radum 0.0.1 → 0.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/radum/ad.rb +41 -27
- data/lib/radum/container.rb +1 -1
- data/lib/radum/group.rb +3 -3
- data/lib/radum/user.rb +3 -3
- metadata +4 -4
data/lib/radum/ad.rb
CHANGED
@@ -2,8 +2,8 @@
|
|
2
2
|
# working with users and groups. The User class represents a standard Windows
|
3
3
|
# user account. The UNIXUser class represents a Windows account that has UNIX
|
4
4
|
# attributes. Similarly, the Group class represents a standard Windows group,
|
5
|
-
# and
|
6
|
-
# attributes are supported if Active Directory has been extended, such as
|
5
|
+
# and the UNIXGroup class represents a Windows group that has UNIX attributes.
|
6
|
+
# UNIX attributes are supported if Active Directory has been extended, such as
|
7
7
|
# when Microsoft Identity Management for UNIX has been installed. LDAP
|
8
8
|
# extensions for UNIX are not required if only Windows users and groups are
|
9
9
|
# operated on. This module concentrates only on users and groups at this time.
|
@@ -3261,6 +3261,10 @@ module RADUM
|
|
3261
3261
|
# groups having users as implicit members, etc. we just make sure
|
3262
3262
|
# the user is made a UNIX member of the previous UNIX main group
|
3263
3263
|
# when it was changed just in case they are not already a member.
|
3264
|
+
# This only applies if the UNIXUser is still a member of their
|
3265
|
+
# previous UNIX main group - it is also possible they were explicitly
|
3266
|
+
# removed before getting here, so this should only be done if they
|
3267
|
+
# are currently a member of their old UNIX main group.
|
3264
3268
|
#
|
3265
3269
|
# Note that when converting a UNIXUser to a User, there will be a
|
3266
3270
|
# gid change, but the gid will be "".to_i (0). In that case, we don't
|
@@ -3271,33 +3275,43 @@ module RADUM
|
|
3271
3275
|
group_ops = []
|
3272
3276
|
group_filter = Net::LDAP::Filter.eq("objectclass", "group")
|
3273
3277
|
group = find_group_by_gid old_gid
|
3274
|
-
entry = @ldap.search(:base => group.distinguished_name,
|
3275
|
-
:filter => group_filter,
|
3276
|
-
:scope => Net::LDAP::SearchScope_BaseObject).pop
|
3277
|
-
# Double check to make sure they are not already members. Since this
|
3278
|
-
# logic is difficult to deal with, the algorithm is simply to make
|
3279
|
-
# sure the UNIXUser is a member of their previous UNIX main group
|
3280
|
-
# if that has not been done by the update_group() method.
|
3281
|
-
found = false
|
3282
3278
|
|
3283
|
-
|
3284
|
-
|
3285
|
-
|
3279
|
+
# Make sure the group membership was not explicitly removed after
|
3280
|
+
# the UNIX main group for the user was modified.
|
3281
|
+
unless user.member_of?(group)
|
3282
|
+
RADUM::logger.log("\nSpecial case 1: membership in old UNIX main" +
|
3283
|
+
" group <#{group.name}> was explicitly removed" +
|
3284
|
+
" after change - no update required.", LOG_DEBUG)
|
3285
|
+
else
|
3286
|
+
entry = @ldap.search(:base => group.distinguished_name,
|
3287
|
+
:filter => group_filter,
|
3288
|
+
:scope => Net::LDAP::SearchScope_BaseObject).pop
|
3289
|
+
# Double check to make sure they are not already members. Since
|
3290
|
+
# this logic is difficult to deal with, the algorithm is simply to
|
3291
|
+
# make sure the UNIXUser is a member of their previous UNIX main
|
3292
|
+
# group if that has not been done by the update_group() method.
|
3293
|
+
found = false
|
3294
|
+
|
3295
|
+
begin
|
3296
|
+
found = entry.msSFU30PosixMember.find do |member|
|
3297
|
+
user.distinguished_name.downcase == member.downcase
|
3298
|
+
end
|
3299
|
+
rescue NoMethodError
|
3300
|
+
end
|
3301
|
+
|
3302
|
+
unless found
|
3303
|
+
group_ops.push [:add, :memberUid, user.username]
|
3304
|
+
group_ops.push [:add, :msSFU30PosixMember,
|
3305
|
+
user.distinguished_name]
|
3306
|
+
RADUM::logger.log("\nSpecial case 1: updating old UNIX main" +
|
3307
|
+
" group UNIX membership for group" +
|
3308
|
+
" <#{group.name}>.", LOG_DEBUG)
|
3309
|
+
RADUM::logger.log("\n" + group_ops.to_yaml, LOG_DEBUG)
|
3310
|
+
@ldap.modify :dn => group.distinguished_name,
|
3311
|
+
:operations => group_ops
|
3312
|
+
check_ldap_result
|
3313
|
+
RADUM::logger.log("\nSpecial case 1: end.\n\n", LOG_DEBUG)
|
3286
3314
|
end
|
3287
|
-
rescue NoMethodError
|
3288
|
-
end
|
3289
|
-
|
3290
|
-
unless found
|
3291
|
-
group_ops.push [:add, :memberUid, user.username]
|
3292
|
-
group_ops.push [:add, :msSFU30PosixMember, user.distinguished_name]
|
3293
|
-
RADUM::logger.log("\nSpecial case 1: updating old UNIX main group" +
|
3294
|
-
" UNIX membership for group <#{group.name}>.",
|
3295
|
-
LOG_DEBUG)
|
3296
|
-
RADUM::logger.log("\n" + group_ops.to_yaml, LOG_DEBUG)
|
3297
|
-
@ldap.modify :dn => group.distinguished_name,
|
3298
|
-
:operations => group_ops
|
3299
|
-
check_ldap_result
|
3300
|
-
RADUM::logger.log("\nSpecial case 1: end.\n\n", LOG_DEBUG)
|
3301
3315
|
end
|
3302
3316
|
|
3303
3317
|
# In this case, we also have to make sure the user is removed
|
data/lib/radum/container.rb
CHANGED
data/lib/radum/group.rb
CHANGED
@@ -79,7 +79,7 @@ module RADUM
|
|
79
79
|
end
|
80
80
|
|
81
81
|
@type = args[:type] || GROUP_GLOBAL_SECURITY
|
82
|
-
@distinguished_name = "cn=" + name + "," + @container.name + "," +
|
82
|
+
@distinguished_name = "cn=" + @name + "," + @container.name + "," +
|
83
83
|
@container.directory.root
|
84
84
|
@users = []
|
85
85
|
@removed_users = []
|
@@ -291,7 +291,7 @@ module RADUM
|
|
291
291
|
# The String representation of the Group object.
|
292
292
|
def to_s
|
293
293
|
"Group [(" + RADUM.group_type_to_s(@type) +
|
294
|
-
", RID #{@rid}) #{@distinguished_name}]"
|
294
|
+
", RID #{@rid}) <#{@name}> #{@distinguished_name}]"
|
295
295
|
end
|
296
296
|
end
|
297
297
|
|
@@ -449,7 +449,7 @@ module RADUM
|
|
449
449
|
# The String representation of the UNIXGroup object.
|
450
450
|
def to_s
|
451
451
|
"UNIXGroup [(" + RADUM.group_type_to_s(@type) +
|
452
|
-
", RID #{@rid}, GID #{@gid}) #{@distinguished_name}]"
|
452
|
+
", RID #{@rid}, GID #{@gid}) <#{@name}> #{@distinguished_name}]"
|
453
453
|
end
|
454
454
|
end
|
455
455
|
end
|
data/lib/radum/user.rb
CHANGED
@@ -644,7 +644,7 @@ module RADUM
|
|
644
644
|
# The String representation of the User object.
|
645
645
|
def to_s
|
646
646
|
"User [(" + (@disabled ? "USER_DISABLED" : "USER_ENABLED") +
|
647
|
-
", RID #{@rid})
|
647
|
+
", RID #{@rid}) <#{@username}> #{@distinguished_name}]"
|
648
648
|
end
|
649
649
|
end
|
650
650
|
|
@@ -1080,8 +1080,8 @@ module RADUM
|
|
1080
1080
|
# The String representation of the UNIXUser object.
|
1081
1081
|
def to_s
|
1082
1082
|
"UNIXUser [(" + (@disabled ? "USER_DISABLED" : "USER_ENABLED") +
|
1083
|
-
", RID #{@rid}, UID #{@uid}, GID #{@unix_main_group.gid})
|
1084
|
-
"#{@distinguished_name}]"
|
1083
|
+
", RID #{@rid}, UID #{@uid}, GID #{@unix_main_group.gid})" +
|
1084
|
+
" <#{@username}> #{@distinguished_name}]"
|
1085
1085
|
end
|
1086
1086
|
end
|
1087
1087
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: radum
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Shaun Rowland
|
@@ -9,7 +9,7 @@ autorequire:
|
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
11
|
|
12
|
-
date: 2009-08-
|
12
|
+
date: 2009-08-06 00:00:00 -04:00
|
13
13
|
default_executable:
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
@@ -66,9 +66,9 @@ require_paths:
|
|
66
66
|
- lib
|
67
67
|
required_ruby_version: !ruby/object:Gem::Requirement
|
68
68
|
requirements:
|
69
|
-
- -
|
69
|
+
- - ~>
|
70
70
|
- !ruby/object:Gem::Version
|
71
|
-
version:
|
71
|
+
version: 1.8.5
|
72
72
|
version:
|
73
73
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
74
74
|
requirements:
|