ruby-jss 1.0.2 → 1.0.3b1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '0196bdb655afca3d5ed45a3a3843664581141d379b5549814945d1868ed51fa4'
-  data.tar.gz: f818199e33219b7c21b1353874b4d3c5c2f92943acbd01e2a9b332fc868628a7
+  metadata.gz: 26f81c239772f5d60e91e894de2d3617e76600a8a259fb8185612ffc7eab2d02
+  data.tar.gz: 849b3a3ef79be5f35594612cca9820a238489e5ceda4ca853e8f1d706e3e48a1
 SHA512:
-  metadata.gz: b90fb35e0f5f132edf4b396d0608225f30722322fc9cbea5826c127b2b2e77fa2bce69345952b4440454be3a3ce110530c54b349ea472220bc5d4ad1e83f32d2
-  data.tar.gz: d2952cb9ff7f44b3617946f93d522fba7d990f98754542f1413ccd1736ea33fed85e4e4fc24b96dc347aa32907793888dacf6b26cfd068366d63f5b460d3b6d4
+  metadata.gz: 27bf2bf3d489fff5ea4853b445be8e6dee1b078b77f4f8d51564f7f8c22a63edd54452202bbee7c5649ce39960c4cd86df4637bb7ad26405cac7cf974229f27c
+  data.tar.gz: e79a56e46ac43760749197e7e200a9fcf3c9dfedbf32cbc15fec460ecc9e7a820db3bea8a8f71295b573265d9e4f157bdbda0d2e0a87908393dc3b85efc9f41d

data/CHANGES.md

@@ -1,5 +1,16 @@
 # Change History
 
+## v 1.0.2b1 2018-12-04
+
+- fix: default port number choice for on-prem vs. JamfCloud connections
+- update: use new(er) API resources for LDAP lookups, don't go directly to LDAP via net/ldap
+- add: LDAPServer.server_for_user and .server_for_group class methods, return the id of the first LDAP server containing the given user or group
+- fix Client.primary_console_user returns nil when at the loginwindow
+- add: Client.homdir(user) and Client.do_not_disturb?(user)
+- fix: Computer#certificates attribute is now readable
+- add: Package.all_filenames, .orphaned_files, and .missing_files class methods. WARNING - these are very slow since they must instantiate every package.
+- fix: error when SelfService icon is not available where expected, returns nil instead. (Thanks to @cybertunnel for finding this)
+
 ## v 1.0.2 2018-10-16
 
 - add: Support for parentheses (opening_paren and closing_paren) in JSS::Criteriable::Criterion objects

data/bin/cgrouper

@@ -290,8 +290,8 @@ Options:
 
 Notes:
 
- - If no API settings are provided, they will be read from /etc/jss_gem.conf
-   and ~/.jss_gem.conf. See the JSS Gem docs for details.
+ - If no API settings are provided, they will be read from /etc/ruby-jss.conf
+   and ~/.ruby-jss.conf. See the ruby-jss docs for details.
 
  - The password for the connection will be read from STDIN or prompted if needed
 
@@ -307,7 +307,7 @@ Notes:
    (spaces, tabs, & returns in any number or combination)
 
     FULLHELP
-    return
+
   end
 
   #####################################

data/lib/jss/api_connection.rb

@@ -425,6 +425,7 @@ module JSS
     # @return [true]
     #
     def connect(args = {})
+      args[:no_port_specified] = args[:port].to_s.empty?
       args = apply_connection_defaults args
 
       # confirm we know basics
@@ -993,7 +994,7 @@ module JSS
     # @return [Hash] The args with defaults applied
     #
     def apply_module_defaults(args)
-      args[:port] ||= args[:server].to_s.end_with?(JAMFCLOUD_DOMAIN) ? JAMFCLOUD_PORT : SSL_PORT
+      args[:port] = args[:server].to_s.end_with?(JAMFCLOUD_DOMAIN) ? JAMFCLOUD_PORT : SSL_PORT if args[:no_port_specified]
       args[:timeout] ||= DFT_TIMEOUT
       args[:open_timeout] ||= DFT_OPEN_TIMEOUT
       args[:ssl_version] ||= DFT_SSL_VERSION

data/lib/jss/api_object/computer.rb

@@ -415,9 +415,7 @@ module JSS
       end_date ||= start_date
       start_date = Time.parse start_date if start_date.is_a? String
       end_date = Time.parse end_date if end_date.is_a? String
-      unless ([start_date.class, end_date.class] - APPLICATION_USAGE_DATE_CLASSES).empty?
-        raise JSS::InvalidDataError, 'Invalid Start or End Date'
-      end
+      raise JSS::InvalidDataError, 'Invalid Start or End Date' unless ([start_date.class, end_date.class] - APPLICATION_USAGE_DATE_CLASSES).empty?
       start_date = start_date.strftime APPLICATION_USAGE_DATE_FMT
       end_date = end_date.strftime APPLICATION_USAGE_DATE_FMT
       data = api.get_rsrc(APPLICATION_USAGE_RSRC + "/id/#{id}/#{start_date}_#{end_date}")
@@ -720,6 +718,16 @@ module JSS
     #
     attr_reader :software
 
+    # @return [Array<Hash>] Data about all the certificates on the computer.
+    #
+    # Each Hash represents a certificate and has these keys:
+    #  common_name: [String] the name of the cert
+    #  identity: [Boolean] Is this an identiry cert?
+    #  expires: [Time] the certificate expiration time
+    #  name: [String] Display name for the certificate, if any
+    #
+    attr_reader :certificates
+
     # Constructor
     #####################################
 
@@ -763,11 +771,19 @@ module JSS
         @sus = @init_data[:general][:sus]
 
         @configuration_profiles = @init_data[:configuration_profiles]
-        @certificates = @init_data[:certificates]
+
         @groups_accounts = @init_data[:groups_accounts]
         @hardware = @init_data[:hardware]
         @peripherals = @init_data[:peripherals]
         @software = @init_data[:software]
+        @certificates = @init_data[:certificates].map do |cert|
+          {
+            expires: JSS.epoch_to_time(cert[:expires_epoch]),
+            common_name: cert[:common_name],
+            identity: cert[:identity],
+            name: cert[:name]
+          }
+        end
 
         # Freeze immutable things.
         # These are updated via recon, and aren't sent
@@ -956,7 +972,6 @@ module JSS
       @unmange_at_update = true
     end
 
-    #
     def asset_tag=(new_val)
       return nil if @asset_tag == new_val
       new_val.strip!
@@ -964,7 +979,6 @@ module JSS
       @need_to_update = true
     end
 
-    #
     def barcode1=(new_val)
       return nil if @barcode1 == new_val
       new_val.strip!
@@ -972,7 +986,6 @@ module JSS
       @need_to_update = true
     end
 
-    #
     def barcode2=(new_val)
       return nil if @barcode2 == new_val
       new_val.strip!
@@ -980,35 +993,30 @@ module JSS
       @need_to_update = true
     end
 
-    #
     def ip_address=(new_val)
       return nil if @ip_address == new_val
       @ip_address = new_val.empty? ? new_val : JSS::Validate.ip_address(new_val)
       @need_to_update = true
     end
 
-    #
     def mac_address=(new_val)
       return nil if new_val == @mac_address
       @mac_address =  new_val.empty? ? new_val : JSS::Validate.mac_address(new_val)
       @need_to_update = true
     end
 
-    #
     def alt_mac_address=(new_val)
       return nil if new_val == @alt_mac_address
       @alt_mac_address = new_val.empty? ? new_val : JSS::Validate.mac_address(new_val)
       @need_to_update = true
     end
 
-    #
     def serial_number=(new_val)
       return nil if new_val == @serial_number
       @serial_number =  new_val.empty? ? new_val : JSS::Validate.unique_identifier(JSS::Computer, :serial_number, new_val, api: api)
       @need_to_update = true
     end
 
-    #
     def udid=(new_val)
       return nil if new_val == @udid
       @udid = new_val.empty? ? new_val : JSS::Validate.unique_identifier(JSS::Computer, :udid, new_val, api: api)

data/lib/jss/api_object/ldap_server.rb

@@ -1,272 +1,275 @@
-### Copyright 2018 Pixar
-
-###
-###    Licensed under the Apache License, Version 2.0 (the "Apache License")
-###    with the following modification; you may not use this file except in
-###    compliance with the Apache License and the following modification to it:
-###    Section 6. Trademarks. is deleted and replaced with:
-###
-###    6. Trademarks. This License does not grant permission to use the trade
-###       names, trademarks, service marks, or product names of the Licensor
-###       and its affiliates, except as required to comply with Section 4(c) of
-###       the License and to reproduce the content of the NOTICE file.
-###
-###    You may obtain a copy of the Apache License at
-###
-###        http://www.apache.org/licenses/LICENSE-2.0
-###
-###    Unless required by applicable law or agreed to in writing, software
-###    distributed under the Apache License with the above modification is
-###    distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-###    KIND, either express or implied. See the Apache License for the specific
-###    language governing permissions and limitations under the Apache License.
-###
-###
-
-###
-module JSS
-
-  #####################################
-  ### Module Variables
-  #####################################
-
-  #####################################
-  ### Module Methods
-  #####################################
+# Copyright 2018 Pixar
+
+#
+#    Licensed under the Apache License, Version 2.0 (the "Apache License")
+#    with the following modification; you may not use this file except in
+#    compliance with the Apache License and the following modification to it:
+#    Section 6. Trademarks. is deleted and replaced with:
+#
+#    6. Trademarks. This License does not grant permission to use the trade
+#       names, trademarks, service marks, or product names of the Licensor
+#       and its affiliates, except as required to comply with Section 4(c) of
+#       the License and to reproduce the content of the NOTICE file.
+#
+#    You may obtain a copy of the Apache License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the Apache License with the above modification is
+#    distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#    KIND, either express or implied. See the Apache License for the specific
+#    language governing permissions and limitations under the Apache License.
+#
+#
 
+module JSS
 
-  #####################################
-  ### Classes
+  # Classes
   #####################################
 
-  ###
-  ### An LDAP server in the JSS.
-  ###
-  ### This class doesn't curretly provide creation or updaing of LDAP server
-  ### definitions in the JSS. Please use the JSS web UI.
-  ###
-  ### However, it does provide methods for querying users and usergroups from
-  ### LDAP servers, and checking group membership.
-  ###
-  ### When an LDAPServer instance is created, if it
-  ### uses anonymous binding for lookups (the Authentication Type is set to 'none') then
-  ### the LDAP connection is established immediately. Otherwise, you must use the {#connect}
-  ### method, and provide the appropriate password for the lookup account defined.
-  ###
-  ### Since LDAP server connections are used to verify the validity of LDAP users & groups used in
-  ### scopes, if you don't connect to all LDAP servers before modifying any scope's user & group
-  ### limitations or exceptions, those new values may not be verifiable. Unverified limitations and
-  ### exceptions, when sent to the API, will result in a REST 409 Conflict error if the user or
-  ### group doesn't exist. Unfortunately, 409 Conflict errors are very generic and don't indicate the
-  ### source of the problem (in this case, a non-existent user or group limitation or exception to the
-  ### scope). The {JSS::Scopable} module tries to catch these errors and raise a more useful
-  ### exception when they happen.
-  ###
-  ### The class method {LDAPServer.all_ldaps} returns a Hash of JSS::LDAPServer instances.
-  ### one for each server defined in the JSS.
-  ###
-  ### The class methods {LDAPServer.user_in_ldap?} and {LDAPServer.group_in_ldap?} can be
-  ### used to check all defined LDAP servers for a user or group. They are used by
-  ### {JSS::Scopable::Scope} when adding user and groups to scope limitations and exceptions.
-  ###
-  ### Within an LDAPServer instance, the methods {#find_user} and {#find_group} will return
-  ### all matches in the server for a given search term.
-  ###
-  ### @see JSS::APIObject
-  ###
+  # An LDAP server in the JSS.
+  #
+  # This class doesn't curretly provide creation or updaing of LDAP server
+  # definitions in the JSS. Please use the JSS web UI.
+  #
+  # However, it does provide methods for querying users and usergroups from
+  # LDAP servers, and checking group membership.
+  #
+  # The class methods {LDAPServer.user_in_ldap?} and {LDAPServer.group_in_ldap?} can be
+  # used to check all defined LDAP servers for a user or group. They are used by
+  # {JSS::Scopable::Scope} when adding user and groups to scope limitations and exceptions.
+  #
+  # Within an LDAPServer instance, the methods {#find_user} and {#find_group} will return
+  # all matches in the server for a given search term.
+  #
+  # @see JSS::APIObject
+  #
   class LDAPServer < JSS::APIObject
 
-
-    ### Class Methods
+    # Constants
     #####################################
 
-    ### DEPRECATED: Please Use ::all_objects
-    ###
-    ### @param refresh[Boolean] should the LDAP server data be re-read from the API?
-    ###
-    ### @return [Hash{String => JSS::LDAPServer}] JSS::LDAPServer instances for all defined servers
-    ###
-    def self.all_ldaps(refresh = false, api: JSS.api)
-      hash = {}
-      all_objects(refresh, api: api) { |ls| hash[ls.name] = s }
-      hash
-    end
-
-    ###
-    ### @param user[String] a username to search for in all LDAP servers
-    ###
-    ### @return [Boolean] does the user exist in any LDAP server?
-    ###
-    def self.user_in_ldap?(user, api: JSS.api)
-      all_objects(refresh, api: api).each do |ldap|
-        next if ldap.find_user(user, :exact).empty?
-        return true
-      end
-      false
-    end
-
-    ###
-    ### @param group[String] a group to search for in all LDAP servers
-    ###
-    ### @return [Boolean] does the group exist in any LDAP server?
-    ###
-    def self.group_in_ldap? (group, api: JSS.api)
-      all_objects(refresh, api: api).each do |ldap|
-        next if ldap.find_group(group, :exact).empty?
-        return true
-      end
-      false
-    end
-
-
+    # The base for REST resources of this class
+    RSRC_BASE = 'ldapservers'.freeze
 
-    #####################################
-    ### Class Constants
-    #####################################
-
-    ### The base for REST resources of this class
-    RSRC_BASE = "ldapservers"
-
-    ### the hash key used for the JSON list output of all objects in the JSS
+    # the hash key used for the JSON list output of all objects in the JSS
     RSRC_LIST_KEY = :ldap_servers
 
-    ### The hash key used for the JSON object output.
-    ### It's also used in various error messages
+    # The hash key used for the JSON object output.
+    # It's also used in various error messages
     RSRC_OBJECT_KEY = :ldap_server
 
-    ### these keys, as well as :id and :name,  are present in valid API JSON data for this class
-    VALID_DATA_KEYS = []
+    # these keys, as well as :id and :name,  are present in valid API JSON data for this class
+    VALID_DATA_KEYS = [].freeze
 
-    ### the default LDAP port
+    # the default LDAP port
     DEFAULT_PORT = 389
 
-    ### possible values for search scope
-    SEARCH_SCOPES = ["All Subtrees", "First Level Only"]
+    # possible values for search scope
+    SEARCH_SCOPES = ['All Subtrees', 'First Level Only'].freeze
 
-    ### possible authentication types
-    AUTH_TYPES = {'none' => :anonymous, 'simple' => :simple, 'CRAM-MD5' => :cram_md5, 'DIGEST-MD5' => :digest_md5 }
+    # possible authentication types
+    AUTH_TYPES = { 'none' => :anonymous, 'simple' => :simple, 'CRAM-MD5' => :cram_md5, 'DIGEST-MD5' => :digest_md5 }.freeze
 
-    ### possible referral responses
-    REFERRAL_RESPONSES = ['', nil, 'follow', 'ignore']
+    # possible referral responses
+    REFERRAL_RESPONSES = ['', nil, 'follow', 'ignore'].freeze
 
-    ### possible objectclass mapping options
-    OBJECT_CLASS_MAPPING_OPTIONS = ["any", "all"]
+    # possible objectclass mapping options
+    OBJECT_CLASS_MAPPING_OPTIONS = %w[any all].freeze
 
     # the object type for this object in
     # the object history table.
     # See {APIObject#add_object_history_entry}
     OBJECT_HISTORY_OBJECT_TYPE = 80
 
+    # Class Methods
     #####################################
-    ### Attributes
+
+    # Does a user exist in any ldap server?
+    #
+    # @param user[String] a username to search for in all LDAP servers
+    #
+    # @param api[JSS::APIConnection] the API connection to use for the search#
+
+    # @return [Integer, nil] the id of the first LDAP server with the user,
+    #  nil if not found
+    #
+    def self.server_for_user(user, api: JSS.api)
+      all_objects(:refresh, api: api).each do |ldap|
+        next if ldap.find_user(user, :exact).empty?
+        return ldap.id
+      end
+      nil
+    end
+
+    # For Backward Compatibility,
+    #
+    # @param user[String] a username to search for in all LDAP servers
+    #
+    # @param api[JSS::APIConnection] the API connection to use for the search
+    #
+    # @return [Boolean] Does the user exist in any LDAP server?
+    #
+    def self.user_in_ldap?(user, api: JSS.api)
+      server_for_user(user, api: api) ? true : false
+    end
+
+    # Does a group exist in any ldap server?
+    #
+    # @param group[String] a group to search for in all LDAP servers
+    #
+    # @param api[JSS::APIConnection] the API connection to use for the search
+    #
+    # @return [Integer, nil] the id of the first LDAP server with the group,
+    #  nil if not found
+    #
+    def self.server_for_group(group, api: JSS.api)
+      all_objects(:refresh, api: api).each do |ldap|
+        next if ldap.find_group(group, :exact).empty?
+        return ldap.id
+      end
+      nil
+    end
+
+    # For Backward Compatibility,
+    #
+    # @param user[String] a group name to search for in all LDAP servers
+    #
+    # @param api[JSS::APIConnection] the API connection to use for the search
+    #
+    # @return [Boolean] Does the group exist in any LDAP server?
+    #
+    def self.group_in_ldap?(group, api: JSS.api)
+      server_for_group(group, api: api) ? true : false
+    end
+
+    # On a given server, does a given group contain a given user?
+    #
+    # This class method allows the check to happen without instanting
+    # the LDAPServer.
+    #
+    # @param server[String, Integer] The name or id of the LDAP server to use
+    #
+    # @param user[String] the username to check for memebership in the group
+    #
+    # @param group[String] the group name to see if the user is a member
+    #
+    # @param api[JSS::APIConnection] the API connection to use for the search
+    #
+    # @return [Boolean] is the user a member of the group?
+    #
+    def self.check_membership(ldap_server, user, group, api: JSS.api)
+      ldap_server_id = valid_id ldap_server
+      raise JSS::NoSuchItemError, "No LDAPServer matching #{ldap_server}" unless ldap_server_id
+      rsrc = "#{RSRC_BASE}/id/#{ldap_server_id}/group/#{CGI.escape group}/user/#{CGI.escape user}"
+      member_check = api.get_rsrc rsrc
+      return false if member_check[:ldap_users].empty?
+      true
+    end
+
+    # Attributes
     #####################################
 
-    ### These attributes all come from the :connection hash of the
-    ### API data
+    # These attributes all come from the :connection hash of the
+    # API data
 
-    ### @return [String] the hostname of the server
+    # @return [String] the hostname of the server
     attr_reader :hostanme
 
-    ### @return [Integer] the port for ldap
+    # @return [Integer] the port for ldap
     attr_reader :port
 
-    ### @return [Boolean] should the connection use ssl?
+    # @return [Boolean] should the connection use ssl?
     attr_reader :use_ssl
 
-    ### @return [String] what authentication method should be used?
+    # @return [String] what authentication method should be used?
     attr_reader :authentication_type
 
-    ### @return [String] the Distinguished Name of the account used for connections/lookups?
+    # @return [String] the Distinguished Name of the account used for connections/lookups?
     attr_reader :lookup_dn
 
-    ### @return [String] the password for the connection/lookup account, as a SHA256 digest.
+    # @return [String] the password for the connection/lookup account, as a SHA256 digest.
     attr_reader :lookup_pw_sha256
 
-    ### @return [Integer]  timeout, in seconds, for opening LDAP connections
+    # @return [Integer]  timeout, in seconds, for opening LDAP connections
     attr_reader :open_close_timeout
 
-    ### @return [Integer] timeout, in seconds, for search queries
+    # @return [Integer] timeout, in seconds, for search queries
     attr_reader :search_timeout
 
-    ### @return [String] the referral response from the server
+    # @return [String] the referral response from the server
     attr_reader :referral_response
 
-    ### @return [Boolean] should searches use wildcards?
+    # @return [Boolean] should searches use wildcards?
     attr_reader :use_wildcards
 
-
-    ### @return [Hash<Symbol=>String>]
-    ###
-    ### The LDAP attributes mapped to various user data
-    ###
-    ### The hash keys are:
-    ### - :search_base =>
-    ### - :search_scope =>
-    ### - :object_classes =>
-    ### - :map_object_class_to_any_or_all =>
-    ### - :map_username =>
-    ### - :map_user_id =>
-    ### - :map_department =>
-    ### - :map_building =>
-    ### - :map_room =>
-    ### - :map_realname =>
-    ### - :map_phone =>
-    ### - :map_email_address =>
-    ### - :map_position =>
-    ### - :map_user_uuid =>
-    ### - :append_to_email_results =>
-    ###
+    # @return [Hash<Symbol=>String>]
+    #
+    # The LDAP attributes mapped to various user data
+    #
+    # The hash keys are:
+    # - :search_base =>
+    # - :search_scope =>
+    # - :object_classes =>
+    # - :map_object_class_to_any_or_all =>
+    # - :map_username =>
+    # - :map_user_id =>
+    # - :map_department =>
+    # - :map_building =>
+    # - :map_room =>
+    # - :map_realname =>
+    # - :map_phone =>
+    # - :map_email_address =>
+    # - :map_position =>
+    # - :map_user_uuid =>
+    # - :append_to_email_results =>
+    #
     attr_reader :user_mappings
 
-
-    ### @return [Hash<Symbol=>String>]
-    ###
-    ### The LDAP attributes mapped to various user group data
-    ###
-    ### The hash keys are:
-    ### - :search_base =>
-    ### - :search_scope =>
-    ### - :object_classes =>
-    ### - :map_object_class_to_any_or_all =>
-    ### - :map_group_id =>
-    ### - :map_group_name =>
-    ### - :map_group_uuid =>
-    ###
+    # @return [Hash<Symbol=>String>]
+    #
+    # The LDAP attributes mapped to various user group data
+    #
+    # The hash keys are:
+    # - :search_base =>
+    # - :search_scope =>
+    # - :object_classes =>
+    # - :map_object_class_to_any_or_all =>
+    # - :map_group_id =>
+    # - :map_group_name =>
+    # - :map_group_uuid =>
+    #
     attr_reader :user_group_mappings
 
-    ### @return [Hash<Symbol=>String>]
-    ###
-    ### The LDAP attributes used to identify a user as a member of a group
-    ###
-    ### The hash keys are:
-    ### - :user_group_membership_stored_in =>
-    ### - :map_user_membership_use_dn =>
-    ### - :map_group_membership_to_user_field =>
-    ### - :group_id =>
-    ### - :map_object_class_to_any_or_all =>
-    ### - :append_to_username =>
-    ### - :username =>
-    ### - :object_classes =>
-    ### - :use_dn =>
-    ### - :search_base =>
-    ### - :recursive_lookups =>
-    ### - :search_scope =>
-    ### - :map_user_membership_to_group_field =>
-    ###
+    # @return [Hash<Symbol=>String>]
+    #
+    # The LDAP attributes used to identify a user as a member of a group
+    #
+    # The hash keys are:
+    # - :user_group_membership_stored_in =>
+    # - :map_user_membership_use_dn =>
+    # - :map_group_membership_to_user_field =>
+    # - :group_id =>
+    # - :map_object_class_to_any_or_all =>
+    # - :append_to_username =>
+    # - :username =>
+    # - :object_classes =>
+    # - :use_dn =>
+    # - :search_base =>
+    # - :recursive_lookups =>
+    # - :search_scope =>
+    # - :map_user_membership_to_group_field =>
+    #
     attr_reader :user_group_membership_mappings
 
-    ### @return [Boolean] we we connected to this server at the moment?
-    attr_reader :connected
-
-    #####################################
-    ### Constructor
+    # Constructor
     #####################################
 
-    ###
-    ### See JSS::APIObject#initialize
-    ###
-    def initialize (args = {})
-      require 'net/ldap'
+    #
+    # See JSS::APIObject#initialize
+    #
+    def initialize(args = {})
       super
 
       @hostname = @init_data[:connection][:hostname]
@@ -281,252 +284,54 @@ module JSS
       @lookup_dn = @init_data[:connection][:account][:distinguished_username]
       @lookup_pw_sha256 = @init_data[:connection][:account][:password_sha256]
 
-      @user_mappings = @init_data[:mappings_for_users ][:user_mappings]
-      @user_group_mappings = @init_data[:mappings_for_users ][:user_group_mappings]
-      @user_group_membership_mappings = @init_data[:mappings_for_users ][:user_group_membership_mappings]
-
-      # the ldap attributes to retrieve with user lookups
-      # (all those defined in the user mappings)
-      @user_attrs_to_get = {
-        :username => @user_mappings[:map_username],
-        :user_id => @user_mappings[:map_user_id],
-        :department => @user_mappings[:map_department],
-        :building => @user_mappings[:map_building],
-        :room => @user_mappings[:map_room],
-        :realname => @user_mappings[:map_realname],
-        :phone => @user_mappings[:map_phone],
-        :email_address => @user_mappings[:map_email_address],
-        :position => @user_mappings[:map_position],
-        :user_uuid => @user_mappings[:map_user_uuid]
-      }.delete_if{|k,v| v.nil? }
-
-      # and for groups....
-      @user_group_attrs_to_get = {
-        :group_id => @user_group_mappings[:map_group_id],
-        :group_name => @user_group_mappings[:map_group_name],
-        :group_uuid => @user_group_mappings[:map_group_uuid]
-      }.delete_if{|k,v| v.nil? }
+      @user_mappings = @init_data[:mappings_for_users][:user_mappings]
+      @user_group_mappings = @init_data[:mappings_for_users][:user_group_mappings]
+      @user_group_membership_mappings = @init_data[:mappings_for_users][:user_group_membership_mappings]
 
       @connection = nil
       @connected = false
-
-      # If we are using anonymous binding, connect now
-      connect if @authentication_type == :anonymous
     end
 
+    # Public Instance Methods
     #####################################
-    ### Public Instance Methods
-    #####################################
-
-    ###
-    ###
-    ### @param user[String] the username to search for
-    ###
-    ### @param exact[Boolean] if true, force an exact match, otherwise use wildcards if @use_wildcards is true
-    ###
-    ### @param additional_filter[Net::LDAP::Fliter] an additional filter to be AND'd to the existing filter.
-    ###
-    ### @return [Array<Hash>] The @user_attrs_to_get for all usernames matching the query
-    ###
-    def find_user(user, exact = false, additional_filter = nil)
-
-      raise JSS::InvalidConnectionError, "Not connected to LDAP server '#{@name}'. Please use #connect first." unless @connected
-
-      if @use_wildcards and not exact
-        user_filter = Net::LDAP::Filter.contains(@user_mappings[:map_username], user)
-      else
-        user_filter = Net::LDAP::Filter.eq(@user_mappings[:map_username], user)
-      end
-
-      # limit the object classes
-      ocs = @user_mappings[:object_classes].to_s.chomp.split(/,\s*/)
-      anyall = @user_mappings[:map_object_class_to_any_or_all]
-      oc_filter =  Net::LDAP::Filter.eq("objectclass", ocs.shift)
-      ocs.each do |oc|
-        if anyall == "any"
-          oc_filter = oc_filter | Net::LDAP::Filter.eq("objectclass", oc)
-        else
-          oc_filter = oc_filter & Net::LDAP::Filter.eq("objectclass", oc)
-        end
-      end
-
-      full_filter = oc_filter & user_filter
-      full_filter = full_filter & additional_filter if additional_filter
-      treebase = @user_mappings[:search_base]
-      ldap_attribs = @user_attrs_to_get.values
-
-      # should we grab membership from the user?
-      if @user_group_membership_mappings[:user_group_membership_stored_in] == "user object" and \
-        @user_group_membership_mappings[:map_group_membership_to_user_field]
-        get_groups = true
-        ldap_attribs << @user_group_membership_mappings[:map_group_membership_to_user_field]
-      end
-
-      results = []
 
-      @connection.search(:base => treebase, :filter => full_filter, :attributes => ldap_attribs ) do |entry|
-        userhash = {:dn => entry.dn}
-        @user_attrs_to_get.each do |k,attr|
-          userhash[k] = entry[attr][0]
-        end
-        userhash[:groups] = entry[@user_group_membership_mappings[:map_group_membership_to_user_field]] if get_groups
-        # to do - if the groups are dns, convert to groupnames
-        results << userhash
-      end
-      results
+    # Search for a user in this ldap server
+    #
+    # @param user[String] the username to search for
+    #
+    # @param exact[Boolean] if true, force an exact match, otherwise use wildcards
+    #
+    # @return [Array<Hash>] The mapped LDAP data for all usernames matching the query
+    #
+    def find_user(user, exact = false)
+      raise JSS::NoSuchItemError, 'LDAPServer not yet saved in the JSS' unless @in_jss
+      raw = api.get_rsrc("#{RSRC_BASE}/id/#{@id}/user/#{user}")[:ldap_users]
+      exact ? raw.select { |u| u[:username] == user } : raw
     end
 
-    ###
-    ###
-    ### @param group[String] the group name to search for
-    ###
-    ### @param exact[Boolean] if true, force an exact match, otherwuse use wildcards if @use_wildcards is true
-    ###
-    ### @param additional_filter[Net::LDAP::Fliter] an additional filter to be AND'd to the existing filter.
-    ###
-    ### @return [Array<Hash>] The @user_group_attrs_to_get for all groups matching the query
-    ###
-    def find_group(group, exact = false, additional_filter = nil)
-
-      raise JSS::InvalidConnectionError, "Not connected to LDAP server '#{@name}'. Please use #connect first." unless @connected
-
-      if @use_wildcards and not exact
-        group_filter = Net::LDAP::Filter.contains(@user_group_mappings[:map_group_name], group)
-      else
-        group_filter = Net::LDAP::Filter.eq(@user_group_mappings[:map_group_name], group)
-      end
-
-      # limit the object classes
-      ocs = @user_group_mappings[:object_classes].to_s.chomp.split(/,\s*/)
-      anyall = @user_group_mappings[:map_object_class_to_any_or_all]
-      oc_filter =  Net::LDAP::Filter.eq("objectclass", ocs.shift)
-      ocs.each do |oc|
-        if anyall == "any"
-          oc_filter = oc_filter | Net::LDAP::Filter.eq("objectclass", oc)
-        else
-          oc_filter = oc_filter & Net::LDAP::Filter.eq("objectclass", oc)
-        end
-      end
-
-      full_filter = oc_filter & group_filter
-      full_filter = full_filter & additional_filter if additional_filter
-      treebase = @user_group_mappings[:search_base]
-      ldap_attribs = @user_group_attrs_to_get.values
-
-      # should we grab membership from the group?
-      if @user_group_membership_mappings[:user_group_membership_stored_in] == "group object" and \
-        @user_group_membership_mappings[:map_user_membership_to_group_field]
-        get_members = true
-        ldap_attribs << @user_group_membership_mappings[:map_user_membership_to_group_field]
-      end
-
-      results = []
-      @connection.search(:base => treebase, :filter => full_filter, :attributes => ldap_attribs ) do |entry|
-        hash = {:dn => entry.dn}
-        @user_group_attrs_to_get.each do |k,attr|
-          hash[k] = entry[attr][0]
-        end
-        hash[:members] = entry[@user_group_membership_mappings[:map_user_membership_to_group_field]] if get_members
-        # to do, if the members are dns, convert to usernames
-        results << hash
-      end
-      results
+    # @param group[String] the group name to search for
+    #
+    # @param exact[Boolean] if true, force an exact match, otherwuse use wildcards
+    #
+    # @return [Array<Hash>] The groupname and uid for all groups matching the query
+    #
+    def find_group(group, exact = false)
+      raise JSS::NoSuchItemError, 'LDAPServer not yet saved in the JSS' unless @in_jss
+      raw = api.get_rsrc("#{RSRC_BASE}/id/#{@id}/group/#{group}")[:ldap_groups]
+      exact ? raw.select { |u| u[:groupname] == group } : raw
     end
 
-
-    ###
-    ### @param user[String] the username to check for memebership in the group
-    ###
-    ### @param group[String] the group name to see if the user is a member
-    ###
-    ### @return [Boolean, nil] is the user a member? Nil if unable to check
-    ###
-    ### @todo Implement checking groups membership in 'other' ldap area
-    ###
+    # @param user[String] the username to check for memebership in the group
+    #
+    # @param group[String] the group name to see if the user is a member
+    #
+    # @return [Boolean, nil] is the user a member? Nil if unable to check
+    #
     def check_membership(user, group)
-
-      raise JSS::InvalidConnectionError, "Not connected to LDAP server '#{@name}'. Please use #connect first." unless @connected
-
-      found_user = find_user(user, :exact)[0]
-      found_group = find_group(group, :exact)[0]
-
-      raise JSS::NoSuchItemError, "No user '#{user}' in LDAP." unless found_user
-      raise JSS::NoSuchItemError, "No group '#{group}' in LDAP." unless found_group
-
-      if @user_group_membership_mappings[:user_group_membership_stored_in] == "group object"
-        if @user_group_membership_mappings[:map_user_membership_use_dn]
-          return found_group[:members].include? found_user[:dn]
-        else
-          return found_group[:members].include? user
-        end
-
-
-      elsif @user_group_membership_mappings[:user_group_membership_stored_in] == "user object"
-        if @user_group_membership_mappings[:use_dn]
-          return found_user[:groups].include? found_group[:dn]
-        else
-          return found_user[:groups].include? group
-        end
-
-
-      else
-        ### To do!!
-        return nil
-        # implement a search based on the "other" settings
-        # This will be 3 searchs
-        # - one for the username mapping in users
-        # - one for the gid in groups
-        # - one for a record linking them in the "other" search base
-      end
+      raise JSS::NoSuchItemError, 'LDAPServer not yet saved in the JSS' unless @in_jss
+      self.class.check_membership @id, user, group, api: @api
     end
 
-
-    ###
-    ### The connect to this LDAP server for subsequent use of the {#find_user}, {#find_group}
-    ### and {#check_membership} methods
-    ###
-    ### @param pw[String,Symbol] the LDAP connection password for this server. Can be nil if
-    ###   authentication type is 'none'.
-    ###   If :prompt, the user is promted on the commandline to enter the password for the :user.
-    ###   If :stdin#, the password is read from a line of std in represented by the digit at #,
-    ###   so :stdin3 reads the passwd from the third line of standard input. defaults to line 2,
-    ###   if no digit is supplied. see {JSS.stdin}
-    ###
-    ###
-    ### @return [Boolean] did we connect to the LDAP server with the defined credentials
-    ###
-    def connect(pw = nil)
-
-      unless @authentication_type == :anonymous
-        # how do we get the password?
-        password = if pw == :prompt
-          JSS.prompt_for_password "Enter the password for the LDAP connection account '#{@lookup_dn}':"
-        elsif pw.is_a?(Symbol) and pw.to_s.start_with?('stdin')
-          pw.to_s =~ /^stdin(\d+)$/
-          line = $1
-          line ||= 2
-          JSS.stdin line
-        else
-          pw
-        end
-
-
-        raise JSS::InvalidDataError, "Incorrect password for LDAP connection account '#{@lookup_dn}'" unless @lookup_pw_sha256 == Digest::SHA2.new(256).update(password.to_s).to_s
-      end # unless
-
-      @connection = Net::LDAP.new :host => @hostname, :port => @port, :auth => {:method => @authentication_type, :username => @lookup_dn, :password => password }
-
-      @connected = true
-    end # connect
-
-
-
-    ###
-    ### Aliases
-    ###
-
-    alias connected? connected
-
   end # class ldap server
 
 end # module