ldap_tools 0.6.0 → 0.7.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/ldaptools +3 -3
- data/lib/tapjoy/ldap/audit.rb +49 -64
- data/lib/tapjoy/ldap/audit/by_group.rb +24 -0
- data/lib/tapjoy/ldap/audit/by_user.rb +45 -0
- data/lib/tapjoy/ldap/key/install.rb +2 -2
- data/lib/tapjoy/ldap/version.rb +1 -1
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f894e92c9563dc83bc4e24235ef08e382dc96e64
|
4
|
+
data.tar.gz: 3f7928ffa4b11dd4a37fb4ba2aad8fca15a4fc3b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ab06edf1ce374f42a01e869e9f4ad032391ed3f5af1df93ee5d56ab9b9081dd8e9691b24a504e0852d075576b6ec0ba85ff1091649ead9542428af70c331bdad
|
7
|
+
data.tar.gz: 730e30088bc5f6775d6f2e32f12baf4608b1832d4fb4f92c52ca4682fd256f2f6074e28e29595c8fa331209d8a4c926616fdd9068829ef961c2805a7f2b5d15e
|
data/bin/ldaptools
CHANGED
@@ -27,9 +27,9 @@ when 'group'
|
|
27
27
|
when 'key'
|
28
28
|
Tapjoy::LDAP::Key.commands
|
29
29
|
when 'audit'
|
30
|
-
AUDIT_SUB_COMMANDS = %w(by_user by_group raw)
|
31
|
-
commands(
|
32
|
-
Tapjoy::LDAP::Audit.
|
30
|
+
# AUDIT_SUB_COMMANDS = %w(by_user by_group raw)
|
31
|
+
# commands(, cmd, AUDIT_SUB_COMMANDS)
|
32
|
+
Tapjoy::LDAP::Audit.commands
|
33
33
|
else
|
34
34
|
raise Tapjoy::LDAP::InvalidArgument
|
35
35
|
end
|
data/lib/tapjoy/ldap/audit.rb
CHANGED
@@ -1,87 +1,72 @@
|
|
1
|
+
require_relative 'audit/by_user'
|
2
|
+
require_relative 'audit/by_group'
|
1
3
|
module Tapjoy
|
2
4
|
module LDAP
|
3
|
-
|
5
|
+
module Audit
|
6
|
+
class << self
|
7
|
+
SUB_COMMANDS = %w(by_user by_group raw)
|
4
8
|
|
5
|
-
|
6
|
-
|
7
|
-
|
9
|
+
def commands
|
10
|
+
Trollop::options do
|
11
|
+
usage 'user [SUB_COMMAND] [options]'
|
12
|
+
synopsis "\nThis object is used for auditing LDAP permissions\nAvailable subcommands are: #{SUB_COMMANDS}"
|
8
13
|
|
9
|
-
|
10
|
-
|
11
|
-
send(command)
|
12
|
-
else
|
13
|
-
raise Tapjoy::LDAP::InvalidArgument
|
14
|
-
end
|
15
|
-
end
|
14
|
+
stop_on SUB_COMMANDS
|
15
|
+
end
|
16
16
|
|
17
|
-
|
17
|
+
cmd = ARGV.shift
|
18
18
|
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
puts "- #{key}"
|
26
|
-
values.each { |value| puts " - #{value}" }
|
19
|
+
case cmd
|
20
|
+
when 'by_user', 'by_group', 'raw'
|
21
|
+
send(cmd) # call method with respective name
|
22
|
+
else
|
23
|
+
raise Tapjoy::LDAP::InvalidArgument
|
24
|
+
end
|
27
25
|
end
|
28
|
-
end
|
29
26
|
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
filter = Net::LDAP::Filter.eq('objectclass', 'posixAccount')
|
35
|
-
attributes = ['uid']
|
36
|
-
|
37
|
-
results = Tapjoy::LDAP::client.search(attributes, filter)
|
38
|
-
results.each do |entry|
|
39
|
-
user_list << entry['uid'].first
|
27
|
+
def by_group
|
28
|
+
audit = Tapjoy::LDAP::Audit::ByGroup.new
|
29
|
+
audit.by_group
|
40
30
|
end
|
41
31
|
|
42
|
-
|
43
|
-
|
32
|
+
def by_user
|
33
|
+
audit = Tapjoy::LDAP::Audit::ByUser.new
|
34
|
+
audit.by_user
|
35
|
+
end
|
44
36
|
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
attributes = ['cn', 'memberUid']
|
37
|
+
def raw
|
38
|
+
puts Tapjoy::LDAP::client.search.inspect
|
39
|
+
end
|
49
40
|
|
50
|
-
|
41
|
+
# Get hash of groups with list of members of each group
|
42
|
+
def get_groups_with_membership
|
43
|
+
filter = Net::LDAP::Filter.eq('objectclass', 'posixGroup')
|
44
|
+
attributes = %w(cn memberUid)
|
51
45
|
|
52
|
-
|
46
|
+
results = Tapjoy::LDAP::client.search(attributes, filter)
|
47
|
+
end
|
53
48
|
|
54
|
-
# Get a group to user mapping
|
55
|
-
def by_user
|
56
|
-
user_groups = Hash.new
|
57
|
-
user_list = get_users
|
58
|
-
group_results = get_groups_with_membership
|
59
49
|
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
50
|
+
# Clean output of hashes
|
51
|
+
def print_hash(header_string, object_hash)
|
52
|
+
puts header_string
|
53
|
+
puts "=" * header_string.length
|
54
|
+
object_hash.each_pair do |key, values|
|
55
|
+
next if values.empty?
|
56
|
+
puts "- #{key}"
|
57
|
+
values.each { |value| puts " - #{value}" }
|
64
58
|
end
|
65
59
|
end
|
66
60
|
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
# Get a user to group mapping
|
71
|
-
def by_group
|
72
|
-
group_membership = Hash.new
|
73
|
-
|
74
|
-
get_groups_with_membership.each do |entry|
|
75
|
-
group_membership[entry['cn'].first] = entry['memberUid']
|
76
|
-
end
|
61
|
+
private
|
62
|
+
# Get a user to group mapping
|
77
63
|
|
78
|
-
print_hash('Users in groups', group_membership)
|
79
|
-
end
|
80
64
|
|
81
|
-
|
82
|
-
|
83
|
-
results =
|
84
|
-
puts results.inspect
|
65
|
+
# # Print raw output
|
66
|
+
# def raw
|
67
|
+
# results = T
|
68
|
+
# puts results.inspect
|
69
|
+
# end
|
85
70
|
end
|
86
71
|
end
|
87
72
|
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
module Tapjoy
|
2
|
+
module LDAP
|
3
|
+
module Audit
|
4
|
+
class ByGroup
|
5
|
+
def by_group
|
6
|
+
group_membership = {}
|
7
|
+
|
8
|
+
group_results.each do |entry|
|
9
|
+
group_membership[entry[:cn].first] = entry[:memberUid]
|
10
|
+
end
|
11
|
+
|
12
|
+
Tapjoy::LDAP::Audit.print_hash('Users in groups', group_membership)
|
13
|
+
end
|
14
|
+
|
15
|
+
private
|
16
|
+
|
17
|
+
def group_results
|
18
|
+
@group_results ||= Tapjoy::LDAP::Audit.get_groups_with_membership
|
19
|
+
end
|
20
|
+
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,45 @@
|
|
1
|
+
module Tapjoy
|
2
|
+
module LDAP
|
3
|
+
module Audit
|
4
|
+
# Get a group to user mapping
|
5
|
+
class ByUser
|
6
|
+
def by_user
|
7
|
+
user_groups = {}
|
8
|
+
get_users.each do |user|
|
9
|
+
user_groups[user] = group_results.reduce([]) do |group, entry|
|
10
|
+
group << entry[:cn].first if entry[:memberUid].include?(user)
|
11
|
+
group
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
# print user_groups
|
16
|
+
|
17
|
+
Tapjoy::LDAP::Audit.print_hash('Groups by user', user_groups)
|
18
|
+
end
|
19
|
+
|
20
|
+
private
|
21
|
+
# Get list of users
|
22
|
+
def get_users
|
23
|
+
@get_users ||= results.map {|entry| entry['uid'].first}.sort
|
24
|
+
end
|
25
|
+
|
26
|
+
def filter
|
27
|
+
@filter ||= Net::LDAP::Filter.eq('objectclass', 'posixAccount')
|
28
|
+
end
|
29
|
+
|
30
|
+
def attributes
|
31
|
+
@attributes ||= ['uid']
|
32
|
+
end
|
33
|
+
|
34
|
+
def results
|
35
|
+
@results ||= Tapjoy::LDAP::client.search(attributes, filter)
|
36
|
+
end
|
37
|
+
|
38
|
+
def group_results
|
39
|
+
@group_results ||= Tapjoy::LDAP::Audit.get_groups_with_membership
|
40
|
+
end
|
41
|
+
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
@@ -17,8 +17,8 @@ module Tapjoy
|
|
17
17
|
def opts
|
18
18
|
@opts ||= Trollop::options do
|
19
19
|
# Set help message
|
20
|
-
usage 'key install
|
21
|
-
synopsis "\nThis command is for keys to the appropriate authorized_keys file"
|
20
|
+
usage 'key install'
|
21
|
+
synopsis "\nThis command is for adding keys to the appropriate authorized_keys file"
|
22
22
|
|
23
23
|
end
|
24
24
|
end
|
data/lib/tapjoy/ldap/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ldap_tools
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.7.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ali Tayarani
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-01-
|
11
|
+
date: 2016-01-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: trollop
|
@@ -76,6 +76,8 @@ files:
|
|
76
76
|
- bin/ldaptools
|
77
77
|
- lib/tapjoy/ldap.rb
|
78
78
|
- lib/tapjoy/ldap/audit.rb
|
79
|
+
- lib/tapjoy/ldap/audit/by_group.rb
|
80
|
+
- lib/tapjoy/ldap/audit/by_user.rb
|
79
81
|
- lib/tapjoy/ldap/base.rb
|
80
82
|
- lib/tapjoy/ldap/group.rb
|
81
83
|
- lib/tapjoy/ldap/group/add_user.rb
|