socialcast 1.2.3 → 1.3.0

checksums.yaml

@@ -1,15 +1,15 @@
 ---
 !binary "U0hBMQ==":
   metadata.gz: !binary |-
-    Y2Q0N2I4MGQyYzQ1MzBlYmExMmY5NjcyZDQ2YzNmMWZkYTNmZWFlZg==
+    NGRhZWZlNmVkZGY1ODEwZTcyNTJkMmYyZmE4ZjQ3Yzc4ZWIwNDIyNw==
   data.tar.gz: !binary |-
-    N2Q1OWJjZmNhYTE4MmRlNzg5MmFmZGIxNTg4M2YyZTdjZjIyMzlhYw==
+    MDMzZGZiZjdmN2NkOTk5NzZjYTU2MzY3YzIxZDQxZWNkMmQxNWMwNw==
 SHA512:
   metadata.gz: !binary |-
-    OGE0ZWRiY2IwMGNlNjQ2NzE2MTc4NzE4ZWQ4NmFiNzEzZWMxNjc2MWNmOWFj
-    ZGU1YzZjZjM5ZmE1ZTgzMjI2OWI5ZWQzODk0YzQyY2FhOTdlMWFmMTIxYjRi
-    Y2RjNWM2OWYyYmJhMzEyMWI5ODI4MzJiMjM4MmUyMDBhNTRhMmY=
+    MmEzZWUwYjZlZDk1ZGM3NWRkYjNlYWRiMWU3NGIxZTg3ZWEzOTg2NGRiZGFk
+    NDk4MGQ0NWI1OGNmZWMzYTEwZWJmZDg0NjI3OGRlZmViNmI0YjAxNjQ2NGU4
+    M2I1NmZmYTllYWRlMjkwZmY2YTY2ZjgyZDdmZTYwYjY3ZTFhNzI=
   data.tar.gz: !binary |-
-    M2Q1ZjdjODVlY2I1MmRmOGVjMmE0ZjAzMzkxYWU0YTI3OWY1OGVjODNjZWI1
-    ZWFhNTAyYzU5ODAyNTdjMjAwZTNiNGFkMDYxNjNhYmI4YjQ5MjVlZDBhNzcz
-    NWQ1NzdjODQ2MjcwMzQ0MTVkNWI5Y2UwMTk3YjkxZjZjZTRmZmQ=
+    MTJmNDA3MTQ1ZDdkMDhhNDMyOWNiNjcyZTRhN2UzOWU2YjEzMDJmY2RiNDk3
+    YzZjMzMzNDdmYWYxMzllMmM0MGUxZTFiNTRiNzViZDVlZGRmZTQ1YjA4ZmRm
+    YjJiMzVjMzlmOGVlNDEzYzEzYTNhMTlkYzg5MGVlMmEwZTkyMTk=

data/.travis.yml

@@ -1,6 +1,5 @@
 language: ruby
 rvm:
-  - 1.8.7
   - 1.9.3
-  - ree
   - 2.0.0
+  - 2.1.1

data/bin/socialcast

@@ -1,6 +1,6 @@
 #!/usr/bin/env ruby
 
 $:.unshift(File.expand_path('../../lib', __FILE__))
-require 'socialcast/cli'
+require 'socialcast/command_line/cli'
 
-Socialcast::CLI.start
+Socialcast::CommandLine::CLI.start

data/lib/socialcast.rb

@@ -1,40 +1,32 @@
 require 'yaml'
 require 'fileutils'
-require File.join(File.dirname(__FILE__), 'ext', 'array_ext') unless Array.respond_to?(:wrap)
-require File.join(File.dirname(__FILE__), 'ext', 'string_ext')
 
 module Socialcast
-  class << self
-    def config_dir
+  module CommandLine
+    def self.config_dir
       config_dir = File.expand_path '~/.socialcast'
       FileUtils.mkdir config_dir, :mode => 0700 unless File.exist?(config_dir)
       config_dir
     end
-    def credentials_file
+    def self.credentials_file
       File.join config_dir, 'credentials.yml'
     end
-    def credentials
+    def self.credentials
       fail 'Unknown Socialcast credentials.  Run `socialcast authenticate` to initialize' unless File.exist?(credentials_file)
       @@credentials ||= YAML.load_file(credentials_file)
     end
-    def credentials=(options)
+    def self.credentials=(options)
       File.open(credentials_file, "w") do |f|
         f.write(options.to_yaml)
       end
       File.chmod 0600, credentials_file
     end
-    def basic_auth_options
-      {:user => credentials[:user], :password => credentials[:password]}
-    end
-    def default_options
-      basic_auth_options
-    end
     # configure restclient for api call
-    def resource_for_path(path, options = {}, debug = true)
+    def self.resource_for_path(path, options = {}, debug = true)
       RestClient.log = Logger.new(STDOUT) if debug
       RestClient.proxy = credentials[:proxy] if credentials[:proxy]
       url = ['https://', credentials[:domain], path].join
-      RestClient::Resource.new url, options.merge(default_options)
+      RestClient::Resource.new url, options.merge({ :user => credentials[:user], :password => credentials[:password] })
     end
   end
 end

data/lib/socialcast/command_line/cli.rb

@@ -0,0 +1,161 @@
+# encoding: UTF-8
+
+require 'rubygems'
+
+require "thor"
+require 'json'
+require 'rest_client'
+require 'highline'
+require 'socialcast'
+require 'socialcast/command_line/message'
+require 'socialcast/command_line/provision'
+
+require 'logger'
+require 'fileutils'
+
+# uncomment to debug HTTP traffic
+# class ActiveResource::Connection
+#   def configure_http(http)
+#     http = apply_ssl_options(http)
+#     # Net::HTTP timeouts default to 60 seconds.
+#     if @timeout
+#       http.open_timeout = @timeout
+#       http.read_timeout = @timeout
+#     end
+#     http.set_debug_output STDOUT
+#     http
+#   end
+# end
+
+module Socialcast
+  module CommandLine
+    class CLI < Thor
+      include Thor::Actions
+
+      method_option :trace, :type => :boolean, :aliases => '-v'
+      def initialize(*args); super(*args) end
+
+      desc "authenticate", "Authenticate using your Socialcast credentials"
+      method_option :user, :type => :string, :aliases => '-u', :desc => 'email address for the authenticated user'
+      method_option :password, :type => :string, :aliases => '-p', :desc => 'password for the authenticated user'
+      method_option :domain, :type => :string, :default => 'api.socialcast.com', :desc => 'Socialcast community domain'
+      method_option :proxy, :type => :string, :desc => 'HTTP proxy options for connecting to Socialcast server'
+      def authenticate
+        user = options[:user] || ask('Socialcast username: ')
+        password = options[:password] || HighLine.new.ask("Socialcast password: ") { |q| q.echo = false }.to_s
+        domain = options[:domain]
+
+        url = ['https://', domain, '/api/authentication'].join
+        say "Authenticating #{user} to #{url}"
+        params = {:email => user, :password => password }
+        RestClient.log = Logger.new(STDOUT) if options[:trace]
+        RestClient.proxy = options[:proxy] if options[:proxy]
+        resource = RestClient::Resource.new url
+        response = resource.post params, :accept => :json
+        say "API response: #{response.body.to_s}" if options[:trace]
+        communities = JSON.parse(response.body.to_s)['communities']
+        domain = communities.detect {|c| c['domain'] == domain} ? domain : communities.first['domain']
+
+        Socialcast::CommandLine.credentials = {:user => user, :password => password, :domain => domain, :proxy => options[:proxy]}
+        say "Authentication successful for #{domain}"
+      end
+
+      desc "share MESSAGE", "Posts a new message into socialcast"
+      method_option :url, :type => :string, :desc => '(optional) url to associate to the message'
+      method_option :message_type, :type => :string, :desc => '(optional) force an alternate message_type'
+      method_option :attachments, :type => :array, :default => []
+      method_option :group_id, :type => :numeric, :desc => "(optional) ID of group to post into"
+      def share(message = nil)
+        message ||= $stdin.read_nonblock(100_000) rescue nil
+
+        attachment_ids = []
+        options[:attachments].each do |path|
+          Dir[File.expand_path(path)].each do |attachment|
+            say "Uploading attachment #{attachment}..."
+            uploader = Socialcast::CommandLine.resource_for_path '/api/attachments', {}, options[:trace]
+            uploader.post({:attachment => File.new(attachment)}, {:accept => :json}) do |response, request, result|
+              if response.code == 201
+                attachment_ids << JSON.parse(response.body)['attachment']['id']
+              else
+                say "Error uploading attachment: #{response.body}"
+              end
+            end
+          end
+        end
+
+        ActiveResource::Base.logger = Logger.new(STDOUT) if options[:trace]
+        Socialcast::CommandLine::Message.configure_from_credentials
+        Socialcast::CommandLine::Message.create :body => message, :url => options[:url], :message_type => options[:message_type], :attachment_ids => attachment_ids, :group_id => options[:group_id]
+
+        say "Message has been shared"
+      end
+
+      desc 'provision', 'provision users from ldap compatible user repository'
+      method_option :config, :default => 'ldap.yml', :aliases => '-c', :desc => 'Path to ldap config file'
+      method_option :output, :default => Socialcast::CommandLine::Provision::DEFAULT_OUTPUT_FILE, :aliases => '-o', :desc => 'Name of the output file'
+      method_option :setup, :type => :boolean, :desc => 'Create an example ldap config file and exit'
+      method_option :delete_users_file, :type => :boolean, :desc => 'Delete the output file'
+      method_option :test, :type => :boolean, :desc => 'Do not persist changes'
+      method_option :skip_emails, :type => :boolean, :desc => 'Do not send signup emails to users'
+      method_option :force, :type => :boolean, :aliases => '-f', :default => false, :desc => 'Proceed with provisioning even if no users are found, which would deactivate all users in the community'
+      method_option :sanity_check, :type => :boolean, :default => false, :desc => 'Double check that users marked for termination really no longer exist'
+      method_option :plugins, :type => :array, :desc => "Pass in an array of plugins. Can be either the gem require or the absolute path to a ruby file"
+      def provision
+        config = ldap_config options
+        load_plugins options
+
+        Socialcast::CommandLine::Provision.new(config, options).provision
+
+      rescue Socialcast::CommandLine::Provision::ProvisionError => e
+        Kernel.abort e.message
+      end
+
+      desc 'sync_photos', 'Upload default avatar photos from LDAP repository'
+      method_option :config, :default => 'ldap.yml', :aliases => '-c'
+      def sync_photos
+        config = ldap_config options
+
+        Socialcast::CommandLine::Provision.new(config).sync_photos
+      end
+
+      no_tasks do
+        def load_plugins(options)
+          Array.wrap(options[:plugins]).each do |plugin|
+            begin
+              require plugin
+            rescue LoadError => e
+              fail "Unable to load #{plugin}: #{e}"
+            end
+          end
+        end
+
+        def ldap_config(options)
+          config_file = File.expand_path options[:config]
+
+          if options[:setup]
+            create_file config_file do
+              File.read File.join(File.dirname(__FILE__), '..', '..', '..', 'config', 'ldap.yml')
+            end
+            say "Created config file: #{config_file}"
+            Kernel.exit 0
+          end
+
+          fail "Unable to load configuration file: #{config_file}" unless File.exists?(config_file)
+          say "Using configuration file: #{config_file}"
+          config = YAML.load_file config_file
+
+          mappings = config.fetch 'mappings', {}
+          required_mappings = %w{email first_name last_name}
+          required_mappings.each do |field|
+            unless mappings.has_key? field
+              fail "Missing required mapping: #{field}"
+            end
+          end
+
+          config
+        end
+
+      end
+    end
+  end
+end

data/lib/socialcast/command_line/message.rb

@@ -0,0 +1,18 @@
+require 'active_resource'
+
+ActiveResource::Base.include_root_in_json = true
+
+module Socialcast
+  module CommandLine
+    class Message < ActiveResource::Base
+      headers['Accept'] = 'application/json'
+
+      def self.configure_from_credentials
+        Socialcast::CommandLine::Message.site = ['https://', Socialcast::CommandLine.credentials[:domain], '/api'].join
+        Socialcast::CommandLine::Message.proxy = Socialcast::CommandLine.credentials[:proxy] if Socialcast::CommandLine.credentials[:proxy]
+        Socialcast::CommandLine::Message.user = Socialcast::CommandLine.credentials[:user]
+        Socialcast::CommandLine::Message.password = Socialcast::CommandLine.credentials[:password]
+      end
+    end
+  end
+end

data/lib/socialcast/command_line/provision.rb

@@ -0,0 +1,330 @@
+require 'net/ldap'
+
+require 'zlib'
+require 'builder'
+require 'set'
+require 'fileutils'
+
+module Socialcast
+  module CommandLine
+    class Provision
+      DEFAULT_OUTPUT_FILE = 'users.xml.gz'
+
+      class ProvisionError < StandardError; end
+
+      def initialize(ldap_config, options = {})
+        @ldap_config = ldap_config.dup
+        @options = options.dup
+
+        @options[:output] ||= DEFAULT_OUTPUT_FILE
+      end
+
+      def each_user_hash
+        each_ldap_entry do |ldap, entry, attr_mappings, perm_mappings|
+          yield build_user_hash_from_mappings(ldap, entry, attr_mappings, perm_mappings)
+        end
+      end
+
+      def provision
+        http_config = @ldap_config.fetch 'http', {}
+
+        user_whitelist = Set.new
+        output_file = File.join Dir.pwd, @options[:output]
+
+        Zlib::GzipWriter.open(output_file) do |gz|
+          xml = Builder::XmlMarkup.new(:target => gz, :indent => 1)
+          xml.instruct!
+          xml.export do |export|
+            export.users(:type => "array") do |users|
+              each_user_hash do |user_hash|
+                users << user_hash.to_xml(:skip_instruct => true, :root => 'user')
+                user_whitelist << [user_hash['contact_info']['email'], user_hash['unique_identifier'], user_hash['employee_number']]
+              end
+            end # users
+          end # export
+        end # gzip
+
+        if @options[:sanity_check]
+          puts "Sanity checking users currently marked as needing to be terminated"
+          each_ldap_connection do |ldap_connection_name, connection, ldap|
+            attr_mappings = attribute_mappings(ldap_connection_name)
+            (current_socialcast_users(http_config) - user_whitelist).each do |user_identifiers|
+              combined_filters = []
+              ['email', 'unique_identifier', 'employee_number'].each_with_index do |identifier, index|
+                combined_filters << ((attr_mappings[identifier].blank? || user_identifiers[index].nil?) ? nil : Net::LDAP::Filter.eq(attr_mappings[identifier], user_identifiers[index]))
+              end
+              combined_filters.compact!
+              filter = ((combined_filters.size > 1) ? '(|%s)' : '%s') % combined_filters.join(' ')
+              filter = Net::LDAP::Filter.construct(filter) & Net::LDAP::Filter.construct(connection["filter"])
+              ldap_result = ldap.search(:return_result => true, :base => connection["basedn"], :filter => filter, :attributes => ldap_search_attributes(ldap_connection_name))
+              raise ProvisionError.new "Found user marked for termination that should not be terminated: #{user_identifiers}" unless ldap_result.blank?
+            end
+          end
+        end
+
+        if user_whitelist.empty? && !@options[:force]
+          raise ProvisionError.new "Skipping upload to Socialcast since no users were found"
+        else
+          puts "Uploading dataset to Socialcast..."
+          resource = Socialcast::CommandLine.resource_for_path '/api/users/provision', http_config
+          begin
+            File.open(output_file, 'r') do |file|
+              request_params = {:file => file}
+              request_params[:skip_emails] = 'true' if (@ldap_config['options']["skip_emails"] || @options[:skip_emails])
+              request_params[:test] = 'true' if (@ldap_config['options']["test"] || @options[:test])
+              resource.post request_params, :accept => :json
+            end
+          rescue RestClient::Unauthorized => e
+            raise ProvisionError.new "Authenticated user either does not have administration privileges or the community is not configured to allow provisioning. Please contact Socialcast support to if you need help." if e.http_code == 401
+          end
+          puts "Finished"
+        end
+        File.delete(output_file) if (@ldap_config['options']['delete_users_file'] || @options[:delete_users_file])
+      end
+
+      def sync_photos
+        http_config = @ldap_config.fetch 'http', {}
+
+        @ldap_config["connections"].keys.each do |ldap_connection_name|
+          attribute_mappings(ldap_connection_name).fetch('profile_photo')
+        end
+
+        search_users_resource = Socialcast::CommandLine.resource_for_path '/api/users/search', http_config
+
+        each_ldap_entry do |ldap, entry, attr_mappings, _|
+          email = grab(entry, attr_mappings['email'])
+          if profile_photo_data = grab(entry, attr_mappings['profile_photo'])
+            profile_photo_data = profile_photo_data.force_encoding('binary')
+
+            user_search_response = search_users_resource.get(:params => { :q => email, :per_page => 1 }, :accept => :json)
+            user_info = JSON.parse(user_search_response)['users'].first
+            if user_info && user_info['avatars'] && user_info['avatars']['is_system_default']
+              puts "Uploading photo for #{email}"
+
+              user_resource = Socialcast::CommandLine.resource_for_path "/api/users/#{user_info['id']}", http_config
+              content_type = case profile_photo_data
+              when Regexp.new("\AGIF8", nil, 'n')
+                'gif'
+              when Regexp.new('\A\x89PNG', nil, 'n')
+                'png'
+              when Regexp.new("\A\xff\xd8\xff\xe0\x00\x10JFIF", nil, 'n'), Regexp.new("\A\xff\xd8\xff\xe1(.*){2}Exif", nil, 'n')
+                'jpg'
+              else
+                puts "Skipping photo for #{email}: unknown image format (supports .gif, .png, .jpg)"
+                next
+              end
+
+              tempfile = Tempfile.new(["photo_upload", ".#{content_type}"])
+              tempfile.write(profile_photo_data)
+              tempfile.rewind
+              begin
+                user_resource.put({ :user => { :profile_photo => { :data => tempfile } } })
+              ensure
+                tempfile.unlink
+              end
+            end
+          end
+        end
+      end
+
+      private
+
+      def dereference_mail(entry, ldap_connection, dn_field, mail_attribute)
+        dn = grab(entry, dn_field)
+        ldap_connection.search(:base => dn, :scope => Net::LDAP::SearchScope_BaseObject) do |manager_entry|
+          return grab(manager_entry, mail_attribute)
+        end
+      end
+
+      def build_user_hash_from_mappings(ldap_connection, entry, attr_mappings, perm_mappings)
+        user_hash = HashWithIndifferentAccess.new
+        primary_attributes = %w{unique_identifier first_name last_name employee_number}
+        primary_attributes.each do |attribute|
+          next unless attr_mappings.has_key?(attribute)
+          user_hash[attribute] = grab(entry, attr_mappings[attribute])
+        end
+
+        contact_attributes = %w{email location cell_phone office_phone}
+        user_hash['contact_info'] = {}
+        contact_attributes.each do |attribute|
+          next unless attr_mappings.has_key?(attribute)
+          user_hash['contact_info'][attribute] = grab(entry, attr_mappings[attribute])
+        end
+
+        custom_attributes = attr_mappings.keys - (primary_attributes + contact_attributes)
+
+        user_hash['custom_fields'] = []
+        custom_attributes.each do |attribute|
+          if attribute == 'manager'
+            user_hash['custom_fields'] << { 'id' => 'manager_email', 'label' => 'manager_email', 'value' => dereference_mail(entry, ldap_connection, attr_mappings[attribute], attr_mappings['email']) }
+          else
+            user_hash['custom_fields'] << { 'id' => attribute, 'label' => attribute, 'value' => grab(entry, attr_mappings[attribute]) }
+          end
+        end
+
+        membership_attribute = perm_mappings.fetch 'attribute_name', 'memberof'
+        memberships = entry[membership_attribute]
+        external_ldap_groups = Array.wrap(perm_mappings.fetch('account_types', {})['external'])
+        if external_ldap_groups.any? { |external_ldap_group| memberships.include?(external_ldap_group) }
+          user_hash['account_type'] = 'external'
+        else
+          user_hash['account_type'] = 'member'
+          if permission_roles_mappings = perm_mappings['roles']
+            user_hash['roles'] = []
+            permission_roles_mappings.each_pair do |socialcast_role, ldap_groups|
+              Array.wrap(ldap_groups).each do |ldap_group|
+                if memberships.include?(ldap_group)
+                  user_hash['roles'] << socialcast_role
+                  break
+                end
+              end
+            end
+          end
+        end
+
+        user_hash
+      end
+
+
+      def each_ldap_entry(&block)
+        count = 0
+
+        each_ldap_connection do |ldap_connection_name, connection, ldap|
+          attr_mappings = attribute_mappings(ldap_connection_name)
+          perm_mappings = permission_mappings(ldap_connection_name)
+          ldap.search(:return_result => false, :filter => connection["filter"], :base => connection["basedn"], :attributes => ldap_search_attributes(ldap_connection_name)) do |entry|
+            if grab(entry, attr_mappings["email"]).present? || (attr_mappings.has_key?("unique_identifier") && grab(entry, attr_mappings["unique_identifier"]).present?)
+              yield ldap, entry, attr_mappings, perm_mappings
+            end
+
+            count += 1
+            puts "Scanned #{count} users" if ((count % 100) == 0)
+          end
+        end
+        puts "Finished scanning #{count} users"
+      end
+
+
+      def each_ldap_connection
+        @ldap_config["connections"].each_pair do |ldap_connection_name, connection|
+          puts "Connecting to #{ldap_connection_name} at #{[connection["host"], connection["port"]].join(':')}"
+          ldap = create_ldap_instance(connection)
+          puts "Searching base DN: #{connection["basedn"]} with filter: #{connection["filter"]}"
+          yield ldap_connection_name, connection, ldap
+        end
+      end
+
+      def create_ldap_instance(connection)
+        ldap = Net::LDAP.new :host => connection["host"], :port => connection["port"], :base => connection["basedn"]
+        ldap.encryption connection['encryption'].to_sym if connection['encryption']
+        ldap.auth connection["username"], connection["password"]
+        ldap
+      end
+
+      def ldap_search_attributes(ldap_connection_name)
+        attr_mappings = attribute_mappings(ldap_connection_name)
+        perm_mappings = permission_mappings(ldap_connection_name)
+
+        membership_attribute = perm_mappings.fetch 'attribute_name', 'memberof'
+        attributes = attr_mappings.values.map do |mapping_value|
+          value = begin
+            mapping_value.camelize.constantize
+          rescue NameError
+            mapping_value
+          end
+
+          case value
+          when Hash
+            dup_mapping_value = value.dup
+            dup_mapping_value.delete("value")
+            dup_mapping_value.values
+          when String
+            value
+          when Class, Module
+            if value.respond_to?(:attributes)
+              value.attributes
+            else
+              mapping_value
+            end
+          end
+        end.flatten
+        attributes << membership_attribute
+      end
+
+      def current_socialcast_users(http_config)
+        current_socialcast_list = Set.new
+        request_params = {:per_page => 500}
+        request_params[:page] = 1
+        resource = create_socialcast_user_index_request(http_config, request_params)
+        loop do
+          response = resource.get :accept => :json
+          result = JSON.parse(response)
+          users = result["users"]
+          break if users.blank?
+          request_params[:page] += 1
+          resource = create_socialcast_user_index_request(http_config, request_params)
+          users.each do |user|
+            current_socialcast_list << [user['contact_info']['email'], user['company_login'], user['employee_number']]
+          end
+        end
+        current_socialcast_list
+      end
+
+      def create_socialcast_user_index_request(http_config, request_params)
+        path_template = "/api/users?per_page=%{per_page}&page=%{page}"
+        Socialcast::CommandLine.resource_for_path((path_template % request_params), http_config)
+      end
+
+      def attribute_mappings(connection_name)
+        @attribute_mappings ||= {}
+
+        unless @attribute_mappings[connection_name]
+          @attribute_mappings[connection_name] = @ldap_config['connections'][connection_name].fetch 'mappings', nil
+          @attribute_mappings[connection_name] ||= @ldap_config.fetch 'mappings', {}
+        end
+
+        @attribute_mappings[connection_name]
+      end
+
+      def permission_mappings(connection_name)
+        @permission_mappings ||= {}
+
+        unless @permission_mappings[connection_name]
+          @permission_mappings[connection_name] = @ldap_config['connections'][connection_name].fetch 'permission_mappings', nil
+          @permission_mappings[connection_name] ||= @ldap_config.fetch 'permission_mappings', {}
+        end
+
+        @permission_mappings[connection_name]
+      end
+
+      # grab a *single* value of an attribute
+      # abstracts away ldap multivalue attributes
+      def grab(entry, attribute)
+        const_attribute = begin
+          attribute.camelize.constantize
+        rescue NameError
+          attribute
+        end
+
+        case const_attribute
+        when Hash
+          dup_attribute = const_attribute.dup
+          value = dup_attribute.delete("value")
+          sprintf value, Hash[dup_attribute.map { |k, v| [k, grab(entry, v)] }].symbolize_keys
+        when String
+          normalize_ldap_value(entry, attribute)
+        when Class, Module
+          if const_attribute.respond_to?(:run)
+            const_attribute.run(entry)
+          else
+            normalize_ldap_value(entry, attribute)
+          end
+        end
+      end
+
+      def normalize_ldap_value(entry, attribute)
+        Array.wrap(entry[attribute]).compact.first
+      end
+    end
+  end
+end