RubyGems - open_directory_utils - Versions diffs - 0.1.2 → 0.1.3 - Mend

open_directory_utils 0.1.2 → 0.1.3

Files changed (16) hide show

checksums.yaml +4 -4
data/Gemfile.lock +1 -1
data/README.md +11 -11
data/examples/create_od_users.rb +7 -4
data/examples/users-sample.yml +0 -1
data/lib/open_directory_utils/clean_check.rb +2 -0
data/lib/open_directory_utils/{commands_group.rb → commands_group_create_remove.rb} +21 -23
data/lib/open_directory_utils/commands_user_attribs.rb +441 -0
data/lib/open_directory_utils/{commands_user_attribs_od.rb → commands_user_create_remove.rb} +45 -76
data/lib/open_directory_utils/connection.rb +77 -70
data/lib/open_directory_utils/version.rb +1 -1
data/open_directory_utils.gemspec +1 -1
metadata +6 -8
data/lib/open_directory_utils/commands_user_attribs_ldap.rb +0 -281
data/lib/open_directory_utils/dscl.rb +0 -53
data/lib/open_directory_utils/pwpolicy.rb +0 -48

data/lib/open_directory_utils/{commands_user_attribs_od.rb → commands_user_create_remove.rb} RENAMED Viewed

@@ -1,4 +1,4 @@
-require "open_directory_utils/dscl"
+# require "open_directory_utils/dscl"
 require "open_directory_utils/clean_check"
 require "open_directory_utils/commands_base"
@@ -8,7 +8,7 @@ module OpenDirectoryUtils
   # @note - these commands were derived from the following resrouces:
   # * https://developer.apple.com/legacy/library/documentation/Darwin/Reference/ManPages/man1/dscl.1.html
   # * https://superuser.com/questions/592921/mac-osx-users-vs-dscl-command-to-list-user/621055?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa
-  module CommandsUserAttribsOd
+  module CommandsUserCreateRemove
     # include OpenDirectoryUtils::Dscl
     include OpenDirectoryUtils::CleanCheck
@@ -93,6 +93,13 @@ module OpenDirectoryUtils
       attribs[:value] = attribs[:value] || attribs[:surname]
       attribs[:value] = attribs[:value] || attribs[:lastname]
       attribs[:value] = attribs[:value] || attribs[:last_name]
+      attribs[:value] = attribs[:value] || attribs[:real_name]
+      attribs[:value] = attribs[:value] || attribs[:realname]
+      attribs[:value] = attribs[:value] || attribs[:short_name]
+      attribs[:value] = attribs[:value] || attribs[:shortname]
+      attribs[:value] = attribs[:value] || attribs[:user_name]
+      attribs[:value] = attribs[:value] || attribs[:username]
+      attribs[:value] = attribs[:value] || attribs[:uid]
       check_critical_attribute( attribs, :record_name )
       check_critical_attribute( attribs, :value, :last_name )
@@ -104,24 +111,18 @@ module OpenDirectoryUtils
       dscl( user_attrs, dir_info )
     end
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME NameSuffix "$VALUE"
-    def user_set_name_suffix
-    end
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME apple-namesuffix "$VALUE"
-    def user_set_apple_name_suffix
-    end
     # sudo dscl . -create /Users/someuser UniqueID "1010"
     def user_set_unique_id(attribs, dir_info)
       attribs = user_record_name_alternatives(attribs)
+      check_critical_attribute( attribs, :record_name )
       attribs[:value] = attribs[:value] || attribs[:uniqueid]
       attribs[:value] = attribs[:value] || attribs[:unique_id]
+      attribs[:value] = attribs[:value] || attribs[:uid_number]
       attribs[:value] = attribs[:value] || attribs[:uidnumber]
       attribs[:value] = attribs[:value] || attribs[:usernumber]
       attribs[:value] = attribs[:value] || attribs[:user_number]
-      check_critical_attribute( attribs, :record_name )
       check_critical_attribute( attribs, :value, :unique_id )
       attribs    = tidy_attribs(attribs)
@@ -184,11 +185,11 @@ module OpenDirectoryUtils
       answer     = []
-      command    = {action: 'create', scope: 'Users', attribute: 'mail'}
+      command    = {action: 'create', scope: 'Users', attribute: 'MailAttribute'}
       user_attrs = attribs.merge(command)
       answer    << dscl( user_attrs, dir_info )
-      command    = {action: 'create', scope: 'Users', attribute: 'email'}
+      command    = {action: 'create', scope: 'Users', attribute: 'EMailAttribute'}
       user_attrs = attribs.merge(command)
       answer    << dscl( user_attrs, dir_info )
@@ -205,6 +206,8 @@ module OpenDirectoryUtils
       attribs[:value] = attribs[:value] || attribs['apple-user-mailattribute']
       attribs[:value] = attribs[:value] || attribs[:apple_user_mailattribute]
+      attribs[:value] = attribs[:value] || attribs[:e_mail_attribute]
+      attribs[:value] = attribs[:value] || attribs[:mail_attribute]
       attribs[:value] = attribs[:value] || attribs[:email]
       attribs[:value] = attribs[:value] || attribs[:mail]
@@ -323,9 +326,24 @@ module OpenDirectoryUtils
       dseditgroup( user_attrs, dir_info )
     end
-    # module_function :user_add_to_group
-    # alias_method :user_set_group_memebership, :user_add_to_group
+    def user_remove_from_group(attribs, dir_info)
+      attribs = user_record_name_alternatives(attribs)
+      attribs[:value] = attribs[:group_membership]
+      attribs[:value] = attribs[:value] || attribs[:groupmembership]
+      attribs[:value] = attribs[:value] || attribs[:group_name]
+      attribs[:value] = attribs[:value] || attribs[:groupname]
+      attribs[:value] = attribs[:value] || attribs[:gid]
+      check_critical_attribute( attribs, :record_name, :username )
+      check_critical_attribute( attribs, :value, :groupname )
+      attribs    = tidy_attribs(attribs)
+      command    = { operation: 'edit', action: 'delete', type: 'user'}
+      user_attrs  = attribs.merge(command)
+      dseditgroup( user_attrs, dir_info )
+    end
     # /usr/bin/pwpolicy -a diradmin -p A-B1g-S3cret -u $shortname_USERNAME -getpolicy
     def user_get_policy(attribs, dir_info)
@@ -360,20 +378,29 @@ module OpenDirectoryUtils
       attribs[:value] = nil
       answer         << user_set_password(attribs, dir_info)
       attribs[:value] = nil
+      answer         << user_set_shell(attribs, dir_info)
+      attribs[:value] = nil
+      answer         << user_set_last_name(attribs, dir_info)
+      attribs[:value] = nil
+      answer         << user_set_real_name(attribs, dir_info)
+      attribs[:value] = nil
+      answer         << user_set_unique_id(attribs, dir_info)
+      attribs[:value] = nil
+      answer         << user_set_primary_group_id(attribs, dir_info)
+      attribs[:value] = nil
+      answer         << user_set_nfs_home_directory(attribs, dir_info)
+      attribs[:value] = nil
       answer         << user_enable_login(attribs, dir_info)      if
                         attribs[:enable]&.eql? 'true' or attribs[:enable]&.eql? true
       answer         << user_disable_login(attribs, dir_info) unless
                         attribs[:enable]&.eql? 'true' or attribs[:enable]&.eql? true
-      attribs[:value] = nil
-      answer         << user_set_real_name(attribs, dir_info)
       return answer
     end
     # https://images.apple.com/server/docs/Command_Line.pdf
     # https://serverfault.com/questions/20702/how-do-i-create-user-accounts-from-the-terminal-in-mac-os-x-10-5?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa
     # https://superuser.com/questions/1154564/how-to-create-a-user-from-the-macos-command-line
-    def user_create_full(attribs, dir_info)
+    def user_create(attribs, dir_info)
       attribs = user_record_name_alternatives(attribs)
       check_critical_attribute( attribs, :record_name )
@@ -383,24 +410,11 @@ module OpenDirectoryUtils
       answer            = []
       attribs[:value]   = nil
       answer           << user_create_min(attribs, dir_info)
-      attribs[:value]   = nil
-      answer           << user_set_shell(attribs, dir_info)
       if attribs[:first_name] or attribs[:firstname] or attribs[:given_name] or
                           attribs[:givenname]
         attribs[:value] = nil
         answer         << user_set_first_name(attribs, dir_info)
       end
-      if attribs[:last_name] or attribs[:lastname] or attribs[:sn] or
-                          attribs[:surname]
-        attribs[:value] = nil
-        answer         << user_set_last_name(attribs, dir_info)
-      end
-      attribs[:value]   = nil
-      answer           << user_set_unique_id(attribs, dir_info)
-      attribs[:value]   = nil
-      answer           << user_set_primary_group_id(attribs, dir_info)
-      attribs[:value]   = nil
-      answer           << user_set_nfs_home_directory(attribs, dir_info)
       # skip email if non-sent
       if attribs[:email] or attribs[:mail] or attribs[:apple_user_mailattribute]
         attribs[:value] = nil
@@ -418,7 +432,6 @@ module OpenDirectoryUtils
       return answer.flatten
     end
-    alias_method :user_create, :user_create_full
     # dscl . -delete /Users/yourUserName
     # https://tutorialforlinux.com/2011/09/15/delete-users-and-groups-from-terminal/
@@ -434,49 +447,5 @@ module OpenDirectoryUtils
       dscl( user_attrs, dir_info )
     end
-    # 1st keyword    -- /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME apple-keyword "$VALUE"
-    # other keywords --  /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -append /Users/$shortname_USERNAME apple-keyword "$VALUE"
-    def user_set_first_keyword
-    end
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -append /Users/$shortname_USERNAME apple-keyword "$VALUE"
-    def user_append_keyword
-    end
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME apple-company "$VALUE"
-    def user_set_company
-    end
-    alias_method :las_program_info, :user_set_company
-    # first  - /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$USER apple-imhandle "$VALUE"
-    # others - /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -append /Users/$USER apple-imhandle "$VALUE"
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$USER apple-imhandle "AIM:created: $CREATE"
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -append /Users/$USER apple-imhandle "ICQ:start: $START"
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -append /Users/$USER apple-imhandle "MSN:end: $END"
-    def user_set_chat
-    end
-    alias_method :user_set_chat_channels, :user_set_chat
-    alias_method :las_created_date, :user_set_chat
-    alias_method :las_start_date, :user_set_chat
-    alias_method :las_end_date, :user_set_chat
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME apple-webloguri "$VALUE"
-    def user_set_blog
-    end
-    alias_method :user_set_weblog, :user_set_blog
-    alias_method :las_sync_date, :user_set_blog
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME apple-organizationinfo "$VALUE"
-    def user_set_org_info
-    end
-    alias_method :las_set_organizational_info, :user_set_org_info
-    alias_method :las_link_student_to_parent, :user_set_org_info
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME apple-relationships "$VALUE"
-    def user_set_relationships
-    end
-    alias_method :las_link_parent_to_student, :user_set_relationships
   end
 end

data/lib/open_directory_utils/connection.rb CHANGED Viewed

@@ -1,22 +1,20 @@
 require 'net/ssh'
-# require "open_directory_utils/dscl"
-# require "open_directory_utils/pwpolicy"
 require "open_directory_utils/commands_base"
-require "open_directory_utils/commands_group"
-require "open_directory_utils/commands_user_attribs_od"
-require "open_directory_utils/commands_user_attribs_ldap"
+require "open_directory_utils/commands_user_attribs"
+# require "open_directory_utils/commands_user_attribs_ldap"
+require "open_directory_utils/commands_user_create_remove"
+require "open_directory_utils/commands_group_create_remove"
 module OpenDirectoryUtils
   class Connection
     attr_reader :srv_info, :dir_info
-    # include OpenDirectoryUtils::Dscl
-    # include OpenDirectoryUtils::Pwpolicy
     include OpenDirectoryUtils::CommandsBase
-    include OpenDirectoryUtils::CommandsGroup
-    include OpenDirectoryUtils::CommandsUserAttribsOd
-    include OpenDirectoryUtils::CommandsUserAttribsLdap
+    include OpenDirectoryUtils::CommandsUserAttribs
+    # include OpenDirectoryUtils::CommandsUserAttribsLdap
+    include OpenDirectoryUtils::CommandsUserCreateRemove
+    include OpenDirectoryUtils::CommandsGroupCreateRemove
     # configure connection with ENV_VARS (or parameters)
     # @params [Hash] - reqiured info includes: srv_hostname:, srv_username: (password: if not using ssh-keys)
@@ -51,12 +49,12 @@ module OpenDirectoryUtils
       params[:record_name] = nil
       ssh_cmds = send(command, params, dir_info)
       # pp ssh_cmds
-      results  = send_cmds_to_od_server(ssh_cmds)
+      results   = send_cmds_to_od_server(ssh_cmds)
       # pp results
-      process_results(results, command, params, ssh_cmds)
+      answer = process_results(results, command, params, ssh_cmds )
+      return answer
       rescue ArgumentError, NoMethodError => error
-        {error:  {response: error.message, command: command,
-                  attributes: params, dscl_cmds: ssh_cmds}}
+        format_results(error.message, command, params, ssh_cmds, success: false)
     end
     private
@@ -74,82 +72,91 @@ module OpenDirectoryUtils
     end
     def process_results(results, command, params, ssh_cmds)
-      results_str = results.to_s
-      errors = true         if results_str.include? 'Error'
-      errors = false    unless results_str.include? 'Error'
       if command.eql?(:user_exists?) or command.eql?(:group_exists?)
-        found   = record_found?(results_str)
-        results = [ found, results ]
-        return format_results(results, command, params, ssh_cmds, false)
+        return report_existence(results, command, params, ssh_cmds)
       end
-      if results_str.include?('Group not found') or               # can't find group to move user into
-          results.to_s.include?('eDSRecordNotFound') or           # return error if resource wasn't found
-          results_str.include?('Record was not found') or         # can't find user to move into a group
-          results.to_s.include?('eDSAuthAccountDisabled') or      # can't set passwd when disabled
-          results_str.include?('unknown AuthenticationAuthority') # can't reset password when account disabled
-        return format_results(results, command, params, ssh_cmds, true)
+      if missing_resource?(results)
+        results = ["Resource not found", results]
+        # report lack of success
+        return format_results(results, command, params, ssh_cmds, success: false)
       end
       if command.eql?(:user_password_verified?) or command.eql?(:user_password_ok?)
-        passed  = password_verified?(results_str)
-        results = [ passed, results ]
-        return format_results(results, command, params, ssh_cmds, false)
+        return report_password_check(results, command, params, ssh_cmds)
       end
       if command.eql?(:user_login_enabled?)
-        # puts "login enabled -- #{results}".upcase
-        enabled = login_enabled?(results_str)
-        results = [ enabled, results ]
-        return format_results(results, command, params, ssh_cmds, false)
+        return report_login_check(results, command, params, ssh_cmds)
       end
-      if command.eql?(:user_in_group?) or command.eql?(:group_has_user?)
-        username = params[:value]
-        unless username.nil? or username.eql? '' or username.include? ' ' or
-                results_str.include?('eDSRecordNotFound')
-          results = [true, results]      if results_str.include?( username )
-          results = [false, results] unless results_str.include?( username )
-        end
+      if command.eql?(:user_in_group?)
+        return report_in_group(results, command, params, ssh_cmds)
+      end
+      if results.to_s.include? 'attribute status: eDSNoStdMappingAvailable'
+        results = ["Bad Attribute Description", results]
+        format_results(results, command, params, ssh_cmds, success: false)
       end
+      if missed_errors?(results)
+        results = ["Unexpected Error", results]
+        format_results(results, command, params, ssh_cmds, success: false)
+      end
+      # return any general success answers
+      format_results(results, command, params, ssh_cmds, success: true)
+    end
-      if errors and ( results_str.include?('eDSRecordNotFound') or
-                      results_str.include?('unknown AuthenticationAuthority') )
-        results = ["Resource not found", results]
+    def format_results(results, command, params, ssh_cmds, success:)
+      ssh_clean = ssh_cmds.to_s
+      ssh_clean = ssh_clean.gsub(/-[p] ".+"/, '-p "************"')
+      ssh_clean = ssh_clean.gsub(/-[P] ".+"/, '-P "************"')
+      case success
+      when true
+        return { success:{response: results, command: command,
+                          attributes: params, dscl_cmds: ssh_clean} }
+      else
+        return { error:  {response: results, command: command,
+                          attributes: params, dscl_cmds: ssh_clean} }
       end
+    end
-      return format_results(results, command, params, ssh_cmds, errors)
+    def report_existence(results, command, params, ssh_cmds)
+      results = [false, results]    if results.to_s.include?('eDSRecordNotFound')
+      results = [true, results] unless results.to_s.include?('eDSRecordNotFound')
+      return format_results(results, command, params, ssh_cmds, success: true)
+    end
+    def missing_resource?(results)
+      results_str = results.to_s
+      return true  if results_str.include?('Group not found') or              # can't find group to move user into
+                      results_str.include?('eDSRecordNotFound') or            # return error if resource wasn't found
+                      results_str.include?('Record was not found') or         # can't find user to move into a group
+                      results_str.include?('eDSAuthAccountDisabled') or       # can't set passwd when disabled
+                      results_str.include?('unknown AuthenticationAuthority') # can't reset password when account disabled
+      return false
     end
-    def format_results(results, command, params, ssh_cmds, errors)
-      answer = case errors
-      when false
-        {success:{response: results, command: command, attributes: params}}
-      else
-        {error:  {response: results, command: command,
-                  attributes: params, dscl_cmds: ssh_cmds}}
-      end
-      return answer
+    def report_password_check(results, command, params, ssh_cmds)
+      results = [false, results]    if results.to_s.include?('eDSAuthFailed')
+      results = [true, results] unless results.to_s.include?('eDSAuthFailed')
+      return format_results(results, command, params, ssh_cmds, success: true)
     end
-    def login_enabled?(results_str)
-      return false if results_str.include?('account is disabled')
-      return false if results_str.include?('isDisabled=1')
-      # some enabled accounts return no policies ?#$?
-      # return true  if results_str.include?('isDisabled=0')
-      true
+    def missed_errors?(results)
+      results_str = results.to_s
+      return true  if results_str.include? 'Error'
+      return false
     end
-    def password_verified?(results_str)
-      return false if results_str.include?('eDSAuthFailed')
-      true
+    def report_login_check(results, command, params, ssh_cmds)
+      results = [false, results]     if results.to_s.include?('isDisabled=1')
+      results = [false, results]     if results.to_s.include?('account is disabled')
+      results = [true, results]  unless results.to_s.include?('isDisabled=1') or
+                                        results.to_s.include?('account is disabled')
+      return format_results(results, command, params, ssh_cmds, success: true)
     end
-    def record_found?(results_str)
-      return false  if results_str.include?('eDSRecordNotFound')
-      true
+    def report_in_group(results, command, params, ssh_cmds)
+      username = params[:value]
+      results = [true, results]      if results.to_s.include?( username )
+      results = [false, results] unless results.to_s.include?( username )
+      return format_results(results, command, params, ssh_cmds, success: true)
     end
     def defaults

data/lib/open_directory_utils/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module OpenDirectoryUtils
   module Version
-    VERSION = "0.1.2"
+    VERSION = "0.1.3"
   end
 end

data/open_directory_utils.gemspec CHANGED Viewed

@@ -11,7 +11,7 @@ Gem::Specification.new do |spec|
   spec.summary       = %q{A ruby wrapper to access MacOpenDirectory management commands remotely}
   spec.description   = %q{Create and update users and groups on a MacOpenDirectory Server}
-  spec.homepage      = "https://github.com/btihen/open_directory_utils"
+  spec.homepage      = "https://github.com/LAS-IT/open_directory_utils"
   spec.license       = "MIT"
   # # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: open_directory_utils
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.1.3
 platform: ruby
 authors:
 - Bill Tihen
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2018-06-09 00:00:00.000000000 Z
+date: 2018-06-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: net-ssh
@@ -92,15 +92,13 @@ files:
 - lib/open_directory_utils.rb
 - lib/open_directory_utils/clean_check.rb
 - lib/open_directory_utils/commands_base.rb
-- lib/open_directory_utils/commands_group.rb
-- lib/open_directory_utils/commands_user_attribs_ldap.rb
-- lib/open_directory_utils/commands_user_attribs_od.rb
+- lib/open_directory_utils/commands_group_create_remove.rb
+- lib/open_directory_utils/commands_user_attribs.rb
+- lib/open_directory_utils/commands_user_create_remove.rb
 - lib/open_directory_utils/connection.rb
-- lib/open_directory_utils/dscl.rb
-- lib/open_directory_utils/pwpolicy.rb
 - lib/open_directory_utils/version.rb
 - open_directory_utils.gemspec
-homepage: https://github.com/btihen/open_directory_utils
+homepage: https://github.com/LAS-IT/open_directory_utils
 licenses:
 - MIT
 metadata: {}