown type'
|
20
|
+
case cmd
|
21
|
+
when 'create', 'delete'
|
22
|
+
send(cmd) # call method with respective name
|
23
|
+
else
|
24
|
+
raise Tapjoy::LDAP::InvalidArgument
|
25
|
+
end
|
60
26
|
end
|
61
27
|
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
password = SecureRandom.base64(64)
|
66
|
-
password = Digest::SHA1.base64digest(password + salt)
|
67
|
-
dn = "uid=#{ username },ou=People,#{ Tapjoy::LDAP::client.basedn }"
|
68
|
-
ldap_attr = {
|
69
|
-
:uid => username,
|
70
|
-
:cn => "#{ fname } #{ lname }",
|
71
|
-
:objectclass => ['top','posixAccount','shadowAccount','inetOrgPerson',
|
72
|
-
'organizationalPerson','person', 'ldapPublicKey'],
|
73
|
-
:sn => lname,
|
74
|
-
:givenname => fname,
|
75
|
-
:homedirectory => "/home/#{ username }",
|
76
|
-
:loginshell => '/bin/bash',
|
77
|
-
:mail => "#{fname}.#{lname}@tapjoy.com".downcase,
|
78
|
-
:uidnumber => uidnumber,
|
79
|
-
:gidnumber => gidnumber,
|
80
|
-
:userpassword => '{SSHA}' + password
|
81
|
-
}
|
82
|
-
puts Tapjoy::LDAP::client.add(dn, ldap_attr)
|
83
|
-
|
84
|
-
end
|
85
|
-
|
86
|
-
# Delete user from LDAP
|
87
|
-
def delete
|
88
|
-
options = {}
|
89
|
-
prompt = '>'
|
90
|
-
|
91
|
-
opts = Trollop::options do
|
92
|
-
# Set help message
|
93
|
-
usage "user delete [options]"
|
94
|
-
|
95
|
-
opt(:user, 'Specify username', :type => :string, :required => true)
|
96
|
-
opt(:force, 'Force delete')
|
28
|
+
def create
|
29
|
+
user = Tapjoy::LDAP::User::Create.new
|
30
|
+
user.create
|
97
31
|
end
|
98
32
|
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
print prompt
|
103
|
-
confirm = STDIN.gets.chomp().downcase
|
104
|
-
unless confirm.eql?('y') || confirm.eql?('yes')
|
105
|
-
abort("Deletion of #{ opts[:user] } aborted")
|
106
|
-
end
|
33
|
+
def delete
|
34
|
+
user = Tapjoy::LDAP::User::Delete.new
|
35
|
+
user.delete
|
107
36
|
end
|
108
|
-
|
109
|
-
puts Tapjoy::LDAP::client.delete(dn)
|
110
37
|
end
|
111
|
-
|
112
38
|
end
|
113
39
|
end
|
114
40
|
end
|
41
|
+
#
|
42
|
+
# # Instantiate class
|
43
|
+
# def initialize
|
44
|
+
# command = ARGV.shift
|
45
|
+
#
|
46
|
+
# case command
|
47
|
+
# when 'create', 'delete'
|
48
|
+
# send(command)
|
49
|
+
# else
|
50
|
+
# raise Tapjoy::LDAP::InvalidArgument
|
51
|
+
# end
|
52
|
+
# end
|
53
|
+
#
|
54
|
+
# private
|
55
|
+
# # Create user in LDAP
|
56
|
+
|
57
|
+
#
|
58
|
+
# # Delete user from LDAP
|
59
|
+
|
60
|
+
# end
|
61
|
+
#
|
62
|
+
# end
|
63
|
+
# end
|
64
|
+
# end
|
data/lib/tapjoy/ldap/version.rb
CHANGED
data/lib/tapjoy/ldap.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ldap_tools
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ali Tayarani
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-12-
|
11
|
+
date: 2015-12-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: trollop
|
@@ -38,6 +38,20 @@ dependencies:
|
|
38
38
|
- - '='
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: '0.11'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: highline
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '1.0'
|
48
|
+
type: :runtime
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '1.0'
|
41
55
|
description: A set of tools to make managing LDAP users, groups, and keys easier
|
42
56
|
email: ali.tayarani@tapjoy.com
|
43
57
|
executables:
|
@@ -48,10 +62,22 @@ files:
|
|
48
62
|
- bin/ldaptools
|
49
63
|
- lib/tapjoy/ldap.rb
|
50
64
|
- lib/tapjoy/ldap/audit.rb
|
65
|
+
- lib/tapjoy/ldap/audit/by_group.rb
|
66
|
+
- lib/tapjoy/ldap/audit/by_user.rb
|
67
|
+
- lib/tapjoy/ldap/audit/raw.rb
|
51
68
|
- lib/tapjoy/ldap/base.rb
|
52
69
|
- lib/tapjoy/ldap/group.rb
|
70
|
+
- lib/tapjoy/ldap/group/add_user.rb
|
71
|
+
- lib/tapjoy/ldap/group/create.rb
|
72
|
+
- lib/tapjoy/ldap/group/delete.rb
|
53
73
|
- lib/tapjoy/ldap/key.rb
|
74
|
+
- lib/tapjoy/ldap/key/add.rb
|
75
|
+
- lib/tapjoy/ldap/key/list.rb
|
76
|
+
- lib/tapjoy/ldap/key/remove.rb
|
77
|
+
- lib/tapjoy/ldap/key/show.rb
|
54
78
|
- lib/tapjoy/ldap/user.rb
|
79
|
+
- lib/tapjoy/ldap/user/create.rb
|
80
|
+
- lib/tapjoy/ldap/user/delete.rb
|
55
81
|
- lib/tapjoy/ldap/version.rb
|
56
82
|
homepage: https://github.com/Tapjoy/ldap_tools
|
57
83
|
licenses:
|