RubyGems - open_directory_utils - Versions diffs - 0.1.2 → 0.1.3 - Mend

open_directory_utils 0.1.2 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

checksums.yaml +4 -4
data/Gemfile.lock +1 -1
data/README.md +11 -11
data/examples/create_od_users.rb +7 -4
data/examples/users-sample.yml +0 -1
data/lib/open_directory_utils/clean_check.rb +2 -0
data/lib/open_directory_utils/{commands_group.rb → commands_group_create_remove.rb} +21 -23
data/lib/open_directory_utils/commands_user_attribs.rb +441 -0
data/lib/open_directory_utils/{commands_user_attribs_od.rb → commands_user_create_remove.rb} +45 -76
data/lib/open_directory_utils/connection.rb +77 -70
data/lib/open_directory_utils/version.rb +1 -1
data/open_directory_utils.gemspec +1 -1
metadata +6 -8
data/lib/open_directory_utils/commands_user_attribs_ldap.rb +0 -281
data/lib/open_directory_utils/dscl.rb +0 -53
data/lib/open_directory_utils/pwpolicy.rb +0 -48

data/lib/open_directory_utils/{commands_user_attribs_od.rb → commands_user_create_remove.rb} RENAMED Viewed

@@ -1,4 +1,4 @@
-require "open_directory_utils/dscl"
+# require "open_directory_utils/dscl"
 require "open_directory_utils/clean_check"
 require "open_directory_utils/commands_base"
@@ -8,7 +8,7 @@ module OpenDirectoryUtils
   # @note - these commands were derived from the following resrouces:
   # * https://developer.apple.com/legacy/library/documentation/Darwin/Reference/ManPages/man1/dscl.1.html
   # * https://superuser.com/questions/592921/mac-osx-users-vs-dscl-command-to-list-user/621055?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa
-  module CommandsUserAttribsOd
+  module CommandsUserCreateRemove
     # include OpenDirectoryUtils::Dscl
     include OpenDirectoryUtils::CleanCheck
@@ -93,6 +93,13 @@ module OpenDirectoryUtils
       attribs[:value] = attribs[:value] || attribs[:surname]
       attribs[:value] = attribs[:value] || attribs[:lastname]
       attribs[:value] = attribs[:value] || attribs[:last_name]
+      attribs[:value] = attribs[:value] || attribs[:real_name]
+      attribs[:value] = attribs[:value] || attribs[:realname]
+      attribs[:value] = attribs[:value] || attribs[:short_name]
+      attribs[:value] = attribs[:value] || attribs[:shortname]
+      attribs[:value] = attribs[:value] || attribs[:user_name]
+      attribs[:value] = attribs[:value] || attribs[:username]
+      attribs[:value] = attribs[:value] || attribs[:uid]
       check_critical_attribute( attribs, :record_name )
       check_critical_attribute( attribs, :value, :last_name )
@@ -104,24 +111,18 @@ module OpenDirectoryUtils
       dscl( user_attrs, dir_info )
     end
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME NameSuffix "$VALUE"
-    def user_set_name_suffix
-    end
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME apple-namesuffix "$VALUE"
-    def user_set_apple_name_suffix
-    end
     # sudo dscl . -create /Users/someuser UniqueID "1010"
     def user_set_unique_id(attribs, dir_info)
       attribs = user_record_name_alternatives(attribs)
+      check_critical_attribute( attribs, :record_name )
       attribs[:value] = attribs[:value] || attribs[:uniqueid]
       attribs[:value] = attribs[:value] || attribs[:unique_id]
+      attribs[:value] = attribs[:value] || attribs[:uid_number]
       attribs[:value] = attribs[:value] || attribs[:uidnumber]
       attribs[:value] = attribs[:value] || attribs[:usernumber]
       attribs[:value] = attribs[:value] || attribs[:user_number]
-      check_critical_attribute( attribs, :record_name )
       check_critical_attribute( attribs, :value, :unique_id )
       attribs    = tidy_attribs(attribs)
@@ -184,11 +185,11 @@ module OpenDirectoryUtils
       answer     = []
-      command    = {action: 'create', scope: 'Users', attribute: 'mail'}
+      command    = {action: 'create', scope: 'Users', attribute: 'MailAttribute'}
       user_attrs = attribs.merge(command)
       answer    << dscl( user_attrs, dir_info )
-      command    = {action: 'create', scope: 'Users', attribute: 'email'}
+      command    = {action: 'create', scope: 'Users', attribute: 'EMailAttribute'}
       user_attrs = attribs.merge(command)
       answer    << dscl( user_attrs, dir_info )
@@ -205,6 +206,8 @@ module OpenDirectoryUtils
       attribs[:value] = attribs[:value] || attribs['apple-user-mailattribute']
       attribs[:value] = attribs[:value] || attribs[:apple_user_mailattribute]
+      attribs[:value] = attribs[:value] || attribs[:e_mail_attribute]
+      attribs[:value] = attribs[:value] || attribs[:mail_attribute]
       attribs[:value] = attribs[:value] || attribs[:email]
       attribs[:value] = attribs[:value] || attribs[:mail]
@@ -323,9 +326,24 @@ module OpenDirectoryUtils
       dseditgroup( user_attrs, dir_info )
     end
-    # module_function :user_add_to_group
-    # alias_method :user_set_group_memebership, :user_add_to_group
+    def user_remove_from_group(attribs, dir_info)
+      attribs = user_record_name_alternatives(attribs)
+      attribs[:value] = attribs[:group_membership]
+      attribs[:value] = attribs[:value] || attribs[:groupmembership]
+      attribs[:value] = attribs[:value] || attribs[:group_name]
+      attribs[:value] = attribs[:value] || attribs[:groupname]
+      attribs[:value] = attribs[:value] || attribs[:gid]
+      check_critical_attribute( attribs, :record_name, :username )
+      check_critical_attribute( attribs, :value, :groupname )
+      attribs    = tidy_attribs(attribs)
+      command    = { operation: 'edit', action: 'delete', type: 'user'}
+      user_attrs  = attribs.merge(command)
+      dseditgroup( user_attrs, dir_info )
+    end
     # /usr/bin/pwpolicy -a diradmin -p A-B1g-S3cret -u $shortname_USERNAME -getpolicy
     def user_get_policy(attribs, dir_info)
@@ -360,20 +378,29 @@ module OpenDirectoryUtils
       attribs[:value] = nil
       answer         << user_set_password(attribs, dir_info)
       attribs[:value] = nil
+      answer         << user_set_shell(attribs, dir_info)
+      attribs[:value] = nil
+      answer         << user_set_last_name(attribs, dir_info)
+      attribs[:value] = nil
+      answer         << user_set_real_name(attribs, dir_info)
+      attribs[:value] = nil
+      answer         << user_set_unique_id(attribs, dir_info)
+      attribs[:value] = nil
+      answer         << user_set_primary_group_id(attribs, dir_info)
+      attribs[:value] = nil
+      answer         << user_set_nfs_home_directory(attribs, dir_info)
+      attribs[:value] = nil
       answer         << user_enable_login(attribs, dir_info)      if
                         attribs[:enable]&.eql? 'true' or attribs[:enable]&.eql? true
       answer         << user_disable_login(attribs, dir_info) unless
                         attribs[:enable]&.eql? 'true' or attribs[:enable]&.eql? true
-      attribs[:value] = nil
-      answer         << user_set_real_name(attribs, dir_info)
       return answer
     end
     # https://images.apple.com/server/docs/Command_Line.pdf
     # https://serverfault.com/questions/20702/how-do-i-create-user-accounts-from-the-terminal-in-mac-os-x-10-5?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa
     # https://superuser.com/questions/1154564/how-to-create-a-user-from-the-macos-command-line
-    def user_create_full(attribs, dir_info)
+    def user_create(attribs, dir_info)
       attribs = user_record_name_alternatives(attribs)
       check_critical_attribute( attribs, :record_name )
@@ -383,24 +410,11 @@ module OpenDirectoryUtils
       answer            = []
       attribs[:value]   = nil
       answer           << user_create_min(attribs, dir_info)
-      attribs[:value]   = nil
-      answer           << user_set_shell(attribs, dir_info)
       if attribs[:first_name] or attribs[:firstname] or attribs[:given_name] or
                           attribs[:givenname]
         attribs[:value] = nil
         answer         << user_set_first_name(attribs, dir_info)
       end
-      if attribs[:last_name] or attribs[:lastname] or attribs[:sn] or
-                          attribs[:surname]
-        attribs[:value] = nil
-        answer         << user_set_last_name(attribs, dir_info)
-      end
-      attribs[:value]   = nil
-      answer           << user_set_unique_id(attribs, dir_info)
-      attribs[:value]   = nil
-      answer           << user_set_primary_group_id(attribs, dir_info)
-      attribs[:value]   = nil
-      answer           << user_set_nfs_home_directory(attribs, dir_info)
       # skip email if non-sent
       if attribs[:email] or attribs[:mail] or attribs[:apple_user_mailattribute]
         attribs[:value] = nil
@@ -418,7 +432,6 @@ module OpenDirectoryUtils
       return answer.flatten
     end
-    alias_method :user_create, :user_create_full
     # dscl . -delete /Users/yourUserName
     # https://tutorialforlinux.com/2011/09/15/delete-users-and-groups-from-terminal/
@@ -434,49 +447,5 @@ module OpenDirectoryUtils
       dscl( user_attrs, dir_info )
     end
-    # 1st keyword    -- /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME apple-keyword "$VALUE"
-    # other keywords --  /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -append /Users/$shortname_USERNAME apple-keyword "$VALUE"
-    def user_set_first_keyword
-    end
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -append /Users/$shortname_USERNAME apple-keyword "$VALUE"
-    def user_append_keyword
-    end
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME apple-company "$VALUE"
-    def user_set_company
-    end
-    alias_method :las_program_info, :user_set_company
-    # first  - /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$USER apple-imhandle "$VALUE"
-    # others - /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -append /Users/$USER apple-imhandle "$VALUE"
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$USER apple-imhandle "AIM:created: $CREATE"
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -append /Users/$USER apple-imhandle "ICQ:start: $START"
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -append /Users/$USER apple-imhandle "MSN:end: $END"
-    def user_set_chat
-    end
-    alias_method :user_set_chat_channels, :user_set_chat
-    alias_method :las_created_date, :user_set_chat
-    alias_method :las_start_date, :user_set_chat
-    alias_method :las_end_date, :user_set_chat
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME apple-webloguri "$VALUE"
-    def user_set_blog
-    end
-    alias_method :user_set_weblog, :user_set_blog
-    alias_method :las_sync_date, :user_set_blog
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME apple-organizationinfo "$VALUE"
-    def user_set_org_info
-    end
-    alias_method :las_set_organizational_info, :user_set_org_info
-    alias_method :las_link_student_to_parent, :user_set_org_info
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME apple-relationships "$VALUE"
-    def user_set_relationships
-    end
-    alias_method :las_link_parent_to_student, :user_set_relationships
   end
 end

data/lib/open_directory_utils/connection.rb CHANGED Viewed

@@ -1,22 +1,20 @@
 require 'net/ssh'
-# require "open_directory_utils/dscl"
-# require "open_directory_utils/pwpolicy"
 require "open_directory_utils/commands_base"
-require "open_directory_utils/commands_group"
-require "open_directory_utils/commands_user_attribs_od"
-require "open_directory_utils/commands_user_attribs_ldap"
+require "open_directory_utils/commands_user_attribs"
+# require "open_directory_utils/commands_user_attribs_ldap"
+require "open_directory_utils/commands_user_create_remove"
+require "open_directory_utils/commands_group_create_remove"
 module OpenDirectoryUtils
   class Connection
     attr_reader :srv_info, :dir_info
-    # include OpenDirectoryUtils::Dscl
-    # include OpenDirectoryUtils::Pwpolicy
     include OpenDirectoryUtils::CommandsBase
-    include OpenDirectoryUtils::CommandsGroup
-    include OpenDirectoryUtils::CommandsUserAttribsOd
-    include OpenDirectoryUtils::CommandsUserAttribsLdap
+    include OpenDirectoryUtils::CommandsUserAttribs
+    # include OpenDirectoryUtils::CommandsUserAttribsLdap
+    include OpenDirectoryUtils::CommandsUserCreateRemove
+    include OpenDirectoryUtils::CommandsGroupCreateRemove
     # configure connection with ENV_VARS (or parameters)
     # @params [Hash] - reqiured info includes: srv_hostname:, srv_username: (password: if not using ssh-keys)
@@ -51,12 +49,12 @@ module OpenDirectoryUtils
       params[:record_name] = nil
       ssh_cmds = send(command, params, dir_info)
       # pp ssh_cmds
-      results  = send_cmds_to_od_server(ssh_cmds)
+      results   = send_cmds_to_od_server(ssh_cmds)
       # pp results
-      process_results(results, command, params, ssh_cmds)
+      answer = process_results(results, command, params, ssh_cmds )
+      return answer
       rescue ArgumentError, NoMethodError => error
-        {error:  {response: error.message, command: command,
-                  attributes: params, dscl_cmds: ssh_cmds}}
+        format_results(error.message, command, params, ssh_cmds, success: false)
     end
     private
@@ -74,82 +72,91 @@ module OpenDirectoryUtils
     end
     def process_results(results, command, params, ssh_cmds)
-      results_str = results.to_s
-      errors = true         if results_str.include? 'Error'
-      errors = false    unless results_str.include? 'Error'
       if command.eql?(:user_exists?) or command.eql?(:group_exists?)
-        found   = record_found?(results_str)
-        results = [ found, results ]
-        return format_results(results, command, params, ssh_cmds, false)
+        return report_existence(results, command, params, ssh_cmds)
       end
-      if results_str.include?('Group not found') or               # can't find group to move user into
-          results.to_s.include?('eDSRecordNotFound') or           # return error if resource wasn't found
-          results_str.include?('Record was not found') or         # can't find user to move into a group
-          results.to_s.include?('eDSAuthAccountDisabled') or      # can't set passwd when disabled
-          results_str.include?('unknown AuthenticationAuthority') # can't reset password when account disabled
-        return format_results(results, command, params, ssh_cmds, true)
+      if missing_resource?(results)
+        results = ["Resource not found", results]
+        # report lack of success
+        return format_results(results, command, params, ssh_cmds, success: false)
       end
       if command.eql?(:user_password_verified?) or command.eql?(:user_password_ok?)
-        passed  = password_verified?(results_str)
-        results = [ passed, results ]
-        return format_results(results, command, params, ssh_cmds, false)
+        return report_password_check(results, command, params, ssh_cmds)
       end
       if command.eql?(:user_login_enabled?)
-        # puts "login enabled -- #{results}".upcase
-        enabled = login_enabled?(results_str)
-        results = [ enabled, results ]
-        return format_results(results, command, params, ssh_cmds, false)
+        return report_login_check(results, command, params, ssh_cmds)
       end
-      if command.eql?(:user_in_group?) or command.eql?(:group_has_user?)
-        username = params[:value]
-        unless username.nil? or username.eql? '' or username.include? ' ' or
-                results_str.include?('eDSRecordNotFound')
-          results = [true, results]      if results_str.include?( username )
-          results = [false, results] unless results_str.include?( username )
-        end
+      if command.eql?(:user_in_group?)
+        return report_in_group(results, command, params, ssh_cmds)
+      end
+      if results.to_s.include? 'attribute status: eDSNoStdMappingAvailable'
+        results = ["Bad Attribute Description", results]
+        format_results(results, command, params, ssh_cmds, success: false)
       end
+      if missed_errors?(results)
+        results = ["Unexpected Error", results]
+        format_results(results, command, params, ssh_cmds, success: false)
+      end
+      # return any general success answers
+      format_results(results, command, params, ssh_cmds, success: true)
+    end
-      if errors and ( results_str.include?('eDSRecordNotFound') or
-                      results_str.include?('unknown AuthenticationAuthority') )
-        results = ["Resource not found", results]
+    def format_results(results, command, params, ssh_cmds, success:)
+      ssh_clean = ssh_cmds.to_s
+      ssh_clean = ssh_clean.gsub(/-[p] ".+"/, '-p "************"')
+      ssh_clean = ssh_clean.gsub(/-[P] ".+"/, '-P "************"')
+      case success
+      when true
+        return { success:{response: results, command: command,
+                          attributes: params, dscl_cmds: ssh_clean} }
+      else
+        return { error:  {response: results, command: command,
+                          attributes: params, dscl_cmds: ssh_clean} }
       end
+    end
-      return format_results(results, command, params, ssh_cmds, errors)
+    def report_existence(results, command, params, ssh_cmds)
+      results = [false, results]    if results.to_s.include?('eDSRecordNotFound')
+      results = [true, results] unless results.to_s.include?('eDSRecordNotFound')
+      return format_results(results, command, params, ssh_cmds, success: true)
+    end
+    def missing_resource?(results)
+      results_str = results.to_s
+      return true  if results_str.include?('Group not found') or              # can't find group to move user into
+                      results_str.include?('eDSRecordNotFound') or            # return error if resource wasn't found
+                      results_str.include?('Record was not found') or         # can't find user to move into a group
+                      results_str.include?('eDSAuthAccountDisabled') or       # can't set passwd when disabled
+                      results_str.include?('unknown AuthenticationAuthority') # can't reset password when account disabled
+      return false
     end
-    def format_results(results, command, params, ssh_cmds, errors)
-      answer = case errors
-      when false
-        {success:{response: results, command: command, attributes: params}}
-      else
-        {error:  {response: results, command: command,
-                  attributes: params, dscl_cmds: ssh_cmds}}
-      end
-      return answer
+    def report_password_check(results, command, params, ssh_cmds)
+      results = [false, results]    if results.to_s.include?('eDSAuthFailed')
+      results = [true, results] unless results.to_s.include?('eDSAuthFailed')
+      return format_results(results, command, params, ssh_cmds, success: true)
     end
-    def login_enabled?(results_str)
-      return false if results_str.include?('account is disabled')
-      return false if results_str.include?('isDisabled=1')
-      # some enabled accounts return no policies ?#$?
-      # return true  if results_str.include?('isDisabled=0')
-      true
+    def missed_errors?(results)
+      results_str = results.to_s
+      return true  if results_str.include? 'Error'
+      return false
     end
-    def password_verified?(results_str)
-      return false if results_str.include?('eDSAuthFailed')
-      true
+    def report_login_check(results, command, params, ssh_cmds)
+      results = [false, results]     if results.to_s.include?('isDisabled=1')
+      results = [false, results]     if results.to_s.include?('account is disabled')
+      results = [true, results]  unless results.to_s.include?('isDisabled=1') or
+                                        results.to_s.include?('account is disabled')
+      return format_results(results, command, params, ssh_cmds, success: true)
     end
-    def record_found?(results_str)
-      return false  if results_str.include?('eDSRecordNotFound')
-      true
+    def report_in_group(results, command, params, ssh_cmds)
+      username = params[:value]
+      results = [true, results]      if results.to_s.include?( username )
+      results = [false, results] unless results.to_s.include?( username )
+      return format_results(results, command, params, ssh_cmds, success: true)
     end
     def defaults

data/lib/open_directory_utils/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module OpenDirectoryUtils
   module Version
-    VERSION = "0.1.2"
+    VERSION = "0.1.3"
   end
 end

data/open_directory_utils.gemspec CHANGED Viewed

@@ -11,7 +11,7 @@ Gem::Specification.new do |spec|
   spec.summary       = %q{A ruby wrapper to access MacOpenDirectory management commands remotely}
   spec.description   = %q{Create and update users and groups on a MacOpenDirectory Server}
-  spec.homepage      = "https://github.com/btihen/open_directory_utils"
+  spec.homepage      = "https://github.com/LAS-IT/open_directory_utils"
   spec.license       = "MIT"
   # # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: open_directory_utils
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.1.3
 platform: ruby
 authors:
 - Bill Tihen
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2018-06-09 00:00:00.000000000 Z
+date: 2018-06-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: net-ssh
@@ -92,15 +92,13 @@ files:
 - lib/open_directory_utils.rb
 - lib/open_directory_utils/clean_check.rb
 - lib/open_directory_utils/commands_base.rb
-- lib/open_directory_utils/commands_group.rb
-- lib/open_directory_utils/commands_user_attribs_ldap.rb
-- lib/open_directory_utils/commands_user_attribs_od.rb
+- lib/open_directory_utils/commands_group_create_remove.rb
+- lib/open_directory_utils/commands_user_attribs.rb
+- lib/open_directory_utils/commands_user_create_remove.rb
 - lib/open_directory_utils/connection.rb
-- lib/open_directory_utils/dscl.rb
-- lib/open_directory_utils/pwpolicy.rb
 - lib/open_directory_utils/version.rb
 - open_directory_utils.gemspec
-homepage: https://github.com/btihen/open_directory_utils
+homepage: https://github.com/LAS-IT/open_directory_utils
 licenses:
 - MIT
 metadata: {}