ldap_tools 0.8.0 → 0.8.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/tapjoy/ldap/api/group.rb +75 -0
- data/lib/tapjoy/ldap/api/user.rb +8 -8
- data/lib/tapjoy/ldap/audit/by_user.rb +1 -1
- data/lib/tapjoy/ldap/audit.rb +3 -3
- data/lib/tapjoy/ldap/base.rb +8 -12
- data/lib/tapjoy/ldap/cli/group/add_user.rb +28 -0
- data/lib/tapjoy/ldap/cli/group/create.rb +28 -0
- data/lib/tapjoy/ldap/cli/group/delete.rb +35 -0
- data/lib/tapjoy/ldap/cli/group/index.rb +18 -0
- data/lib/tapjoy/ldap/cli/group/remove_user.rb +36 -0
- data/lib/tapjoy/ldap/cli/group.rb +65 -0
- data/lib/tapjoy/ldap/cli/user/create.rb +3 -3
- data/lib/tapjoy/ldap/cli/user/delete.rb +4 -6
- data/lib/tapjoy/ldap/cli/user/show.rb +1 -1
- data/lib/tapjoy/ldap/cli/user.rb +1 -1
- data/lib/tapjoy/ldap/cli.rb +3 -2
- data/lib/tapjoy/ldap/key/add.rb +3 -3
- data/lib/tapjoy/ldap/key/install.rb +1 -1
- data/lib/tapjoy/ldap/key/remove.rb +5 -12
- data/lib/tapjoy/ldap/key/show.rb +1 -1
- data/lib/tapjoy/ldap/key.rb +2 -2
- data/lib/tapjoy/ldap/version.rb +1 -1
- data/lib/tapjoy/ldap.rb +10 -4
- metadata +23 -7
- data/lib/tapjoy/ldap/group/add_user.rb +0 -34
- data/lib/tapjoy/ldap/group/create.rb +0 -40
- data/lib/tapjoy/ldap/group/delete.rb +0 -38
- data/lib/tapjoy/ldap/group/remove_user.rb +0 -44
- data/lib/tapjoy/ldap/group.rb +0 -77
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fb5a40099b907acf70a59b0b522fdc27b6bf07de
|
4
|
+
data.tar.gz: 31070ab008f94eb5251247a43429edac810afc87
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d1bd83b23b788f86d3b13bd5bb337de356b697685b700e98bd058a6dc8de71aa48180544321aaa31457167994565b4b01ce69e13c9c06e52ea8043e9890f12ac
|
7
|
+
data.tar.gz: 6e39d5db0f86fa1faf48679f8d444141a1e1a5fdd68e6ae682b0522d264b60c839f7a3dd82aeb103959eed8ec6ab4f5bb14e5db318e06f40791653d82cd3de37
|
@@ -0,0 +1,75 @@
|
|
1
|
+
require 'memoist'
|
2
|
+
module Tapjoy::LDAP::API
|
3
|
+
# API methods for managing LDAP Groups
|
4
|
+
module Group
|
5
|
+
class << self
|
6
|
+
extend Memoist
|
7
|
+
def create(group_name, group_type)
|
8
|
+
Tapjoy::LDAP.client.add(
|
9
|
+
distinguished_name(group_name),
|
10
|
+
ldap_attr(group_name, group_type)
|
11
|
+
)
|
12
|
+
end
|
13
|
+
|
14
|
+
def destroy(group_name)
|
15
|
+
Tapjoy::LDAP.client.delete(distinguished_name(group_name))
|
16
|
+
end
|
17
|
+
|
18
|
+
def update(group_name, username, operation)
|
19
|
+
Tapjoy::LDAP.client.modify(
|
20
|
+
distinguished_name(group_name),
|
21
|
+
[[operation, :memberUid, username]]
|
22
|
+
)
|
23
|
+
end
|
24
|
+
|
25
|
+
def index
|
26
|
+
Tapjoy::LDAP.client.search('*', group_object_class_filter)
|
27
|
+
end
|
28
|
+
|
29
|
+
# Lookup GID for the given group
|
30
|
+
def lookup_id(groupname)
|
31
|
+
gidnumber = []
|
32
|
+
|
33
|
+
cn_filter = Net::LDAP::Filter.eq('cn', groupname)
|
34
|
+
filter = Net::LDAP::Filter.join(
|
35
|
+
group_object_class_filter, cn_filter)
|
36
|
+
|
37
|
+
results = Tapjoy::LDAP.client.search(['gidNumber'], filter)
|
38
|
+
|
39
|
+
# Make sure we return one, and only one group
|
40
|
+
if results.size < 1
|
41
|
+
abort('Group not found')
|
42
|
+
elsif results.size > 1
|
43
|
+
abort('Multiple groups found. Please narrow your search.')
|
44
|
+
end
|
45
|
+
|
46
|
+
results.each { |result| gidnumber = result.gidnumber }
|
47
|
+
return gidnumber[0]
|
48
|
+
end
|
49
|
+
|
50
|
+
private
|
51
|
+
|
52
|
+
def group_object_class_filter
|
53
|
+
Net::LDAP::Filter.eq('objectClass', 'posixGroup')
|
54
|
+
end
|
55
|
+
memoize :group_object_class_filter
|
56
|
+
|
57
|
+
def distinguished_name(group_name)
|
58
|
+
%W(
|
59
|
+
cn=#{group_name}
|
60
|
+
ou=Group
|
61
|
+
#{Tapjoy::LDAP.client.basedn}).join(',')
|
62
|
+
end
|
63
|
+
memoize :distinguished_name
|
64
|
+
|
65
|
+
def ldap_attr(group_name, group_type)
|
66
|
+
{
|
67
|
+
cn: group_name,
|
68
|
+
objectclass: %w(top posixGroup),
|
69
|
+
gidnumber: Tapjoy::LDAP.client.get_max_id('group', group_type)
|
70
|
+
}
|
71
|
+
end
|
72
|
+
memoize :ldap_attr
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
data/lib/tapjoy/ldap/api/user.rb
CHANGED
@@ -9,24 +9,24 @@ module Tapjoy
|
|
9
9
|
# Properly capitalize names
|
10
10
|
fname, lname = [fname, lname].map(&:capitalize)
|
11
11
|
|
12
|
-
Tapjoy::LDAP
|
12
|
+
Tapjoy::LDAP.client.add(
|
13
13
|
distinguished_name(fname, lname, type),
|
14
14
|
ldap_attr(fname, lname, type, group)
|
15
15
|
)
|
16
16
|
end
|
17
17
|
|
18
18
|
def destroy(username, type)
|
19
|
-
Tapjoy::LDAP
|
19
|
+
Tapjoy::LDAP.client.delete(
|
20
20
|
distinguished_name(*name_of_user(username), type)
|
21
21
|
)
|
22
22
|
end
|
23
23
|
|
24
24
|
def index
|
25
|
-
Tapjoy::LDAP
|
25
|
+
Tapjoy::LDAP.client.search('*', filter(uid: '*'))
|
26
26
|
end
|
27
27
|
|
28
28
|
def show(username)
|
29
|
-
Tapjoy::LDAP
|
29
|
+
Tapjoy::LDAP.client.search('*', filter(uid: username))
|
30
30
|
end
|
31
31
|
|
32
32
|
private
|
@@ -52,7 +52,7 @@ module Tapjoy
|
|
52
52
|
%W(
|
53
53
|
uid=#{username(fname, lname)}
|
54
54
|
ou=#{organizational_unit(type)}
|
55
|
-
#{Tapjoy::LDAP
|
55
|
+
#{Tapjoy::LDAP.client.basedn}).join(',')
|
56
56
|
end
|
57
57
|
memoize :distinguished_name
|
58
58
|
|
@@ -61,7 +61,7 @@ module Tapjoy
|
|
61
61
|
when 'user'
|
62
62
|
'People'
|
63
63
|
when 'service'
|
64
|
-
Tapjoy::LDAP
|
64
|
+
Tapjoy::LDAP.client.service_ou
|
65
65
|
else
|
66
66
|
puts 'Unknown type'
|
67
67
|
end
|
@@ -89,12 +89,12 @@ module Tapjoy
|
|
89
89
|
memoize :ldap_attr
|
90
90
|
|
91
91
|
def uidnumber(type)
|
92
|
-
Tapjoy::LDAP
|
92
|
+
Tapjoy::LDAP.client.get_max_id('user', type)
|
93
93
|
end
|
94
94
|
memoize :uidnumber
|
95
95
|
|
96
96
|
def gidnumber(group)
|
97
|
-
Tapjoy::LDAP::Group.lookup_id(group)
|
97
|
+
Tapjoy::LDAP::API::Group.lookup_id(group)
|
98
98
|
end
|
99
99
|
memoize :gidnumber
|
100
100
|
|
data/lib/tapjoy/ldap/audit.rb
CHANGED
@@ -7,7 +7,7 @@ module Tapjoy
|
|
7
7
|
SUB_COMMANDS = %w(by_user by_group raw)
|
8
8
|
|
9
9
|
def commands
|
10
|
-
Trollop
|
10
|
+
Trollop.options do
|
11
11
|
usage 'user [SUB_COMMAND] [options]'
|
12
12
|
synopsis "\nThis object is used for auditing LDAP permissions\nAvailable subcommands are: #{SUB_COMMANDS}"
|
13
13
|
|
@@ -35,7 +35,7 @@ module Tapjoy
|
|
35
35
|
end
|
36
36
|
|
37
37
|
def raw
|
38
|
-
puts Tapjoy::LDAP
|
38
|
+
puts Tapjoy::LDAP.client.search.inspect
|
39
39
|
end
|
40
40
|
|
41
41
|
# Get hash of groups with list of members of each group
|
@@ -43,7 +43,7 @@ module Tapjoy
|
|
43
43
|
filter = Net::LDAP::Filter.eq('objectclass', 'posixGroup')
|
44
44
|
attributes = %w(cn memberUid)
|
45
45
|
|
46
|
-
results = Tapjoy::LDAP
|
46
|
+
results = Tapjoy::LDAP.client.search(attributes, filter)
|
47
47
|
end
|
48
48
|
|
49
49
|
|
data/lib/tapjoy/ldap/base.rb
CHANGED
@@ -26,9 +26,9 @@ module Tapjoy
|
|
26
26
|
filter = Net::LDAP::Filter.eq('objectclass','*'))
|
27
27
|
@entries = []
|
28
28
|
if @conn
|
29
|
-
@conn.search :
|
30
|
-
:
|
31
|
-
:
|
29
|
+
@conn.search base: @basedn,
|
30
|
+
filter: filter,
|
31
|
+
attributes: attributes do |entry|
|
32
32
|
@entries.push(entry)
|
33
33
|
end
|
34
34
|
else
|
@@ -40,7 +40,7 @@ module Tapjoy
|
|
40
40
|
|
41
41
|
# Add objects to LDAP
|
42
42
|
def add(distinguished_name, attributes)
|
43
|
-
@conn.add(:
|
43
|
+
@conn.add(dn: distinguished_name, attributes: attributes)
|
44
44
|
return return_result
|
45
45
|
end
|
46
46
|
|
@@ -141,16 +141,12 @@ module Tapjoy
|
|
141
141
|
def ldap_connect(host, ldap_password_file)
|
142
142
|
port = @ldap_info['port']
|
143
143
|
auth = {
|
144
|
-
:
|
145
|
-
:
|
146
|
-
:
|
144
|
+
method: :simple,
|
145
|
+
username: @ldap_info['rootdn'],
|
146
|
+
password: File.read(ldap_password_file).chomp
|
147
147
|
}
|
148
148
|
|
149
|
-
|
150
|
-
:port => port,
|
151
|
-
:base => @basedn,
|
152
|
-
:auth => auth
|
153
|
-
return ldap
|
149
|
+
Net::LDAP.new(host: host, port: port, base: @base, auth: auth)
|
154
150
|
end
|
155
151
|
|
156
152
|
# Find valid LDAP host
|
@@ -0,0 +1,28 @@
|
|
1
|
+
module Tapjoy
|
2
|
+
module LDAP
|
3
|
+
module CLI
|
4
|
+
module Group
|
5
|
+
# Add existing user to existing group
|
6
|
+
class AddUser
|
7
|
+
def add_user
|
8
|
+
puts Tapjoy::LDAP::API::Group.update(
|
9
|
+
opts[:group], opts[:username], :add)
|
10
|
+
end
|
11
|
+
|
12
|
+
private
|
13
|
+
|
14
|
+
def opts
|
15
|
+
@opts ||= Trollop.options do
|
16
|
+
# Set help message
|
17
|
+
usage 'group add_user [options]'
|
18
|
+
synopsis "\nThis command is for adding existing users to existing groups"
|
19
|
+
|
20
|
+
opt(:group, 'Specify group', type: :string, required: true)
|
21
|
+
opt(:username, 'Specify username', type: :string, required: true)
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
module Tapjoy
|
2
|
+
module LDAP
|
3
|
+
module CLI
|
4
|
+
module Group
|
5
|
+
# Create LDAP group
|
6
|
+
class Create
|
7
|
+
def create
|
8
|
+
# Check for errors
|
9
|
+
Trollop.die :type, "argument must be 'user' or 'service'" unless ['user', 'service'].include?(opts[:type])
|
10
|
+
|
11
|
+
puts Tapjoy::LDAP::API::Group.create(opts[:name], opts[:type])
|
12
|
+
end
|
13
|
+
|
14
|
+
private def opts
|
15
|
+
@opts ||= Trollop.options do
|
16
|
+
# Set help message
|
17
|
+
usage 'group create [options]'
|
18
|
+
synopsis "\nThis command is for creating new LDAP groups"
|
19
|
+
|
20
|
+
opt :name, 'Specify group to create', type: :string, required: true
|
21
|
+
opt :type, 'Specfy if this is a user or service group', type: :string, default: 'user'
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,35 @@
|
|
1
|
+
module Tapjoy
|
2
|
+
module LDAP
|
3
|
+
module CLI
|
4
|
+
module Group
|
5
|
+
# Delete LDAP group
|
6
|
+
class Delete
|
7
|
+
def delete
|
8
|
+
confirm unless opts[:force]
|
9
|
+
puts Tapjoy::LDAP::API::Group.destroy(opts[:name])
|
10
|
+
end
|
11
|
+
|
12
|
+
private
|
13
|
+
|
14
|
+
def opts
|
15
|
+
@opts ||= Trollop.options do
|
16
|
+
# Set help message
|
17
|
+
usage 'group delete [options]'
|
18
|
+
synopsis "\nThis command is for deleting LDAP groups"
|
19
|
+
|
20
|
+
opt :name, 'Specify group', type: :string, required: true
|
21
|
+
opt :force, 'Force delete'
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
def confirm
|
26
|
+
puts "Confirm that you want to delete group #{opts[:name]} (yes/no)"
|
27
|
+
print '>'
|
28
|
+
confirm = STDIN.gets.chomp.downcase
|
29
|
+
abort("Deletion of #{opts[:name]} aborted") unless confirm.start_with?('y')
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
@@ -0,0 +1,18 @@
|
|
1
|
+
module Tapjoy
|
2
|
+
module LDAP
|
3
|
+
module CLI
|
4
|
+
module Group
|
5
|
+
# Manipulates data to a format usable
|
6
|
+
# by the API structure for group display
|
7
|
+
class Index
|
8
|
+
# Make the API call to show an LDAP user
|
9
|
+
def index
|
10
|
+
Tapjoy::LDAP::API::Group.index.each do |entry|
|
11
|
+
puts "#{entry.cn.first}:\t#{entry.gidnumber.first}"
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
@@ -0,0 +1,36 @@
|
|
1
|
+
module Tapjoy
|
2
|
+
module LDAP
|
3
|
+
module CLI
|
4
|
+
module Group
|
5
|
+
# Remove existing user to existing group
|
6
|
+
class RemoveUser
|
7
|
+
def remove_user
|
8
|
+
confirm unless opts[:force]
|
9
|
+
puts Tapjoy::LDAP::API::Group.update(
|
10
|
+
opts[:group], opts[:username], :delete)
|
11
|
+
end
|
12
|
+
|
13
|
+
private
|
14
|
+
|
15
|
+
def opts
|
16
|
+
@opts ||= Trollop.options do
|
17
|
+
# Set help message
|
18
|
+
usage 'group remove_user [options]'
|
19
|
+
synopsis "\nThis command is for removing existing users from existing groups"
|
20
|
+
|
21
|
+
opt(:group, 'Specify group', type: :string, required: true)
|
22
|
+
opt(:username, 'Specify username', type: :string, required: true)
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
def confirm
|
27
|
+
puts "Confirm that you want to remove user #{opts[:username]} from group #{opts[:group]} (yes/no)"
|
28
|
+
print '>'
|
29
|
+
confirm = STDIN.gets.chomp.downcase
|
30
|
+
abort("Deletion of #{opts[:name]} aborted") unless confirm.start_with?('y')
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
@@ -0,0 +1,65 @@
|
|
1
|
+
require_relative 'group/create'
|
2
|
+
require_relative 'group/delete'
|
3
|
+
require_relative 'group/add_user'
|
4
|
+
require_relative 'group/remove_user'
|
5
|
+
require_relative 'group/index'
|
6
|
+
require_relative '../api/group'
|
7
|
+
|
8
|
+
module Tapjoy
|
9
|
+
module LDAP
|
10
|
+
module CLI
|
11
|
+
# Entry point for all group subcommands
|
12
|
+
module Group
|
13
|
+
class << self
|
14
|
+
|
15
|
+
SUB_COMMANDS = %w(create delete add_user remove_user)
|
16
|
+
|
17
|
+
def commands
|
18
|
+
Trollop.options do
|
19
|
+
usage 'group [SUB_COMMAND] [options]'
|
20
|
+
synopsis "\nThis object is used for group management\nAvailable subcommands are: #{SUB_COMMANDS}"
|
21
|
+
|
22
|
+
stop_on SUB_COMMANDS
|
23
|
+
end
|
24
|
+
|
25
|
+
cmd = ARGV.shift
|
26
|
+
|
27
|
+
case cmd
|
28
|
+
when 'create', 'delete', 'add_user', 'remove_user', 'index'
|
29
|
+
send(cmd) # call method with respective name
|
30
|
+
else
|
31
|
+
raise Tapjoy::LDAP::InvalidArgument
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
# Create Group
|
36
|
+
def create
|
37
|
+
group = Tapjoy::LDAP::CLI::Group::Create.new
|
38
|
+
group.create
|
39
|
+
end
|
40
|
+
|
41
|
+
# Delete group
|
42
|
+
def delete
|
43
|
+
group = Tapjoy::LDAP::CLI::Group::Delete.new
|
44
|
+
group.delete
|
45
|
+
end
|
46
|
+
|
47
|
+
def add_user
|
48
|
+
group = Tapjoy::LDAP::CLI::Group::AddUser.new
|
49
|
+
group.add_user
|
50
|
+
end
|
51
|
+
|
52
|
+
def remove_user
|
53
|
+
group = Tapjoy::LDAP::CLI::Group::RemoveUser.new
|
54
|
+
group.remove_user
|
55
|
+
end
|
56
|
+
|
57
|
+
def index
|
58
|
+
group = Tapjoy::LDAP::CLI::Group::Index.new
|
59
|
+
group.index
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
65
|
+
end
|
@@ -15,7 +15,7 @@ module Tapjoy
|
|
15
15
|
|
16
16
|
private
|
17
17
|
def opts
|
18
|
-
@opts ||= Trollop
|
18
|
+
@opts ||= Trollop.options do
|
19
19
|
# Set help message
|
20
20
|
usage 'user create [options]'
|
21
21
|
synopsis "\nThis command is for creating new LDAP users"
|
@@ -32,8 +32,8 @@ module Tapjoy
|
|
32
32
|
end
|
33
33
|
|
34
34
|
def verify_arguments
|
35
|
-
Trollop
|
36
|
-
Trollop
|
35
|
+
Trollop.die :user, 'argument count must be two' if opts[:user].size != 2
|
36
|
+
Trollop.die :type, "argument must be 'user' or 'service'" unless %w(user service).include?(opts[:type])
|
37
37
|
end
|
38
38
|
end
|
39
39
|
end
|
@@ -14,7 +14,7 @@ module Tapjoy
|
|
14
14
|
|
15
15
|
private
|
16
16
|
def opts
|
17
|
-
@opts ||= Trollop
|
17
|
+
@opts ||= Trollop.options do
|
18
18
|
# Set help message
|
19
19
|
usage "user delete [options]"
|
20
20
|
|
@@ -27,14 +27,12 @@ module Tapjoy
|
|
27
27
|
def confirm
|
28
28
|
puts "Confirm that you want to delete user: #{opts[:user]} (yes/no)"
|
29
29
|
print '>'
|
30
|
-
confirm = STDIN.gets.chomp
|
31
|
-
|
32
|
-
abort("Deletion of #{ opts[:user] } aborted")
|
33
|
-
end
|
30
|
+
confirm = STDIN.gets.chomp.downcase
|
31
|
+
abort("Deletion of #{opts[:user]} aborted") unless confirm.start_with?('y')
|
34
32
|
end
|
35
33
|
|
36
34
|
def verify_arguments
|
37
|
-
Trollop
|
35
|
+
Trollop.die :type, "argument must be 'user' or 'service'" unless %w(user service).include?(opts[:type])
|
38
36
|
end
|
39
37
|
end
|
40
38
|
end
|
data/lib/tapjoy/ldap/cli/user.rb
CHANGED
@@ -11,7 +11,7 @@ module Tapjoy
|
|
11
11
|
SUB_COMMANDS = %w(create delete index show)
|
12
12
|
|
13
13
|
def commands
|
14
|
-
Trollop
|
14
|
+
Trollop.options do
|
15
15
|
usage 'user [SUB_COMMAND] [options]'
|
16
16
|
synopsis "\nThis object is used for user management\nAvailable subcommands are: #{SUB_COMMANDS}"
|
17
17
|
|
data/lib/tapjoy/ldap/cli.rb
CHANGED
@@ -1,4 +1,5 @@
|
|
1
1
|
require_relative 'cli/user'
|
2
|
+
require_relative 'cli/group'
|
2
3
|
|
3
4
|
module Tapjoy
|
4
5
|
module LDAP
|
@@ -6,7 +7,7 @@ module Tapjoy
|
|
6
7
|
class << self
|
7
8
|
def commands
|
8
9
|
subcommand = %w(user group key audit)
|
9
|
-
Trollop
|
10
|
+
Trollop.options do
|
10
11
|
usage '[SUB_COMMAND] [options]'
|
11
12
|
synopsis "\nTool to manage LDAP resources.\nAvailable subcommands are: #{subcommand}"
|
12
13
|
version "#{File.basename($PROGRAM_NAME)} #{Tapjoy::LDAP::VERSION} \u00A9 2015 Tapjoy, Inc."
|
@@ -18,7 +19,7 @@ module Tapjoy
|
|
18
19
|
when 'user'
|
19
20
|
Tapjoy::LDAP::CLI::User.commands
|
20
21
|
when 'group'
|
21
|
-
Tapjoy::LDAP::Group.commands
|
22
|
+
Tapjoy::LDAP::CLI::Group.commands
|
22
23
|
when 'key'
|
23
24
|
Tapjoy::LDAP::Key.commands
|
24
25
|
when 'audit'
|
data/lib/tapjoy/ldap/key/add.rb
CHANGED
@@ -8,14 +8,14 @@ module Tapjoy
|
|
8
8
|
filter_users.each do |result|
|
9
9
|
confirm_ldap_schema(result)
|
10
10
|
keys.each do |key|
|
11
|
-
puts Tapjoy::LDAP
|
11
|
+
puts Tapjoy::LDAP.client.add_attribute(result.dn, :sshPublicKey, key)
|
12
12
|
end
|
13
13
|
end
|
14
14
|
end
|
15
15
|
|
16
16
|
private
|
17
17
|
def opts
|
18
|
-
@opts ||= Trollop
|
18
|
+
@opts ||= Trollop.options do
|
19
19
|
# Set help message
|
20
20
|
usage 'key add [options]'
|
21
21
|
synopsis "\nThis command is for adding user keys to a given user's profile"
|
@@ -32,7 +32,7 @@ module Tapjoy
|
|
32
32
|
|
33
33
|
def filter_users
|
34
34
|
filter = Net::LDAP::Filter.eq('uid', opts[:user])
|
35
|
-
results = Tapjoy::LDAP
|
35
|
+
results = Tapjoy::LDAP.client.search(attributes = ['*'], filter = filter)
|
36
36
|
|
37
37
|
Tapjoy::LDAP::Key.verify_user(opts[:user], results)
|
38
38
|
|
@@ -9,13 +9,13 @@ module Tapjoy
|
|
9
9
|
Tapjoy::LDAP::Key.verify_user(opts[:user], results)
|
10
10
|
|
11
11
|
confirm unless opts[:force]
|
12
|
-
Tapjoy::LDAP
|
12
|
+
Tapjoy::LDAP.client.replace_attribute(
|
13
13
|
@user_dn, :sshPublicKey, keep_keys)
|
14
14
|
end
|
15
15
|
|
16
16
|
private
|
17
17
|
def opts
|
18
|
-
@opts ||= Trollop
|
18
|
+
@opts ||= Trollop.options do
|
19
19
|
# Set help message
|
20
20
|
usage 'key remove [options]'
|
21
21
|
synopsis "\nThis command is for removing a user's SSH key(s)"
|
@@ -36,7 +36,7 @@ module Tapjoy
|
|
36
36
|
end
|
37
37
|
|
38
38
|
def results
|
39
|
-
@results ||= Tapjoy::LDAP
|
39
|
+
@results ||= Tapjoy::LDAP.client.search(['sshPublicKey'], filter)
|
40
40
|
end
|
41
41
|
|
42
42
|
def current_keys
|
@@ -74,17 +74,10 @@ module Tapjoy
|
|
74
74
|
get_confirmation
|
75
75
|
end
|
76
76
|
|
77
|
-
def fd
|
78
|
-
@fd ||= IO.sysopen('/dev/tty', 'w+')
|
79
|
-
end
|
80
|
-
|
81
77
|
def get_confirmation
|
82
78
|
print '>'
|
83
|
-
confirm = gets.chomp
|
84
|
-
|
85
|
-
unless confirm.eql?('y') || confirm.eql?('yes')
|
86
|
-
abort("Deletion of #{ opts[:user] } aborted")
|
87
|
-
end
|
79
|
+
confirm = STDIN.gets.chomp.downcase
|
80
|
+
abort('Deletion of key aborted') unless confirm.start_with?('y')
|
88
81
|
end
|
89
82
|
end
|
90
83
|
end
|
data/lib/tapjoy/ldap/key/show.rb
CHANGED
data/lib/tapjoy/ldap/key.rb
CHANGED
@@ -11,7 +11,7 @@ module Tapjoy
|
|
11
11
|
SUB_COMMANDS = %w(add remove install list show)
|
12
12
|
|
13
13
|
def commands
|
14
|
-
Trollop
|
14
|
+
Trollop.options do
|
15
15
|
usage 'key [SUB_COMMAND] [options]'
|
16
16
|
synopsis "\nThis object is used for user key management\nAvailable subcommands are: #{SUB_COMMANDS}"
|
17
17
|
|
@@ -57,7 +57,7 @@ module Tapjoy
|
|
57
57
|
key_results = {}
|
58
58
|
filter = Net::LDAP::Filter.eq('sshPublicKey', '*')
|
59
59
|
attributes = %w(uid sshPublicKey)
|
60
|
-
results = Tapjoy::LDAP
|
60
|
+
results = Tapjoy::LDAP.client.search(attributes, filter)
|
61
61
|
results.each {|result| key_results[result.uid[0]] = result.sshPublicKey}
|
62
62
|
key_results
|
63
63
|
end
|
data/lib/tapjoy/ldap/version.rb
CHANGED
data/lib/tapjoy/ldap.rb
CHANGED
@@ -1,23 +1,29 @@
|
|
1
1
|
require 'net/ldap'
|
2
2
|
require 'yaml'
|
3
3
|
require 'trollop'
|
4
|
+
require 'memoist'
|
4
5
|
require_relative 'ldap/cli'
|
5
6
|
require_relative 'ldap/base'
|
6
|
-
require_relative 'ldap/group'
|
7
7
|
require_relative 'ldap/key'
|
8
8
|
require_relative 'ldap/audit'
|
9
9
|
require_relative 'ldap/version'
|
10
10
|
|
11
|
+
|
11
12
|
module Tapjoy
|
12
13
|
module LDAP
|
14
|
+
class << self
|
15
|
+
attr_reader :client
|
16
|
+
extend Memoist
|
13
17
|
|
14
|
-
|
15
|
-
|
18
|
+
def client
|
19
|
+
Tapjoy::LDAP::Base.new
|
20
|
+
end
|
21
|
+
memoize :client
|
16
22
|
end
|
17
23
|
|
18
24
|
class InvalidArgument < ArgumentError
|
19
25
|
def initialize
|
20
|
-
Trollop
|
26
|
+
Trollop.educate
|
21
27
|
end
|
22
28
|
end
|
23
29
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ldap_tools
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.8.
|
4
|
+
version: 0.8.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ali Tayarani
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-
|
11
|
+
date: 2016-06-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: trollop
|
@@ -178,6 +178,20 @@ dependencies:
|
|
178
178
|
- - "~>"
|
179
179
|
- !ruby/object:Gem::Version
|
180
180
|
version: '0.1'
|
181
|
+
- !ruby/object:Gem::Dependency
|
182
|
+
name: codacy-coverage
|
183
|
+
requirement: !ruby/object:Gem::Requirement
|
184
|
+
requirements:
|
185
|
+
- - "~>"
|
186
|
+
- !ruby/object:Gem::Version
|
187
|
+
version: '1.0'
|
188
|
+
type: :development
|
189
|
+
prerelease: false
|
190
|
+
version_requirements: !ruby/object:Gem::Requirement
|
191
|
+
requirements:
|
192
|
+
- - "~>"
|
193
|
+
- !ruby/object:Gem::Version
|
194
|
+
version: '1.0'
|
181
195
|
description: A set of tools to make managing LDAP users, groups, and keys easier
|
182
196
|
email: ali.tayarani@tapjoy.com
|
183
197
|
executables:
|
@@ -187,21 +201,23 @@ extra_rdoc_files: []
|
|
187
201
|
files:
|
188
202
|
- bin/ldaptools
|
189
203
|
- lib/tapjoy/ldap.rb
|
204
|
+
- lib/tapjoy/ldap/api/group.rb
|
190
205
|
- lib/tapjoy/ldap/api/user.rb
|
191
206
|
- lib/tapjoy/ldap/audit.rb
|
192
207
|
- lib/tapjoy/ldap/audit/by_group.rb
|
193
208
|
- lib/tapjoy/ldap/audit/by_user.rb
|
194
209
|
- lib/tapjoy/ldap/base.rb
|
195
210
|
- lib/tapjoy/ldap/cli.rb
|
211
|
+
- lib/tapjoy/ldap/cli/group.rb
|
212
|
+
- lib/tapjoy/ldap/cli/group/add_user.rb
|
213
|
+
- lib/tapjoy/ldap/cli/group/create.rb
|
214
|
+
- lib/tapjoy/ldap/cli/group/delete.rb
|
215
|
+
- lib/tapjoy/ldap/cli/group/index.rb
|
216
|
+
- lib/tapjoy/ldap/cli/group/remove_user.rb
|
196
217
|
- lib/tapjoy/ldap/cli/user.rb
|
197
218
|
- lib/tapjoy/ldap/cli/user/create.rb
|
198
219
|
- lib/tapjoy/ldap/cli/user/delete.rb
|
199
220
|
- lib/tapjoy/ldap/cli/user/show.rb
|
200
|
-
- lib/tapjoy/ldap/group.rb
|
201
|
-
- lib/tapjoy/ldap/group/add_user.rb
|
202
|
-
- lib/tapjoy/ldap/group/create.rb
|
203
|
-
- lib/tapjoy/ldap/group/delete.rb
|
204
|
-
- lib/tapjoy/ldap/group/remove_user.rb
|
205
221
|
- lib/tapjoy/ldap/key.rb
|
206
222
|
- lib/tapjoy/ldap/key/add.rb
|
207
223
|
- lib/tapjoy/ldap/key/install.rb
|
@@ -1,34 +0,0 @@
|
|
1
|
-
module Tapjoy
|
2
|
-
module LDAP
|
3
|
-
module Group
|
4
|
-
# Add existing user to existing group
|
5
|
-
class AddUser
|
6
|
-
def add_user
|
7
|
-
puts Tapjoy::LDAP::client.modify(distinguished_name, operations)
|
8
|
-
end
|
9
|
-
|
10
|
-
private
|
11
|
-
def opts
|
12
|
-
@opts ||= Trollop::options do
|
13
|
-
# Set help message
|
14
|
-
usage 'group add_user [options]'
|
15
|
-
synopsis "\nThis command is for adding existing users to existing groups"
|
16
|
-
|
17
|
-
opt(:group, 'Specify group', :type => :string, :required => true)
|
18
|
-
opt(:username, 'Specify username', :type => :string, :required => true)
|
19
|
-
end
|
20
|
-
end
|
21
|
-
|
22
|
-
def distinguished_name
|
23
|
-
@distinguished_name ||= "cn=#{opts[:group]},ou=Group,#{Tapjoy::LDAP::client.basedn}"
|
24
|
-
end
|
25
|
-
|
26
|
-
def operations
|
27
|
-
# Format is LDAP operation, attribute modified, value modified
|
28
|
-
# i.e, add the username to the memberuid attribute for the specified group
|
29
|
-
@operations ||= [[:add, :memberUid, opts[:username]]]
|
30
|
-
end
|
31
|
-
end
|
32
|
-
end
|
33
|
-
end
|
34
|
-
end
|
@@ -1,40 +0,0 @@
|
|
1
|
-
module Tapjoy
|
2
|
-
module LDAP
|
3
|
-
module Group
|
4
|
-
# Create LDAP group
|
5
|
-
class Create
|
6
|
-
def create
|
7
|
-
# Check for errors
|
8
|
-
Trollop::die :type, "argument must be 'user' or 'service'" unless ['user', 'service'].include?opts[:type]
|
9
|
-
|
10
|
-
puts Tapjoy::LDAP::client.add(distinguished_name, ldap_attr)
|
11
|
-
end
|
12
|
-
|
13
|
-
private
|
14
|
-
|
15
|
-
def opts
|
16
|
-
@opts ||= Trollop::options do
|
17
|
-
# Set help message
|
18
|
-
usage 'group create [options]'
|
19
|
-
synopsis "\nThis command is for creating new LDAP groups"
|
20
|
-
|
21
|
-
opt :name, 'Specify group to create', type: :string, required: true
|
22
|
-
opt :type, 'Specfy if this is a user or service group', type: :string, default: 'user'
|
23
|
-
end
|
24
|
-
end
|
25
|
-
|
26
|
-
def distinguished_name
|
27
|
-
@distinguished_name ||= "cn=#{opts[:name]},ou=Group,#{Tapjoy::LDAP::client.basedn}"
|
28
|
-
end
|
29
|
-
|
30
|
-
def ldap_attr
|
31
|
-
@ldap_attr ||= {
|
32
|
-
:cn => opts[:name],
|
33
|
-
:objectclass => %w(top posixGroup),
|
34
|
-
:gidnumber => Tapjoy::LDAP::client.get_max_id('group', opts[:type])
|
35
|
-
}
|
36
|
-
end
|
37
|
-
end
|
38
|
-
end
|
39
|
-
end
|
40
|
-
end
|
@@ -1,38 +0,0 @@
|
|
1
|
-
module Tapjoy
|
2
|
-
module LDAP
|
3
|
-
module Group
|
4
|
-
# Delete LDAP group
|
5
|
-
class Delete
|
6
|
-
def delete
|
7
|
-
confirm unless opts[:force]
|
8
|
-
puts Tapjoy::LDAP::client.delete(distinguished_name)
|
9
|
-
end
|
10
|
-
|
11
|
-
private
|
12
|
-
def opts
|
13
|
-
@opts ||= Trollop::options do
|
14
|
-
# Set help message
|
15
|
-
usage 'group delete [options]'
|
16
|
-
synopsis "\nThis command is for deleting LDAP groups"
|
17
|
-
|
18
|
-
opt :name, 'Specify group', type: :string, required: true
|
19
|
-
opt :force, 'Force delete'
|
20
|
-
end
|
21
|
-
end
|
22
|
-
|
23
|
-
def distinguished_name
|
24
|
-
@distinguished_name ||= "cn=#{opts[:name]},ou=Group,#{Tapjoy::LDAP::client.basedn}"
|
25
|
-
end
|
26
|
-
|
27
|
-
def confirm
|
28
|
-
puts "Confirm that you want to delete group #{opts[:name]} (yes/no)"
|
29
|
-
print '>'
|
30
|
-
confirm = STDIN.gets.chomp().downcase
|
31
|
-
unless confirm.eql?('y') || confirm.eql?('yes')
|
32
|
-
abort("Deletion of #{ opts[:name] } aborted")
|
33
|
-
end
|
34
|
-
end
|
35
|
-
end
|
36
|
-
end
|
37
|
-
end
|
38
|
-
end
|
@@ -1,44 +0,0 @@
|
|
1
|
-
module Tapjoy
|
2
|
-
module LDAP
|
3
|
-
module Group
|
4
|
-
# Remove existing user to existing group
|
5
|
-
class RemoveUser
|
6
|
-
def remove_user
|
7
|
-
confirm unless opts[:force]
|
8
|
-
puts Tapjoy::LDAP::client.modify(distinguished_name, operations)
|
9
|
-
end
|
10
|
-
|
11
|
-
private
|
12
|
-
def opts
|
13
|
-
@opts ||= Trollop::options do
|
14
|
-
# Set help message
|
15
|
-
usage 'group remove_user [options]'
|
16
|
-
synopsis "\nThis command is for removing existing users from existing groups"
|
17
|
-
|
18
|
-
opt(:group, 'Specify group', :type => :string, :required => true)
|
19
|
-
opt(:username, 'Specify username', :type => :string, :required => true)
|
20
|
-
end
|
21
|
-
end
|
22
|
-
|
23
|
-
def distinguished_name
|
24
|
-
@distinguished_name ||= "cn=#{opts[:group]},ou=Group,#{Tapjoy::LDAP::client.basedn}"
|
25
|
-
end
|
26
|
-
|
27
|
-
def operations
|
28
|
-
# Format is LDAP operation, attribute modified, value modified
|
29
|
-
# i.e, remove the username to the memberuid attribute for the specified group
|
30
|
-
@operations ||= [[:delete, :memberUid, opts[:username]]]
|
31
|
-
end
|
32
|
-
|
33
|
-
def confirm
|
34
|
-
puts "Confirm that you want to remove user #{opts[:username]} from group #{opts[:group]} (yes/no)"
|
35
|
-
print '>'
|
36
|
-
confirm = STDIN.gets.chomp().downcase
|
37
|
-
unless confirm.eql?('y') || confirm.eql?('yes')
|
38
|
-
abort("Deletion of #{ opts[:name] } aborted")
|
39
|
-
end
|
40
|
-
end
|
41
|
-
end
|
42
|
-
end
|
43
|
-
end
|
44
|
-
end
|
data/lib/tapjoy/ldap/group.rb
DELETED
@@ -1,77 +0,0 @@
|
|
1
|
-
require_relative 'group/create'
|
2
|
-
require_relative 'group/delete'
|
3
|
-
require_relative 'group/add_user'
|
4
|
-
require_relative 'group/remove_user'
|
5
|
-
|
6
|
-
module Tapjoy
|
7
|
-
module LDAP
|
8
|
-
# Entry point for all group subcommands
|
9
|
-
module Group
|
10
|
-
class << self
|
11
|
-
|
12
|
-
SUB_COMMANDS = %w(create delete add_user remove_user)
|
13
|
-
|
14
|
-
def commands
|
15
|
-
Trollop::options do
|
16
|
-
usage 'group [SUB_COMMAND] [options]'
|
17
|
-
synopsis "\nThis object is used for group management\nAvailable subcommands are: #{SUB_COMMANDS}"
|
18
|
-
|
19
|
-
stop_on SUB_COMMANDS
|
20
|
-
end
|
21
|
-
|
22
|
-
cmd = ARGV.shift
|
23
|
-
|
24
|
-
case cmd
|
25
|
-
when 'create', 'delete', 'add_user', 'remove_user'
|
26
|
-
send(cmd) # call method with respective name
|
27
|
-
else
|
28
|
-
raise Tapjoy::LDAP::InvalidArgument
|
29
|
-
end
|
30
|
-
end
|
31
|
-
|
32
|
-
# Lookup GID for the given group
|
33
|
-
def lookup_id(groupname)
|
34
|
-
gidnumber = []
|
35
|
-
|
36
|
-
oc_filter = Net::LDAP::Filter.eq('objectclass', 'posixGroup')
|
37
|
-
cn_filter = Net::LDAP::Filter.eq('cn', groupname)
|
38
|
-
filter = Net::LDAP::Filter.join(oc_filter, cn_filter)
|
39
|
-
|
40
|
-
results = Tapjoy::LDAP::client.search(['gidNumber'], filter)
|
41
|
-
|
42
|
-
# Make sure we return one, and only one group
|
43
|
-
if results.size < 1
|
44
|
-
abort('Group not found')
|
45
|
-
elsif results.size > 1
|
46
|
-
abort('Multiple groups found. Please narrow your search.')
|
47
|
-
end
|
48
|
-
|
49
|
-
results.each { |result| gidnumber = result.gidnumber }
|
50
|
-
return gidnumber[0]
|
51
|
-
end
|
52
|
-
|
53
|
-
# Create Group
|
54
|
-
def create
|
55
|
-
group = Tapjoy::LDAP::Group::Create.new
|
56
|
-
group.create
|
57
|
-
end
|
58
|
-
|
59
|
-
# Delete group
|
60
|
-
def delete
|
61
|
-
group = Tapjoy::LDAP::Group::Delete.new
|
62
|
-
group.delete
|
63
|
-
end
|
64
|
-
|
65
|
-
def add_user
|
66
|
-
group = Tapjoy::LDAP::Group::AddUser.new
|
67
|
-
group.add_user
|
68
|
-
end
|
69
|
-
|
70
|
-
def remove_user
|
71
|
-
group = Tapjoy::LDAP::Group::RemoveUser.new
|
72
|
-
group.remove_user
|
73
|
-
end
|
74
|
-
end
|
75
|
-
end
|
76
|
-
end
|
77
|
-
end
|