radum 0.0.1 → 0.0.2

data/lib/radum/ad.rb

@@ -2,8 +2,8 @@
 # working with users and groups. The User class represents a standard Windows
 # user account. The UNIXUser class represents a Windows account that has UNIX
 # attributes. Similarly, the Group class represents a standard Windows group,
-# and a UNIXGroup represents a Windows group that has UNIX attributes. UNIX
-# attributes are supported if Active Directory has been extended, such as
+# and the UNIXGroup class represents a Windows group that has UNIX attributes.
+# UNIX attributes are supported if Active Directory has been extended, such as
 # when Microsoft Identity Management for UNIX has been installed. LDAP
 # extensions for UNIX are not required if only Windows users and groups are
 # operated on. This module concentrates only on users and groups at this time.
@@ -3261,6 +3261,10 @@ module RADUM
         # groups having users as implicit members, etc. we just make sure
         # the user is made a UNIX member of the previous UNIX main group
         # when it was changed just in case they are not already a member.
+        # This only applies if the UNIXUser is still a member of their
+        # previous UNIX main group - it is also possible they were explicitly
+        # removed before getting here, so this should only be done if they
+        # are currently a member of their old UNIX main group.
         #
         # Note that when converting a UNIXUser to a User, there will be a
         # gid change, but the gid will be "".to_i (0). In that case, we don't
@@ -3271,33 +3275,43 @@ module RADUM
           group_ops = []
           group_filter = Net::LDAP::Filter.eq("objectclass", "group")
           group = find_group_by_gid old_gid
-          entry = @ldap.search(:base => group.distinguished_name,
-                               :filter => group_filter,
-                               :scope => Net::LDAP::SearchScope_BaseObject).pop
-          # Double check to make sure they are not already members. Since this
-          # logic is difficult to deal with, the algorithm is simply to make
-          # sure the UNIXUser is a member of their previous UNIX main group
-          # if that has not been done by the update_group() method.
-          found = false
           
-          begin
-            found = entry.msSFU30PosixMember.find do |member|
-              user.distinguished_name.downcase == member.downcase
+          # Make sure the group membership was not explicitly removed after
+          # the UNIX main group for the user was modified.
+          unless user.member_of?(group)
+            RADUM::logger.log("\nSpecial case 1: membership in old UNIX main" +
+                              " group <#{group.name}> was explicitly removed" +
+                              " after change - no update required.", LOG_DEBUG)
+          else
+            entry = @ldap.search(:base => group.distinguished_name,
+                                :filter => group_filter,
+                                :scope => Net::LDAP::SearchScope_BaseObject).pop
+            # Double check to make sure they are not already members. Since
+            # this logic is difficult to deal with, the algorithm is simply to
+            # make sure the UNIXUser is a member of their previous UNIX main
+            # group if that has not been done by the update_group() method.
+            found = false
+            
+            begin
+              found = entry.msSFU30PosixMember.find do |member|
+                user.distinguished_name.downcase == member.downcase
+              end
+            rescue NoMethodError
+            end
+            
+            unless found
+              group_ops.push [:add, :memberUid, user.username]
+              group_ops.push [:add, :msSFU30PosixMember,
+                              user.distinguished_name]
+              RADUM::logger.log("\nSpecial case 1: updating old UNIX main" +
+                                " group UNIX membership for group" +
+                                " <#{group.name}>.", LOG_DEBUG)
+              RADUM::logger.log("\n" + group_ops.to_yaml, LOG_DEBUG)
+              @ldap.modify :dn => group.distinguished_name,
+                           :operations => group_ops
+              check_ldap_result
+              RADUM::logger.log("\nSpecial case 1: end.\n\n", LOG_DEBUG)
             end
-          rescue NoMethodError
-          end
-          
-          unless found
-            group_ops.push [:add, :memberUid, user.username]
-            group_ops.push [:add, :msSFU30PosixMember, user.distinguished_name]
-            RADUM::logger.log("\nSpecial case 1: updating old UNIX main group" +
-                              " UNIX membership for group <#{group.name}>.",
-                              LOG_DEBUG)
-            RADUM::logger.log("\n" + group_ops.to_yaml, LOG_DEBUG)
-            @ldap.modify :dn => group.distinguished_name,
-                         :operations => group_ops
-            check_ldap_result
-            RADUM::logger.log("\nSpecial case 1: end.\n\n", LOG_DEBUG)
           end
           
           # In this case, we also have to make sure the user is removed

data/lib/radum/container.rb

@@ -361,7 +361,7 @@ module RADUM
     
     # The String representation of the Container object.
     def to_s
-      "Container [#{@name},#{@directory.root}]"
+      "Container <#{@name}> [#{@distinguished_name}]"
     end
   end
 end

data/lib/radum/group.rb

@@ -79,7 +79,7 @@ module RADUM
       end
       
       @type = args[:type] || GROUP_GLOBAL_SECURITY
-      @distinguished_name = "cn=" + name + "," + @container.name + "," +
+      @distinguished_name = "cn=" + @name + "," + @container.name + "," +
                             @container.directory.root
       @users = []
       @removed_users = []
@@ -291,7 +291,7 @@ module RADUM
     # The String representation of the Group object.
     def to_s
       "Group [(" + RADUM.group_type_to_s(@type) +
-      ", RID #{@rid}) #{@distinguished_name}]"
+      ", RID #{@rid}) <#{@name}> #{@distinguished_name}]"
     end
   end
   
@@ -449,7 +449,7 @@ module RADUM
     # The String representation of the UNIXGroup object.
     def to_s
       "UNIXGroup [("  + RADUM.group_type_to_s(@type) + 
-      ", RID #{@rid}, GID #{@gid}) #{@distinguished_name}]"
+      ", RID #{@rid}, GID #{@gid}) <#{@name}> #{@distinguished_name}]"
     end
   end
 end

data/lib/radum/user.rb

@@ -644,7 +644,7 @@ module RADUM
     # The String representation of the User object.
     def to_s
       "User [(" + (@disabled ? "USER_DISABLED" : "USER_ENABLED") +
-      ", RID #{@rid}) #{@username} #{@distinguished_name}]"
+      ", RID #{@rid}) <#{@username}> #{@distinguished_name}]"
     end
   end
   
@@ -1080,8 +1080,8 @@ module RADUM
     # The String representation of the UNIXUser object.
     def to_s
       "UNIXUser [(" + (@disabled ? "USER_DISABLED" : "USER_ENABLED") +
-      ", RID #{@rid}, UID #{@uid}, GID #{@unix_main_group.gid}) #{@username} " +
-      "#{@distinguished_name}]"
+      ", RID #{@rid}, UID #{@uid}, GID #{@unix_main_group.gid})" +
+      " <#{@username}> #{@distinguished_name}]"
     end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: radum
 version: !ruby/object:Gem::Version 
-  version: 0.0.1
+  version: 0.0.2
 platform: ruby
 authors: 
 - Shaun Rowland
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-08-02 00:00:00 -04:00
+date: 2009-08-06 00:00:00 -04:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -66,9 +66,9 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement 
   requirements: 
-  - - ">="
+  - - ~>
     - !ruby/object:Gem::Version 
-      version: "0"
+      version: 1.8.5
   version: 
 required_rubygems_version: !ruby/object:Gem::Requirement 
   requirements: