ucert 0.2.57

data/demos/filter_email.rb

@@ -0,0 +1,19 @@
+##################################################
+# Search the AD cache, filter out the DN obj by email first, then filter out the SAM account ID by DN
+# Usage: ruby filter_email.rb [file_emails]
+# file_emails contains a list of emails one entry per line
+
+require "ucert"
+
+k=Ucert::AdTracker.new(:verbose=>false)
+File.open(ARGV[0],'r').each do |line|
+  #puts "Processing: #{line}"
+  email=line.chomp.strip
+  my_dn=k.ad_search_by_text(email,"person")
+  my_record=k.get_ad_record(my_dn)
+  my_id=k.get_sam_id(my_dn)
+  my_name=k.get_cn(my_dn)
+  my_department=k.get_department(my_dn)
+
+  puts my_id
+end

data/demos/idm_ad_reload.rb

@@ -0,0 +1,164 @@
+#!/usr/bin/env ruby
+#--
+# ucert
+#
+# A  Ruby library for enterprise user account certification / recertification / audit project
+#
+# Copyright (c)  CMBNY Risk Department
+#++
+
+# A server side script designed to automatically update the 'cyber_idm' application's 'ad_users'
+#    and 'ad_computers' tables in a scheduled time-table
+# Usage:
+# =>  ruby idm_ad_reload.rb -h 
+
+require 'optparse'
+require 'ostruct'
+require "ucert"
+require "sequel"
+require "yaml"
+
+class CmdOptions
+    # Returen an OpenStruct describing the command line options
+  def self.parse(args)
+    @options = OpenStruct.new # OpenStruct is a structure like hash table
+    @options.verbose = false # verbose and banner are key and value
+    @options.banner = "Usage: #{__FILE__} -h"
+    @version = ["0","1"]    # Program version information
+    @last_change = "03/14/2016"
+    opt_parser = OptionParser.new do |opts|
+
+      # Boolean switch for the verbose mode switch
+      opts.on("-v", "--[no-]verbose", "Verbose Mode") do |v|
+        @options.verbose = v
+      end
+
+      # Command switch for configuration file
+      opts.on("-lYML", "--ldap=YML", "Ldap YML Configuration File") do |l|
+        @options.ldap = l
+      end
+
+      # Command switch for configuration file
+      opts.on("-dYML", "--db=YML", "Database YML Configuration File") do |d|
+        @options.db = d
+      end
+
+      # Displaying help.
+      opts.on("-h", "--help", "Display Help") do |v|
+        puts opts
+        exit
+      end
+
+      # Another typical switch to print the version.
+      opts.on_tail("-V","--version", String, "Show Program Version") do
+        @options.version = "Program Version: #{@version.join('.')}; Last Modification: #{@last_change}"
+        puts @options.version
+        exit
+      end
+    end
+    opt_parser.parse!(args)
+    puts "Captured Command Line Arguments: #{@options}" if @options.verbose
+    return @options
+  end
+end
+
+##########################################################################
+###                              Main                                  ###
+##########################################################################
+# Command line arguments structure
+@options=CmdOptions.parse(ARGV)
+
+ldap_yml = @options.ldap || "/home/liyang138/cyber_idm/config/ldap.yml"
+db_yml = @options.db || "/home/liyang138/cyber_idm/config/database.yml"
+
+# Step 1 - Read the AD connecting db string from the 'cyber_idm' configuration file 'ldap.yml'
+ldap_env = YAML.load_file(ldap_yml)[ENV['RAILS_ENV'] || 'development']
+db_env = YAML.load_file(db_yml)[ENV['RAILS_ENV'] || 'development']
+
+# Step 2 -  Update the local cache database for AD
+puts "Update AD local cache by using openldap connector ..."
+ny_ad=Ucert::AdTracker.new(:verbose=>@options.verbose)
+ny_ad.ldap_connector="openldap"
+ny_ad.ldap_connector_id=ldap_env["admin_user"]
+ny_ad.ldap_connector_pass=ldap_env["admin_password"]
+ny_ad.update_ad_cache("person")
+ny_ad.update_ad_cache("computer")
+# reload
+ny_ad.parse_openldap_cache("person")
+ny_ad.parse_openldap_cache("computer")
+puts "Done update AD cache."
+
+# Step 3 - connect to the 'cyber_idm' DB
+db = Sequel.connect(:adapter => db_env["adapter"], :user => db_env["username"], :password => db_env["password"], :host => db_env["host"] , :database => db_env["database"])
+
+# Step 4 - Reload the 'ad_users' table
+puts "\n\nReload ad_users table ..."
+db[:ad_users].truncate
+ad_user_table = db[:ad_users]
+my_users = Hash.new
+ny_ad.ad_person_records.keys.map do |my_dn|
+  my_sam_id=ny_ad.get_dn_attribute("person",my_dn,"sAMAccountName")
+  my_email=ny_ad.get_dn_attribute("person",my_dn,"mail")
+  my_name=ny_ad.get_cn(my_dn)
+  my_dept=ny_ad.get_dn_attribute("person",my_dn,"department")
+  my_acct_code=ny_ad.get_dn_attribute("person",my_dn,"userAccountControl")
+  my_acct_status=ny_ad.cntl_code_2_property_flag(my_acct_code)
+  my_workstations=ny_ad.get_dn_attribute("person",my_dn,"userWorkstations")
+  my_membership=ny_ad.get_dn_attributes("person",my_dn,"memberOf")
+  my_users[my_dn] = Hash.new
+  my_users[my_dn]['DN'] = my_dn
+  my_users[my_dn]['NAME'] = my_name
+  my_users[my_dn]['SAM'] = my_sam_id
+  my_users[my_dn]['EMAIL'] = my_email
+  my_users[my_dn]['DEPARTMENT'] = my_dept
+  my_users[my_dn]['ACCOUNT_STATUS'] = my_acct_status
+  my_users[my_dn]['WORKSTATION'] = my_workstations
+  my_users[my_dn]['MEMBERSHIP'] = my_membership
+end
+my_users.values.map do |record|
+  puts "Insert record into ad_users table: #{record}" if @verbose
+  if ad_user_table.insert(:dn => record['DN'].to_s, :name => record['NAME'].to_s, :sam => record['SAM'].to_s, :email => record['EMAIL'].to_s, :department => record['DEPARTMENT'].to_s, :account_status => record['ACCOUNT_STATUS'].to_s, :work_station_info => record['WORKSTATION'].to_s, :membership => record['MEMBERSHIP'].to_s)
+    puts "Success!" if @verbose
+  else
+    puts "Insert fail. " if @verbose
+  end
+end
+puts "Done reload ad_users."
+
+# Step 5 - Reload the 'ad_computers' table
+puts "\n\nReload ad_computers table ..."
+db[:ad_computers].truncate
+ad_computer_table = db[:ad_computers]
+my_computers = Hash.new
+ny_ad.ad_computer_records.keys.map do |my_dn|
+  my_sam_id=ny_ad.get_dn_attribute("computer",my_dn,"sAMAccountName")
+  my_os=ny_ad.get_os_info(my_dn)
+  my_host=ny_ad.get_dn_attribute("computer",my_dn,"dNSHostName")
+  if ny_ad.known_hosts.key?(my_host)
+    my_ip=ny_ad.known_hosts[my_host]
+  else
+    my_ip=ny_ad.nslookup(my_host)
+    ny_ad.known_hosts[my_host]=my_ip
+  end
+  my_created=ny_ad.get_dn_attribute("computer",my_dn,"whenCreated")
+  my_computers[my_dn] = Hash.new
+  my_computers[my_dn]['DN'] = my_dn
+  my_computers[my_dn]['SAM'] = my_sam_id
+  my_computers[my_dn]['OS'] = my_os
+  my_computers[my_dn]['HOST'] = my_host
+  my_computers[my_dn]['IP'] = my_ip
+  my_computers[my_dn]['CREATED'] = my_created
+end
+my_computers.values.map do |record|
+  puts "Insert record into ad_computers table: #{record}" if @verbose
+  if ad_computer_table.insert(:dn => record['DN'].to_s, :sam => record['SAM'].to_s, :os => record['OS'].to_s, :host => record['HOST'].to_s, :ip => record['IP'].to_s, :created => record['CREATED'].to_s)
+    puts "Success!" if @verbose
+  else
+    puts "Insert fail." if @berbose
+  end
+end
+puts "Done reload ad_computers."
+
+# Step 6 - clean up
+db.disconnect
+ny_ad = nil

data/lib/ucert.rb

@@ -0,0 +1,82 @@
+#--
+# ucert
+#
+# A  Ruby library for enterprise user account certification / recertification / audit project
+#
+# Copyright (c)  CMBNY Risk Department
+#++
+require 'ucert/utils/utils'
+require 'ucert/ad_tracker'
+require 'ucert/t24_tracker'
+require 'ucert/go_contact_tracker'
+require 'ucert/fis_prime_tracker'
+require 'ucert/fis_egifts_tracker'
+require 'ucert/alliance_swift_tracker'
+require 'ucert/citidirect_securities_tracker'
+require 'ucert/jpm_access_tracker'
+require 'ucert/db_direct_tracker'
+require 'ucert/sage100_tracker'
+require 'ucert/vpn_tracker'
+require 'ucert/swift_online_tracker'
+require 'ucert/check21_tracker'
+require 'ucert/cmbrun_ny_tracker'
+require 'ucert/mantis_tracker'
+require 'ucert/audiolog_tracker'
+require 'ucert/citidirect_be_tracker'
+require 'ucert/stb_tracker'
+require 'ucert/equinix_tracker'
+require 'ucert/citrix_sharefile_tracker'
+require 'ucert/aix_tracker'
+require 'ucert/frb_tracker'
+require 'ucert/wms_tracker'
+require 'ucert/yst_tracker'
+require 'ucert/madison535_tracker'
+require 'ucert/bloomberg_tracker'
+require 'ucert/cvm_tracker'
+require 'ucert/som_tracker'
+require 'ucert/adp_payroll_tracker'
+require 'ucert/clear_par_tracker'
+
+module Ucert
+
+  NAME            = "Ucert"
+  GEM             = "ucert"
+  VERSION		  = File.dirname(__FILE__) + "/../version.txt"
+  @verbose = false
+  # Module instance variable to keep track of the DN record change in the AD
+  @ad_delta = File.dirname(__FILE__) + "/../data/ad/ad_delta.txt"
+
+  class << self
+    attr_accessor :ad_delta, :verbose
+
+  	# Simple parser for the project version file
+  	def read_ver
+  		ver=Hash.new
+  		f=File.open(VERSION,'r')
+  		f.each do |line|
+  			line.chomp!
+  			case line
+  			when /^(\s)*#/
+  				next
+  			when /\=/
+  				entry=line.split("=").map! {|x| x.strip}
+  				ver[entry[0]]=entry[1]
+  			end
+  		end
+  		f.close
+  		return ver
+  	end
+
+  	def banner
+  		ver=read_ver
+  		art=""
+  		string = "-"*80 + "\n" + art + "\n" + "Version: " + ver["version"] + "\tRelease Date: " + ver["date"] + "\nDesigned and developed by: " + ver["author"] + "\nEmail: " + ver["email"] + "\tLinkedIn: " + ver["linkedin"] + "\n" + "-"*80
+  	end
+
+    # To do
+
+    private
+
+
+  end
+end

data/lib/ucert/ad_tracker.rb

@@ -0,0 +1,694 @@
+#--
+# ucert
+#
+# A  Ruby library for enterprise user account certification / recertification / audit project
+#
+# Copyright (c)  CMBNY Risk Department
+#++
+require "net/ldap"
+
+# Class to handle the ative directory local data cache repository. Note this
+# class depends on the 3rd party program 'openldap' @ www.openldap.org
+class Ucert::AdTracker
+	include Ucert::Utils
+
+	attr_accessor  :verbose,:ldap_connector,:ldapsearch_argv_1,:ldapsearch_argv_2,:ldap_connector_id, :ldap_connector_pass, \
+										:ldap_host, :ldap_port, :ldap_base, :ad_delta_map, :ad_delta, :refresh_dns_records
+	attr_reader :ad_person_records,:ad_computer_records, \
+								:ldapsearch_cache_person,:ldapsearch_cache_computer,:program_ldapsearch,:acct_cntl_code,:known_hosts
+
+  # Instance default variables
+  def initialize (params ={})
+		# Specify the dependency 3rd party application 'ldapsearch' installation path
+		@verbose=params.fetch(:verbose, false)
+		@refresh_dns_records=params.fetch(:refresh_dns_records, false)		# params to turn on/off DNS records refreshment. Use with caution as it's time intensive task.
+		@program_ldapsearch = "/usr/bin/ldapsearch"
+		# Specify default ldap connector and connecting credential; currently we support: 1) 'openldap'
+		@ldap_connector = "openldap"
+		@ldap_connector_id=params.fetch(:ldap_connector_id,"")
+		@ldap_connector_pass=params.fetch(:ldap_connector_pass,"")
+		@ldap_host = params.fetch(:ldap_host, "CMBNY-OADC2.ny.cmbchina.com")
+		@ldap_port = params.fetch(:ldap_port, "389")
+		@ldap_base = params.fetch(:ldap_base, "DC=ny,DC=cmbchina,DC=com")
+		# Specify the dependency 3rd party application 'ldapsearh' command argument options
+		#@ldapsearch_argv_1 = " -b \"DC=ny,DC=cmbchina,DC=com\" -h CMBNY-OADC2.ny.cmbchina.com -p 389 -D "
+		@ldapsearch_argv_1 = " -b " + @ldap_base + " -h " + @ldap_host + " -p " + @ldap_port + " -D "
+		@ldapsearch_argv_2 = " -s sub \"objectcategory="
+		# Specify the cache file location for 'ldapsearch'
+		@ldapsearch_cache_person = File.dirname(__FILE__) + "/../../data/ad/ldap_person.txt"
+		@ldapsearch_cache_computer = File.dirname(__FILE__) + "/../../data/ad/ldap_computer.txt"
+		# Specify the local hosts cache file for fast DNS resolving
+		@hosts_cache = File.dirname(__FILE__) + "/../../data/ad/hosts"
+		@known_hosts=load_known_hosts(@hosts_cache)
+		# AD Delta detection
+		@ad_delta_map = File.dirname(__FILE__) + "/../../data/ad/ad_delta.txt"
+		@ad_delta = load_known_user_map_from_file (@ad_delta_map)
+		# class instance variables to keep track of the AD record changes
+		@ad_person_records = Hash.new
+    @ad_computer_records = Hash.new
+		# Refer to microsoft KB 'How to use the UserAccountControl flags' - https://support.microsoft.com/en-us/kb/305144
+		@acct_cntl_code={"SCRIPT"=>1, "ACCOUNTDISABLE"=>2, "HOMEDIR_REQUIRED"=>4, "LOCKOUT"=>5, "PASSWD_NOTREQD"=>6, \
+			"PASSWD_CANT_CHANGE"=>7, "ENCRYPTED_TEXT_PWD_ALLOWED"=>8, "TEMP_DUPLICATE_ACCOUNT"=>9, "NORMAL_ACCOUNT"=>10, \
+			"'INTERDOMAIN_TRUST_ACCOUNT'"=>12, "WORKSTATION_TRUST_ACCOUNT"=>13, "SERVER_TRUST_ACCOUNT"=>14, \
+			"DONT_EXPIRE_PASSWORD"=>17, "MNS_LOGON_ACCOUNT"=>18, "SMARTCARD_REQUIRED"=>19, \
+			"TRUSTED_FOR_DELEGATION"=>20, "NOT_DELEGATED"=>21, "USE_DES_KEY_ONLY"=>22, "DONT_REQ_PREAUTH"=>23, \
+			"PASSWORD_EXPIRED"=>24, "TRUSTED_TO_AUTH_FOR_DELEGATION"=>25, "PARTIAL_SECRETS_ACCOUNT"=>27}
+		# loading the instance variables
+		load_ad(@ldap_connector)
+	end
+
+	# Load AD tracker instance variables from the cache files; re-create the cache files if non-existing.
+	def load_ad (connector)
+		begin
+			case connector
+			when "openldap"
+				update_openldap_cache("person") unless File.exist?(@ldapsearch_cache_person)
+				parse_openldap_cache("person")
+				update_openldap_cache("computer") unless File.exist?(@ldapsearch_cache_computer)
+				parse_openldap_cache("computer")
+			else
+				#do nothing
+			end
+		rescue => ee
+	    puts "Exception on method #{__method__}: #{ee}"
+	  end
+	end
+
+	# wrapper to Net::LDAP ldap.bind method
+	def is_ldap_bind?
+		begin
+			ldap = Net::LDAP.new
+			ldap.host = @ldap_host
+			ldap.port = @ldap_port
+			ldap.auth @ldap_connector_id, @ldap_connector_pass
+			if ldap.bind
+				puts "LDAP bind to #{@ldap_host} successfully!"
+				return true
+			else
+				puts "LDAP bind to #{@ldap_host} fail!"
+				return false
+			end
+		rescue => ee
+	    puts "Exception on method #{__method__}: #{ee}"
+	  end
+	end
+
+	# method to update the active directory local cache file
+	def update_ad_cache (opt)
+	  begin
+			puts "Start AD cache file update process for objectcategory: #{opt}"
+			case @ldap_connector
+			when "openldap"
+				my_dn=sid_2_dn(@ldap_connector_id)
+				abort "Error. Unknown user ID: #{@ldap_connector_id}" if my_dn.nil?
+				case opt
+				when "person"
+#					cmd = @program_ldapsearch + @ldapsearch_argv_1 + "\"" + my_dn + "\" -w " + @ldap_connector_pass + @ldapsearch_argv_2 + opt + "\" > " + @ldapsearch_cache_person
+					cmd = @program_ldapsearch + @ldapsearch_argv_1 + "\"" + @ldap_connector_id + "\" -w " + @ldap_connector_pass + @ldapsearch_argv_2 + opt + "\" > " + @ldapsearch_cache_person
+				when "computer"
+#					cmd = @program_ldapsearch + @ldapsearch_argv_1 + "\"" + my_dn + "\" -w " + @ldap_connector_pass + @ldapsearch_argv_2 + opt + "\" > " + @ldapsearch_cache_computer
+					cmd = @program_ldapsearch + @ldapsearch_argv_1 + "\"" + @ldap_connector_id  + "\" -w " + @ldap_connector_pass + @ldapsearch_argv_2 + opt + "\" > " + @ldapsearch_cache_computer
+				else
+					raise "Error - unknown objectcategory: #{opt}"
+				end
+			else
+				raise "Error - unknown LDAP connector: #{@ldap_connector}"
+			end
+			# Test connection before the update
+	    if is_ldap_bind?
+				puts "Execute shell command: #{cmd}" if @verbose
+	    	system(cmd)
+	    	puts "Done!"
+			end
+	    sleep (2)
+	  rescue => ee
+	    puts "Exception on method #{__method__}: #{ee}"
+	  end
+	end
+	alias_method :update, :update_ad_cache
+
+	# method to parse the openldap cache file, save the record into a hash data structure
+	def parse_openldap_cache (opt)
+	  begin
+	    case opt
+	    when "person"
+	      file = @ldapsearch_cache_person
+	    when "computer"
+	      file = @ldapsearch_cache_computer
+	    else
+	      raise "Unkown log file type: #{opt}"
+	    end
+	    puts "Start working on openldap log file: #{file}" if @verbose
+	    raise "File not found. Please check your path again: #{file}" unless File.exist?(file)
+	    f_cache = File.open(file, 'r:ISO-8859-1:UTF-8')
+	    # recording bit to flag start / end of new ad record
+	    recording=false
+	    ad_objs=Hash.new
+	    dn_key=String.new
+			# flag to check next line in file where the dn string may be split over to
+			dn_key_nextline_check=false
+	    f_cache.each do |line|
+	      line.chomp!
+	      if dn_key_nextline_check
+					puts "Perform DN Key next line check for its completeness: #{dn_key}" if @verbose
+					if line =~ /^\s/
+						puts "Incomplete DN Key found: #{dn_key}" if @verbose
+						dn_key=dn_key+line.sub(/^\s/,'')
+						ad_objs[dn_key]=Array.new
+						dn_key_nextline_check=false
+						recording=true
+						next
+					else
+						puts "DN Key found completed: #{dn_key}" if @verbose
+						dn_key_nextline_check=false
+						ad_objs[dn_key]=Array.new
+						dn_key_nextline_check=false
+						recording=true
+					end
+				end
+	      if line =~ /^dn\:/
+					puts "DN Key found in line: #{line}" if @verbose
+	        dn_key=line.split(':')[1].sub(/^\s/,'')
+					puts "DN found: #{dn_key}" if @verbose
+					dn_key_nextline_check=true
+	        next
+	      end
+	      if line.nil? or line.empty?
+	        puts "Done processing one record." if @verbose
+	        #sleep(2)
+	        recording=false
+	        next
+	      end
+	      if recording
+					puts "Start recording for record: #{dn_key}" if @verbose
+					if line=~ /^\s/
+						puts "Modify last attribute for its incompleteness: #{ad_objs[dn_key].last} - #{line} " if @verbose
+						ad_objs[dn_key][-1] = ad_objs[dn_key].last + line.sub(/^\s/,'')
+					else
+						puts "Adding new record attribute: #{line}" if @verbose
+						ad_objs[dn_key].push(line)
+					end
+	      end
+	    end
+	    f_cache.close
+	    case opt
+	    when "person"
+	      @ad_person_records=ad_objs
+	    when "computer"
+	      @ad_computer_records=ad_objs
+				save_hosts  # refresh the hosts file
+	    else
+	      raise "Unkown log file type: #{opt}"
+	    end
+	    puts "Done processing the cache file: #{file}" if @verbose
+	  rescue => ee
+	    puts "Exception on method #{__method__}: #{ee}"
+	  end
+	end
+
+	# generic text string search of ad local cache for matched record, return the record primary key, i.e. DN
+	def ad_search_by_text (keyword,opt="person")
+	  begin
+	    puts "Begin search on the cache for: #{keyword}" if @verbose
+			return nil if keyword.nil?
+			keywords=keyword.downcase.split(/(\,|\s|\;|\&|\!|\@|\#|\$|\%|\^|\*|\(|\)|\-|\=|\+|\=|\{|\}|\[|\]|\:|\~)/) \
+				- [" ", "", nil, ",", ";", "&", "!", "@", "#", "$", "%", "^", "*", "(", ")", "-", "+", "=", "{", "}", "[", "]", ":" "~"]
+	    #txt.downcase!
+	    case opt
+	    when "computer"
+	      @ad_computer_records.each do |key, val|
+	        puts "Searching computer cache data." if @verbose
+	        val.map do |entry|
+						every=entry.to_s.downcase
+						success=keywords.inject(true) {|found,word| break unless found; every.include?(word) && found; }
+	          if success
+	            return key
+	          end
+	        end
+	      end
+	    when "person"
+	      @ad_person_records.each do |key, val|
+	        puts "Searching person cache data." if @verbose
+					word_1=keywords.join(" ")
+					word_2=keywords.reverse.join(" ")
+					val.map do |entry|
+	          puts "First order searching: #{entry} for #{word_1} or #{word_2}" if @verbose
+	        	every=entry.to_s.downcase
+		        if every.include?(" " + word_1) or every.include?(" " + word_2)
+	            puts "Best match found: #{entry}" if @verboseirb
+	            return key
+	          elsif every.include?(word_1) or every.include?(word_2)
+	            puts "Best match found: #{entry}" if @verbose
+	            return key
+	          end
+	        end
+				end
+				@ad_person_records.each do |key, val|
+					val.map do |entry|
+	          puts "Secondary order searching: #{entry}" if @verbose
+	        	every=entry.to_s.downcase
+						success2=keywords.inject(true) {|found,word| break unless found; every.include?(word) && found; }
+						if success2
+	            puts "Close match found: #{entry}" if @verbose
+	            return key
+	          end
+	        end
+	      end
+	    else
+	      raise "Unknow cache: #{opt}"
+	    end
+	    return nil
+	  rescue => ee
+	    puts "Exception on method #{__method__}: #{ee}"
+	  end
+	end
+  alias_method :search, :ad_search_by_text
+
+	# generic text string search of ad local cache for matched records. Input is
+	# a keyword string, return the record primary keys, i.e. multiple DNs in an array.
+	def ad_searches_by_text (keyword,opt="person",max=10)
+	  begin
+	    puts "Begin searches on the cache for: #{keyword}" if @verbose
+			return nil if keyword.nil?
+      keywords=keyword.downcase.split(/(\,|\s|\;|\&|\!|\@|\#|\$|\%|\^|\*|\(|\)|\-|\=|\+|\=|\{|\}|\[|\]|\:|\~)/) \
+				- [" ", "", nil, ",", ";", "&", "!", "@", "#", "$", "%", "^", "*", "(", ")", "-", "+", "=", "{", "}", "[", "]", ":" "~"]
+			search_result=Array.new
+			case opt
+	    when "computer"
+				cnt=0
+	      @ad_computer_records.each do |key, val|
+	        puts "Searching computer cache data on: #{key}" if @verbose
+	        val.map do |entry|
+						break if cnt >= max  # limit returned records to max
+						every = entry.to_s.downcase
+						success=keywords.inject(true) {|found,word| break unless found; every.include?(word) && found; }
+						if success
+	            puts "Match found: #{entry}" if @verbose
+	            search_result.push(key)
+							cnt+=1
+							break
+	          end
+	        end
+	      end
+	    when "person"
+				cnt=0
+				# Perform 1st order search of CN portion of DN only for the best match
+				@ad_person_records.keys.map do |x|
+					puts "Searching person DN entry for #{key}" if @verbose
+					word_1=keywords.join(" ").downcase
+					word_2=keywords.reverse.join(" ").downcase
+					y=get_cn(x).downcase
+					if y.include?(word_1) or y.include?(word_2)
+						puts "Match found: #{x}" if @verbose
+						search_result.push(x)
+						cnt+=1
+					end
+				end
+				# Perform 2nd order search of complete keyword string on person record attributes
+	      @ad_person_records.each do |key, val|
+	        puts "Searching person cache data on: #{key}" if @verbose
+          word_1=keywords.join(" ")
+					word_2=keywords.reverse.join(" ")
+          val.map do |entry|
+						break if cnt >= max  # limit returned records to max
+						every = entry.to_s.downcase
+						if every.include?(word_1) or every.include?(word_2)
+	            puts "Match found: #{entry}" if @verbose
+	            search_result.push(key)
+							cnt+=1
+							break
+	          end
+	        end
+	      end
+				# Perform 3rd order search of partial keyword string on the person record attributes
+				@ad_person_records.each do |key, val|
+	        puts "Searching person cache data on: #{key}" if @verbose
+	        val.map do |entry|
+						break if cnt >= max  # limit returned records to max
+						every = entry.to_s.downcase
+						success=keywords.inject(true) {|found,word| break unless found; every.include?(word) && found; }
+	          #entry_clean=entry.chomp
+						#if entry_clean.downcase.include?(txt)
+						if success
+	            puts "Match found: #{entry}" if @verbose
+	            search_result.push(key)
+							cnt+=1
+							break
+	          end
+	        end
+	      end
+				#
+	    else
+	      raise "Unknow cache: #{opt}"
+	    end
+	    return search_result.uniq
+	  rescue => ee
+	    puts "Exception on method #{__method__}: #{ee}"
+			return search_result
+	  end
+	end
+  alias_method  :searches, :ad_searches_by_text
+
+	# Retrieve the specific dn object
+	def get_ad_record (dn)
+	  begin
+	      return @ad_person_records[dn] if @ad_person_records.key?(dn)
+	      return @ad_computer_records[dn] if @ad_computer_records.key?(dn)
+				return "Unfound"
+	  rescue => ee
+	      puts "Exception on method #{__method__}: #{ee}"
+				return "Unfound"
+	  end
+	end
+
+	# Retrieve the specific attribute from the dn's attribute collection
+	def get_dn_attribute (opt="person",dn,attr_name)
+	  begin
+			case opt
+			when "person"
+				attrs=@ad_person_records[dn] if @ad_person_records.key?(dn)
+			when "computer"
+	    	attrs=@ad_computer_records[dn] if @ad_computer_records.key?(dn)
+			else
+				raise "Error - unknown objectcategory: #{opt}"
+			end
+	    #puts attrs
+	    attrs.map do |line|
+	      (key,val)=line.chomp.split(':')
+	      if key==attr_name
+	        return val.strip
+	      end
+	    end
+			return nil
+	  rescue => ee
+	    puts "Exception on method #{__method__}: #{ee}"
+			return nil
+	  end
+	end
+
+	# Retrieve the attributes from the dn's attribute collection; the output is the matchs inside an array
+	def get_dn_attributes (opt,dn,attr_name)
+	  begin
+			founds = Array.new
+			case opt
+			when "person"
+				attrs=@ad_person_records[dn] if @ad_person_records.key?(dn)
+			when "computer"
+	    	attrs=@ad_computer_records[dn] if @ad_computer_records.key?(dn)
+			else
+				raise "Error - unknown objectcategory: #{opt}"
+			end
+	    #puts attrs
+	    attrs.map do |line|
+	      (key,val)=line.chomp.split(':')
+	      if key==attr_name
+	        founds.push(val.strip)
+	      end
+	    end
+			return founds
+	  rescue => ee
+	    puts "Exception on method #{__method__}: #{ee}"
+			return nil
+	  end
+	end
+
+	# Lookup DN by sAMAccountName attribute
+	def sid_2_dn (sid)
+		begin
+			@ad_person_records.keys.map do |dn|
+				attrs=@ad_person_records[dn]
+				attrs.map do |line|
+					(key,val)=line.chomp.split(':')
+					if val.strip.upcase==sid.strip.upcase
+						return dn
+					end
+				end
+			end
+			return nil
+		rescue => ee
+	    puts "Exception on method #{__method__}: #{ee}"
+			return "Unfound"
+	  end
+	end
+
+	# Retrieve the first CN "Full Name" for the DN
+	def get_cn (dn)
+		begin
+			attrs=@ad_person_records[dn] if @ad_person_records.key?(dn)
+			attrs=@ad_computer_records[dn] if @ad_computer_records.key?(dn)
+			attrs.map do |line|
+				(key,val)=line.chomp.split(':')
+				if key=="cn"
+					return val.strip
+				end
+			end
+			return "Unfound"
+		rescue => ee
+			puts "Exception on method #{__method__}: #{ee}"
+			return "Unfound"
+		end
+	end
+
+	# String manipulation to extract the first CN from the DN
+	def extract_first_cn (dn)
+		begin
+			return nil if dn.nil? or dn.empty?
+			dn.split(',').map do |x|
+				return x if x=~ /^cn=/i
+			end
+		rescue => ee
+			puts "Exception on method #{__method__}: #{ee}"
+		end
+	end
+
+	# Retrieve a list of CNs i.e. "Full Name" for the dns
+	def get_cns (dns)
+		begin
+			result=Array.new
+			dns.map do |dn|
+				cn=get_cn(dn)
+				result.push(cn)
+			end
+			return result
+		rescue => ee
+			puts "Exception on method #{__method__}: #{ee}"
+			return result
+		end
+	end
+
+	def get_os_info (dn)
+		begin
+			puts "Retrieve Operation System information for: #{dn}" if @verbose
+			os_info = String.new
+			attrs=@ad_computer_records[dn] if @ad_computer_records.key?(dn)
+			attrs.map do |line|
+				(key,val)=line.chomp.split(':')
+				case key
+				when "operatingSystem"
+					os_info += val.strip
+				when "operatingSystemVersion"
+					os_info += val
+				when "operatingSystemServicePack"
+					os_info += val
+				end
+			end
+			return os_info
+		rescue => ee
+			puts "Exception on method #{__method__}: #{ee}" if @verbose
+			return "Unfound"
+		end
+	end
+	alias_method :get_os, :get_os_info
+
+	# Convertion of MS UserAccountControl code in decimal value back to 'Property flag'
+	def cntl_code_2_property_flag (code)
+		begin
+			puts "Perform user account status lookup for user account control code: #{code}" if @verbose
+			code_2_status = Hash.new
+			@acct_cntl_code.each { |k,v| code_2_status[v]=k }
+			account_status = Array.new
+			b_code = code.to_i.to_s(2)
+			a_code = b_code.split('').reverse
+			(0...a_code.count).each do |x|
+				if a_code[x] === "1"
+					status = code_2_status[x+1]
+					account_status.push(status)
+				end
+			end
+			return account_status.join(' + ')
+		rescue => ee
+			puts "Exception on method #{__method__}: #{ee}" if @verbose
+			return "Unknown"
+		end
+	end
+	alias_method :code_2_flag, :cntl_code_2_property_flag
+
+	# Print out Adstore cache record in tab-delimited file format
+	def print (opt)
+		begin
+			puts "Print out the Active Directory Cache #{opt} record in tab-delimited format: " if @verbose
+			case opt
+			when "computer"
+				@ad_computer_records.keys.map do |my_dn|
+					my_sam_id=get_dn_attribute(opt,my_dn,"sAMAccountName")
+					my_os=get_os_info(my_dn)
+					my_host=get_dn_attribute(opt,my_dn,"dNSHostName")
+					my_membership=get_dn_attributes(opt,my_dn,"memberOf")
+					if @known_hosts.key?(my_host)
+						my_ip=@known_hosts[my_host]
+					else
+						my_ip=nslookup(my_host) if @refresh_dns_records
+						@known_hosts[my_host]=my_ip
+					end
+					my_created=get_dn_attribute(opt,my_dn,"whenCreated")
+					puts "#{my_dn}|#{my_sam_id}|#{my_os}|#{my_host}|#{my_ip}|#{my_created}|#{my_membership}"
+				end
+				# Save the known hosts into cache file for future reference
+				save_hosts(@hosts_cache)
+			when "person"
+				@ad_person_records.keys.map do |my_dn|
+					my_sam_id=get_dn_attribute(opt,my_dn,"sAMAccountName")
+					my_email=get_dn_attribute(opt,my_dn,"mail")
+					my_name=get_cn(my_dn)
+					my_dept=get_dn_attribute(opt,my_dn,"department")
+					my_acct_code=get_dn_attribute(opt,my_dn,"userAccountControl")
+					my_acct_status=cntl_code_2_property_flag(my_acct_code)
+					my_workstations=get_dn_attribute(opt,my_dn,"userWorkstations")
+					my_membership=get_dn_attributes(opt,my_dn,"memberOf")
+					puts "#{my_dn}|#{my_name}|#{my_sam_id}|#{my_email}|#{my_dept}|#{my_acct_status}|#{my_workstations}|#{my_membership}"
+				end
+			else
+				raise "Unknow cache table: #{opt} \t Please check your input Type again."
+			end
+			return nil
+		rescue => ee
+			puts "Exception on method #{__method__}: #{ee}"
+		end
+	end
+	alias_method :dump, :print # make the two method call the same function
+
+	# refresh @known_hosts instance based on the lastest ad_computer_records
+	def refresh_hosts
+		begin
+			@ad_computer_records.keys.map do |my_dn|
+				my_sam_id=get_dn_attribute("computer",my_dn,"sAMAccountName")
+				my_os=get_os_info(my_dn)
+				my_host=get_dn_attribute("computer",my_dn,"dNSHostName")
+				my_membership=get_dn_attributes("computer",my_dn,"memberOf")
+				if @known_hosts.key?(my_host)
+					my_ip=@known_hosts[my_host]
+				else
+					my_ip=nslookup(my_host)
+					@known_hosts[my_host]=my_ip
+				end
+			end
+		rescue => ee
+			puts "Exception on method #{__method__}: #{ee}"
+		end
+	end
+
+	# Save the known hosts table into cache file
+	def save_hosts(f_hosts=@hosts_cache)
+		begin
+			puts "Save the hosts table from memory to file: #{f_hosts} ..." if @verbose
+			# update the @known_hosts instance
+			refresh_hosts if @refresh_dns_records
+			# Write the @known_hosts instance back to hosts file
+			timestamp=Time.now
+			f=File.open(f_hosts, 'w')
+			f.write "# local hosts file created by the #{self.class} class #{__method__} method at: #{timestamp}"
+			(@known_hosts.keys-[nil]).sort.map do |key|
+				unless key =~ /\d+\.\d+\.\d+\.\d+/
+					f.write "\n#{key}\t#{@known_hosts[key]}"
+				end
+			end
+			f.close
+			puts "local host repository is successfully saved to: #{f_hosts}" if @verbose
+		rescue => ee
+			puts "Exception on method #{__method__}: #{ee}"
+		end
+	end
+
+	# Save the AD change back into cache file
+	def save_delta (f_delta=@ad_delta_map)
+		begin
+			puts "Save the AD Delta table from memory to file: #{f_delta} ..." if @verbose
+			timestamp=Time.now
+			f=File.open(f_delta, 'w')
+			f.write "# AD Delta created by the #{self.class} class #{__method__} method at: #{timestamp}"
+			@ad_delta.each do |key, value|
+				unless key =~ /\d+\.\d+\.\d+\.\d+/ or key.nil?
+					f.write "\n#{key}|#{value}"
+				end
+			end
+			f.close
+			puts "AD delta records are successfully saved to: #{f_hosts}" if @verbose
+		rescue => ee
+			puts "Exception on method #{__method__}: #{ee}"
+		end
+	end
+
+	# Load the hosts cache file for fast DNS resolving
+	def load_known_hosts (f_hosts=@file_hosts)
+		puts "Loading local hosts from file: #{f_hosts} ..." if @verbose
+		begin
+			known_hosts=Hash.new
+			f=File.open(f_hosts, 'r')
+			f.each do |line|
+				next unless line =~ /\d+\.\d+\.\d+\.\d+/
+				entry=line.chomp.split(%r{\t+|\s+|\,})
+				key=entry[0].downcase
+				value=entry[1]
+				puts "Loading value pair: #{key} - #{value}" if @verbose
+				known_hosts[key] = Hash.new unless known_hosts.key?(key)
+				known_hosts[key]= value
+			end
+			f.close
+			return known_hosts
+		rescue => ee
+			puts "Exception on method #{__method__}: #{ee}"
+			return Hash.new
+		end
+	end
+
+	# Local DNS reverse lookup
+	def local_ip_2_host (ip)
+		puts "Perform local IP to hostname lookup on IP: #{ip}" if @verbose
+		begin
+			ip.chomp!
+			raise "Invalid IP address format: #{ip}" unless ip =~ /\d+\.\d+\.\d+\.\d+/
+			@known_hosts.to_a.reverse.to_h.each do |key,val|
+				return key.to_s if val == ip
+			end
+			return nil
+		rescue => ee
+			puts "Exception on method #{__method__}: #{ee}"
+			return nil
+		end
+	end
+
+  # SAM ID to DN reverse lookup
+  def sam_2_dn (id)
+    puts "Perform SAM ID to DN lookup for: #{id}" if @verbose
+		begin
+      id.strip!
+			@ad_person_records.keys.map do |my_dn|
+        sam_id=get_dn_attribute("person",my_dn,"sAMAccountName")
+        if sam_id == id
+          return my_dn
+        end
+      end
+      @ad_computer_records.keys.map do |my_dn|
+        sam_id=get_dn_attribute("computer",my_dn,"sAMAccountName")
+        if sam_id == id
+          return my_dn
+        end
+      end
+			return nil
+		rescue => ee
+			puts "Exception on method #{__method__}: #{ee}"
+			return nil
+		end
+  end
+
+end