RubyGems - strongdm - Versions diffs - 1.0.5 → 1.0.7 - Mend

strongdm 1.0.5 → 1.0.7

Files changed (110) hide show

checksums.yaml +4 -4
data/doc/Object.html +324 -1
data/doc/SDM/AKS.html +2 -2
data/doc/SDM/AKSBasicAuth.html +2 -2
data/doc/SDM/AKSServiceAccount.html +2 -2
data/doc/SDM/AccountAttachment.html +2 -2
data/doc/SDM/AccountAttachmentCreateResponse.html +2 -2
data/doc/SDM/AccountAttachmentDeleteResponse.html +2 -2
data/doc/SDM/AccountAttachmentGetResponse.html +2 -2
data/doc/SDM/AccountAttachments.html +4 -6
data/doc/SDM/AccountCreateResponse.html +2 -2
data/doc/SDM/AccountDeleteResponse.html +2 -2
data/doc/SDM/AccountGetResponse.html +2 -2
data/doc/SDM/AccountGrant.html +2 -2
data/doc/SDM/AccountGrantCreateResponse.html +2 -2
data/doc/SDM/AccountGrantDeleteResponse.html +2 -2
data/doc/SDM/AccountGrantGetResponse.html +2 -2
data/doc/SDM/AccountGrants.html +5 -5
data/doc/SDM/AccountUpdateResponse.html +2 -2
data/doc/SDM/Accounts.html +6 -6
data/doc/SDM/AmazonEKS.html +2 -2
data/doc/SDM/AmazonES.html +2 -2
data/doc/SDM/Athena.html +2 -2
data/doc/SDM/AuroraMysql.html +2 -2
data/doc/SDM/AuroraPostgres.html +2 -2
data/doc/SDM/BigQuery.html +2 -2
data/doc/SDM/Cassandra.html +2 -2
data/doc/SDM/Citus.html +2 -2
data/doc/SDM/Clustrix.html +2 -2
data/doc/SDM/Cockroach.html +2 -2
data/doc/SDM/DB2.html +2 -2
data/doc/SDM/Druid.html +2 -2
data/doc/SDM/DynamoDB.html +2 -2
data/doc/SDM/Elastic.html +2 -2
data/doc/SDM/ElasticacheRedis.html +2 -2
data/doc/SDM/Gateway.html +2 -2
data/doc/SDM/GoogleGKE.html +2 -2
data/doc/SDM/Greenplum.html +2 -2
data/doc/SDM/HTTPAuth.html +2 -2
data/doc/SDM/HTTPBasicAuth.html +2 -2
data/doc/SDM/HTTPNoAuth.html +2 -2
data/doc/SDM/Kubernetes.html +2 -2
data/doc/SDM/KubernetesBasicAuth.html +2 -2
data/doc/SDM/KubernetesServiceAccount.html +2 -2
data/doc/SDM/Maria.html +2 -2
data/doc/SDM/Memcached.html +2 -2
data/doc/SDM/Memsql.html +2 -2
data/doc/SDM/MongoHost.html +2 -2
data/doc/SDM/MongoLegacyHost.html +2 -2
data/doc/SDM/MongoLegacyReplicaset.html +2 -2
data/doc/SDM/MongoReplicaSet.html +2 -2
data/doc/SDM/Mysql.html +2 -2
data/doc/SDM/NodeCreateResponse.html +2 -2
data/doc/SDM/NodeDeleteResponse.html +2 -2
data/doc/SDM/NodeGetResponse.html +2 -2
data/doc/SDM/NodeUpdateResponse.html +2 -2
data/doc/SDM/Nodes.html +6 -6
data/doc/SDM/Oracle.html +2 -2
data/doc/SDM/Plumbing.html +349 -509
data/doc/SDM/Postgres.html +2 -2
data/doc/SDM/Presto.html +2 -2
data/doc/SDM/RDP.html +2 -2
data/doc/SDM/Redis.html +2 -2
data/doc/SDM/Redshift.html +2 -2
data/doc/SDM/Relay.html +2 -2
data/doc/SDM/ResourceCreateResponse.html +2 -2
data/doc/SDM/ResourceDeleteResponse.html +2 -2
data/doc/SDM/ResourceGetResponse.html +2 -2
data/doc/SDM/ResourceUpdateResponse.html +2 -2
data/doc/SDM/Resources.html +6 -6
data/doc/SDM/Role.html +2 -2
data/doc/SDM/RoleAttachment.html +2 -2
data/doc/SDM/RoleAttachmentCreateResponse.html +2 -2
data/doc/SDM/RoleAttachmentDeleteResponse.html +2 -2
data/doc/SDM/RoleAttachmentGetResponse.html +2 -2
data/doc/SDM/RoleAttachments.html +5 -5
data/doc/SDM/RoleCreateResponse.html +2 -2
data/doc/SDM/RoleDeleteResponse.html +2 -2
data/doc/SDM/RoleGetResponse.html +2 -2
data/doc/SDM/RoleGrant.html +2 -2
data/doc/SDM/RoleGrantCreateResponse.html +2 -2
data/doc/SDM/RoleGrantDeleteResponse.html +2 -2
data/doc/SDM/RoleGrantGetResponse.html +2 -2
data/doc/SDM/RoleGrants.html +5 -5
data/doc/SDM/RoleUpdateResponse.html +2 -2
data/doc/SDM/Roles.html +6 -6
data/doc/SDM/SQLServer.html +2 -2
data/doc/SDM/SSH.html +2 -2
data/doc/SDM/SSHCert.html +2 -2
data/doc/SDM/Service.html +2 -2
data/doc/SDM/Snowflake.html +2 -2
data/doc/SDM/Sybase.html +2 -2
data/doc/SDM/SybaseIQ.html +2 -2
data/doc/SDM/Teradata.html +2 -2
data/doc/SDM/User.html +2 -2
data/doc/V1.html +0 -5
data/doc/created.rid +38 -36
data/doc/index.html +0 -2
data/doc/js/search_index.js +1 -1
data/doc/js/search_index.js.gz +0 -0
data/doc/lib/version.html +1 -1
data/doc/table_of_contents.html +118 -143
data/examples/ldap-sync/ldapSync.rb +290 -0
data/lib/grpc/account_attachments_pb.rb +0 -5
data/lib/grpc/plumbing.rb +0 -34
data/lib/models/porcelain.rb +0 -23
data/lib/svc.rb +0 -2
data/lib/version +1 -1
data/lib/version.rb +1 -1
metadata +17 -15

data/examples/ldap-sync/ldapSync.rb ADDED

@@ -0,0 +1,290 @@
+# Copyright 2020 StrongDM Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require "yaml"
+require "strongdm"
+require "net/ldap"
+require "optparse"
+require "logger"
+# This script reads from an LDAP server and does the following writes in StrongDM:
+# - creates roles for each configured organizational unit (OU)
+# - creates accounts for users in those OUs
+# - attaches those accounts to their corresponding roles
+# - grants resources to these roles based on configured filters
+# - detaches accounts from roles, deletes accounts, and deletes grants as necessary
+# IMPORTANT CAVEATS:
+# - this script can pull existing StrongDM users into its purview. then, if the
+#   user is removed from LDAP, it will delete the user.
+# - if you need to delete an entire role / OU, you'll need to do it manually.
+#   this script does not touch roles that are not in the config file.
+# Example config file:
+# organizationalUnits:
+#   - dn: OU=Other-OU,DC=j42,DC=xyz
+#     role: Other-OU
+#     resources:
+#       - name:*Other-OU*
+#       - name:*Multi*
+#   - dn: OU=admins,DC=j42,DC=xyz
+#     role: admins
+#     resources:
+#       - name:*admins*
+#   - dn: OU=People,DC=j42,DC=xyz
+#     role: People
+#     resources:
+#       - name:*People*
+SDM_API_ACCESS_KEY = ENV.fetch("SDM_API_ACCESS_KEY", "")
+SDM_API_SECRET_KEY = ENV.fetch("SDM_API_SECRET_KEY", "")
+LDAP_HOST = ENV.fetch("LDAP_HOST", "")
+LDAP_BIND_DN = ENV.fetch("LDAP_BIND_DN", "")
+LDAP_PASSWORD = ENV.fetch("LDAP_PASSWORD", "")
+# gets the first item in a list or generator
+def first(attrib)
+  result = nil
+  attrib.each do |item|
+    if result == nil
+      result = item
+    end
+  end
+  result
+end
+def ldap_sync
+  if SDM_API_ACCESS_KEY == "" || SDM_API_SECRET_KEY == "" || LDAP_BIND_DN == ""
+    puts "SDM_API_ACCESS_KEY, SDM_API_SECRET_KEY, and LDAP_BIND_DN must be set"
+    exit 1
+  end
+  plan = false
+  verbose = false
+  configPath = "config.yml"
+  OptionParser.new do |opts|
+    opts.banner = "Usage ldapSync.rb [options]"
+    opts.on("-p", "--plan", "calculate changes but do not apply them") do |p|
+      plan = p
+    end
+    opts.on("-v", "--verbose", "print detailed report") do |v|
+      verbose = v
+    end
+    opts.on("-c", "--config FILE", "specify path to config YAML file (default: 'config.yml')") do |v|
+      configPath = v
+    end
+  end.parse!
+  begin
+    config = YAML.load(File.read(configPath))
+  rescue StandardError => ex
+    raise ex, "failed to parse #{configPath}"
+  end
+  begin
+    sdmClient = SDM::Client.new(SDM_API_ACCESS_KEY, SDM_API_SECRET_KEY, host: "api.strongdmdev.com:443")
+  rescue SDM::RPCError => ex
+    raise ex, "failed to create StrongDM client"
+  end
+  ldap = Net::LDAP.new
+  ldap.host = LDAP_HOST
+  ldap.auth LDAP_BIND_DN, LDAP_PASSWORD
+  if not ldap.bind
+    puts "failed to bind LDAP connection - authentication error"
+    exit 1
+  end
+  sdmRoles = {} # map of name to ID
+  sdmAccounts = {} # map of email to id
+  sdmResources = {} # map of ID to name
+  sdmAccountsById = {} # map of id to { :email, :firstName, :lastName }
+  sdmAccountsWithAttachments = {} # map of email to id of all accounts that are in the roles we're interested in
+  sdmAccountAttachments = {} # map of role name to list of emails
+  sdmRoleGrants = {} # map of role name to list of { :resourceId, :grantId }
+  ldapRoles = [] # list of names
+  ldapAccounts = {} # map of email to { :firstName, :lastName }
+  ldapAccountAttachments = {} # map of role name to list of emails
+  desiredRoleGrants = {} # map of role name to list of resource IDs
+  # get SDM accounts
+  sdmClient.accounts.list("").each do |account|
+    sdmAccounts[account.email] = account.id
+    sdmAccountsById[account.id] = { :email => account.email, :firstName => account.first_name, :lastName => account.last_name }
+  end
+  # get SDM resources
+  sdmClient.resources.list("").each do |resource|
+    sdmResources[resource.id] = resource.name
+  end
+  # loop through OUs
+  config["organizationalUnits"].each do |ou|
+    # get SDM state for this OU
+    role = first(sdmClient.roles.list("name:?", ou["role"]))
+    if role
+      sdmRoles[role.name] = role.id
+      # get accounts attached to this role
+      accountEmails = []
+      sdmClient.account_attachments.list("roleid:?", role.id).each do |attachment|
+        sdmAccount = sdmAccountsById[attachment.account_id]
+        email = sdmAccount[:email]
+        sdmAccountsWithAttachments[email] = attachment.account_id
+        accountEmails.push(email)
+      end
+      sdmAccountAttachments[role.name] = accountEmails
+      # get resources granted to this role
+      roleGrants = []
+      sdmClient.role_grants.list("roleid:?", role.id).each do |grant|
+        roleGrants.push({ :resourceId => grant.resource_id, :grantId => grant.id })
+      end
+      sdmRoleGrants[role.name] = roleGrants
+      # get resources that we want to grant to this role
+      filteredResources = {} # map of resource ID to true (to prevent duplicates)
+      filters = ou["resources"] # list of filter strings
+      if filters
+        filters.each do |filter|
+          sdmClient.resources.list(filter).each do |resource|
+            filteredResources[resource.id] = true
+          end
+        end
+        desiredRoleGrants[role.name] = filteredResources.keys
+      end
+    end
+    # get LDAP state for this OU
+    ldapRoles.push(ou["role"].to_s)
+    roleAccounts = []
+    ldap.search(:base => ou["dn"], :filter => Net::LDAP::Filter.eq("objectclass", "user"), :return_result => false) do |entry|
+      ldapAccounts[first(entry.mail).to_s] = {
+        :firstName => first(entry.givenname).to_s,
+        :lastName => first(entry.sn).to_s,
+      }
+      roleAccounts.push(first(entry.mail).to_s)
+    end
+    ldapAccountAttachments[ou["role"].to_s] = roleAccounts
+  end
+  # compute diff
+  report = {
+    :createRoles => [],
+    :deleteAccounts => [],
+    :updateAccounts => [],
+    :createAccounts => [],
+    :createAccountAttachments => [],
+    :deleteAccountAttachments => [],
+    :deleteRoleGrants => [],
+    :createRoleGrants => [],
+  }
+  # createRoles
+  ldapRoles.each do |roleName|
+    next if sdmRoles[roleName]
+    report[:createRoles].push(roleName)
+    next if plan
+    response = sdmClient.roles.create(SDM::Role.new(name: roleName))
+    sdmRoles[roleName] = response.role.id
+  end
+  # deleteAccounts
+  sdmAccountsWithAttachments.each do |email, id|
+    next if ldapAccounts[email]
+    report[:deleteAccounts].push(email)
+    next if plan
+    sdmClient.accounts.delete(id)
+  end
+  # updateAccounts
+  sdmAccountsWithAttachments.each do |email, id|
+    ldapAccount = ldapAccounts[email]
+    next if not ldapAccount
+    sdmAccount = sdmAccountsById[id]
+    next if sdmAccount[:firstName] == ldapAccount[:firstName] and sdmAccount[:lastName] == ldapAccount[:lastName]
+    report[:updateAccounts].push(email)
+    next if plan
+    sdmClient.accounts.update(SDM::User.new(id: id, first_name: ldapAccount[:firstName], last_name: ldapAccount[:lastName]))
+  end
+  # createAccounts
+  ldapAccounts.each do |email, account|
+    next if sdmAccounts[email]
+    report[:createAccounts].push(email)
+    next if plan
+    response = sdmClient.accounts.create(SDM::User.new(email: email, first_name: account[:firstName], last_name: account[:lastName]))
+    sdmAccounts[response.account.email] = response.account.id
+  end
+  # deleteAccountAttachments
+  sdmAccountAttachments.each do |roleName, accounts|
+    roleId = sdmRoles[roleName]
+    ldapAccountsInRole = ldapAccountAttachments[roleName]
+    accounts.each do |email|
+      next if ldapAccountsInRole and ldapAccountsInRole.include? email
+      report[:deleteAccountAttachments].push({ :role => roleName, :account => email })
+      next if plan
+      accountId = sdmAccounts[email]
+      attachment = first(sdmClient.account_attachments.list("accountid:? roleid:?", accountId, roleId))
+      next if not attachment # already deleted by the deleteAccounts step
+      sdmClient.account_attachments.delete(attachment.id)
+    end
+  end
+  # createAccountAttachments
+  ldapAccountAttachments.each do |roleName, accounts|
+    roleId = sdmRoles[roleName]
+    sdmAccountsInRole = sdmAccountAttachments[roleName]
+    accounts.each do |email|
+      next if sdmAccountsInRole and sdmAccountsInRole.include? email
+      report[:createAccountAttachments].push({ :role => roleName, :account => email })
+      accountId = sdmAccounts[email]
+      next if plan
+      sdmClient.account_attachments.create(SDM::AccountAttachment.new(account_id: accountId, role_id: roleId))
+    end
+  end
+  # deleteRoleGrants
+  sdmRoleGrants.each do |roleName, roleGrants|
+    desired = desiredRoleGrants[roleName]
+    roleGrants.each do |grant|
+      next if desired and desired.include? grant[:resourceId]
+      resourceName = sdmResources[grant[:resourceId]]
+      report[:deleteRoleGrants].push({ :role => roleName, :resource => resourceName })
+      next if plan
+      sdmClient.role_grants.delete(grant[:grantId])
+    end
+  end
+  # createRoleGrants
+  desiredRoleGrants.each do |roleName, roleGrants|
+    roleId = sdmRoles[roleName]
+    existing = sdmRoleGrants[roleName]
+    roleGrants.each do |resourceId|
+      next if existing and existing.find { |existingGrant| existingGrant[:resourceId] == resourceId }
+      resourceName = sdmResources[resourceId]
+      report[:createRoleGrants].push({ :role => roleName, :resource => resourceName })
+      next if plan
+      sdmClient.role_grants.create(SDM::RoleGrant.new(role_id: roleId, resource_id: resourceId))
+    end
+  end
+  if verbose
+    puts JSON.pretty_generate(report)
+  else
+    puts "Create #{report[:createRoles].length} roles"
+    puts "Delete #{report[:deleteAccounts].length} accounts"
+    puts "Create #{report[:createAccounts].length} accounts"
+    puts "Delete #{report[:deleteAccountAttachments].length} account attachments"
+    puts "Create #{report[:createAccountAttachments].length} account attachments"
+    puts "Delete #{report[:deleteRoleGrants].length} role grants"
+    puts "Create #{report[:createRoleGrants].length} role grants"
+  end
+end
+ldap_sync

data/lib/grpc/account_attachments_pb.rb CHANGED

@@ -26,10 +26,6 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
     add_message "v1.AccountAttachmentCreateRequest" do
       optional :meta, :message, 1, "v1.CreateRequestMetadata"
       optional :account_attachment, :message, 2, "v1.AccountAttachment"
-      optional :options, :message, 3, "v1.AccountAttachmentCreateOptions"
-    end
-    add_message "v1.AccountAttachmentCreateOptions" do
-      optional :overwrite, :bool, 1
     end
     add_message "v1.AccountAttachmentCreateResponse" do
       optional :meta, :message, 1, "v1.CreateResponseMetadata"
@@ -72,7 +68,6 @@ end
 module V1
   AccountAttachmentCreateRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccountAttachmentCreateRequest").msgclass
-  AccountAttachmentCreateOptions = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccountAttachmentCreateOptions").msgclass
   AccountAttachmentCreateResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccountAttachmentCreateResponse").msgclass
   AccountAttachmentGetRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccountAttachmentGetRequest").msgclass
   AccountAttachmentGetResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("v1.AccountAttachmentGetResponse").msgclass

data/lib/grpc/plumbing.rb CHANGED

@@ -258,40 +258,6 @@ module SDM
       end
       items
     end
-    def self.convert_account_attachment_create_options_to_porcelain(plumbing)
-      if plumbing == nil
-        return nil
-      end
-      porcelain = AccountAttachmentCreateOptions.new()
-      porcelain.overwrite = (plumbing.overwrite)
-      porcelain
-    end
-    def self.convert_account_attachment_create_options_to_plumbing(porcelain)
-      if porcelain == nil
-        return nil
-      end
-      plumbing = V1::AccountAttachmentCreateOptions.new()
-      plumbing.overwrite = (porcelain.overwrite) unless porcelain.overwrite == nil
-      plumbing
-    end
-    def self.convert_repeated_account_attachment_create_options_to_plumbing(porcelains)
-      items = Array.new
-      porcelains.each do |porcelain|
-        plumbing = convert_account_attachment_create_options_to_plumbing(porcelain)
-        items.append(plumbing)
-      end
-      items
-    end
-    def self.convert_repeated_account_attachment_create_options_to_porcelain(plumbings)
-      items = Array.new
-      plumbings.each do |plumbing|
-        porcelain = convert_account_attachment_create_options_to_porcelain(plumbing)
-        items.append(porcelain)
-      end
-      items
-    end
     def self.convert_account_attachment_create_response_to_porcelain(plumbing)
       if plumbing == nil
         return nil

data/lib/models/porcelain.rb CHANGED

@@ -115,29 +115,6 @@ module SDM
     end
   end
-  # AccountAttachmentCreateOptions specifies extra options for creating an
-  # AccountAttachment.
-  class AccountAttachmentCreateOptions
-    # Overwrite clears all account grants before the attachment.
-    attr_accessor :overwrite
-    def initialize(
-      overwrite: nil
-    )
-      if overwrite != nil
-        @overwrite = overwrite
-      end
-    end
-    def to_json(options = {})
-      hash = {}
-      self.instance_variables.each do |var|
-        hash[var.id2name.delete_prefix("@")] = self.instance_variable_get var
-      end
-      hash.to_json
-    end
-  end
   # AccountAttachmentCreateResponse reports how the AccountAttachments were created in the system.
   class AccountAttachmentCreateResponse
     # Reserved for future use.

data/lib/svc.rb CHANGED

@@ -43,13 +43,11 @@ module SDM
     # Create registers a new AccountAttachment.
     def create(
       account_attachment,
-      options: nil,
       deadline: nil
     )
       req = V1::AccountAttachmentCreateRequest.new()
       req.account_attachment = Plumbing::convert_account_attachment_to_plumbing(account_attachment)
-      req.options = Plumbing::convert_account_attachment_create_options_to_plumbing(options)
       tries = 0
       plumbing_response = nil
       loop do

data/lib/version CHANGED

@@ -13,5 +13,5 @@
 # limitations under the License.
 #
 module SDM
-  VERSION = "1.0.5"
+  VERSION = "1.0.7"
 end

data/lib/version.rb CHANGED

@@ -13,5 +13,5 @@
 # limitations under the License.
 #
 module SDM
-  VERSION = "1.0.5"
+  VERSION = "1.0.7"
 end

metadata CHANGED

@@ -1,73 +1,73 @@
 --- !ruby/object:Gem::Specification
 name: strongdm
 version: !ruby/object:Gem::Version
-  version: 1.0.5
+  version: 1.0.7
 platform: ruby
 authors:
 - strongDM Team
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-06-09 00:00:00.000000000 Z
+date: 2020-06-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: grpc
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.27.0
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.27.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.27.0
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.27.0
 - !ruby/object:Gem::Dependency
   name: grpc-tools
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.27.0
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.27.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.27.0
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.27.0
 - !ruby/object:Gem::Dependency
   name: openssl
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 2.1.2
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 2.1.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 2.1.2
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 2.1.2
 description: strongDM Ruby Library for automating interactions with strongDM.
@@ -267,6 +267,7 @@ files:
 - examples/Gemfile
 - examples/Gemfile.lock
 - examples/README.md
+- examples/ldap-sync/ldapSync.rb
 - examples/listUsers.rb
 - examples/okta-sync/Gemfile
 - examples/okta-sync/Gemfile.lock
@@ -321,7 +322,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.3.6
 requirements: []
-rubygems_version: 3.0.3
+rubyforge_project:
+rubygems_version: 2.7.6
 signing_key:
 specification_version: 4
 summary: strongDM SDK for the Ruby programming language.