Module: Hydra::LDAP

Defined in:
lib/hydra-ldap.rb,
lib/hydra/ldap/engine.rb,
lib/hydra/ldap/version.rb

Defined Under Namespace

Classes: Engine, GroupNotFound, MissingOwnerError, NoUsersError

Constant Summary collapse

VERSION = 
"0.0.4"

Class Method Summary collapse

Class Method Details

.add_users_to_group(group_code, users) ⇒ Object 



112
113
114
115
116
117
118
119
 
# File 'lib/hydra-ldap.rb', line 112

def self.add_users_to_group(group_code, users)
  invalidate_cache(group_code)
  ops = []
  users.each do |u|
    ops << [:add, ldap_config[:group_member], "uid=#{u}"]
  end
  connection.modify(:dn=>dn(group_code), :operations=>ops)
end

.connectionObject 



14
15
16
 
# File 'lib/hydra-ldap.rb', line 14

def self.connection
  @ldap_conn ||= Net::LDAP.new(ldap_connection_config)
end

.create_group(code, attributes) ⇒ Object

def self.create_group(code, description, owner, users) dn => dn(code) attributes = 

:cn => code,
:objectclass => "groupofnames",
:description => description,
:member=>users.map {|u| "uid=#{u"},
:owner=>"uid=#owner"

}

Raises:



59
60
61
62
63
 
# File 'lib/hydra-ldap.rb', line 59

def self.create_group(code, attributes)
  raise NoUsersError, "Unable to persist a group without users" unless attributes[:uniquemember] 
  raise MissingOwnerError, "Unable to persist a group without owner" unless attributes[:owner] 
  connection.add(:dn=>dn(code), :attributes=>attributes)
end

.delete_group(code) ⇒ Object 



65
66
67
 
# File 'lib/hydra-ldap.rb', line 65

def self.delete_group(code)
  connection.delete(:dn=>dn(code))
end

.dn(code) ⇒ Object 



46
47
48
 
# File 'lib/hydra-ldap.rb', line 46

def self.dn(code)
  dn = "cn=#{code},#{group_base}"
end

.does_group_exist?(filter) ⇒ Boolean

hits = connection.search(:base=>group_base, :filter=>Net::LDAP::Filter.eq(‘cn’, cn))

Returns:

  • (Boolean) 


166
167
168
169
 
# File 'lib/hydra-ldap.rb', line 166

def self.does_group_exist?(filter)
  hits = connection.search(:base=>group_base, :filter=>filter)
  return hits.count == 1
end

.does_user_exist?(filter) ⇒ Boolean

hits = connection.search(:base=>group_base, :filter=>Net::LDAP::Filter.eq(‘uid’, uid))

Returns:

  • (Boolean) 


154
155
156
157
 
# File 'lib/hydra-ldap.rb', line 154

def self.does_user_exist?(filter)
  hits = connection.search(:base=>treebase, :filter=>filter)
  return !hits.empty?
end

.find_group(group_code, filter, attributes, &block) ⇒ Object

NW result = connection.search(:base=>group_base, :filter=> Net::LDAP::Filter.construct(“(&(objectClass=groupofnames)(cn=#group_code))”), :attributes=>[‘member’, ‘owner’, ‘description’]) result.first.each do |k, v|

val[k] = v

end

Raises:



139
140
141
142
143
144
145
146
 
# File 'lib/hydra-ldap.rb', line 139

def self.find_group(group_code, filter, attributes, &block)
  @cache ||= {}
  return @cache[[group_code, filter, attributes]] if @cache[[group_code, filter, attributes]]
  result = connection.search(:base=>group_base, :filter=> filter, :attributes=>attributes)
  raise GroupNotFound, "Can't find group '#{group_code}' in ldap" unless result.first
  @cache[[group_code, filter, attributes]] = result
  block.call(result) if block_given?
end

.get_user(filter, attribute = []) ⇒ Object 



148
149
150
151
 
# File 'lib/hydra-ldap.rb', line 148

def self.get_user(filter, attribute=[])
  result = connection.search(:base=>treebase, :filter => filter, :attributes => attribute)
  return result
end

.group_baseObject 



38
39
40
 
# File 'lib/hydra-ldap.rb', line 38

def self.group_base
  ldap_config[:group_base]
end

.groups_for_user(filter, attributes = ['psMemberOf'], &block) ⇒ Object

same as ldapsearch -h ec2-107-20-53-121.compute-1.amazonaws.com -p 389 -x -b dc=example,dc=com -D “cn=admin,dc=example,dc=com” -W “(&(objectClass=groupofnames)(member=uid=vanessa))” cn Northwestern passes attributes= PSU filter=Net::LDAP::Filter.eq(‘uid’, uid) NW filter=Net::LDAP::Filter.construct(“(&(objectClass=groupofnames)(member=uid=#uid))”))



74
75
76
77
 
# File 'lib/hydra-ldap.rb', line 74

def self.groups_for_user(filter, attributes=['psMemberOf'], &block)
  result = connection.search(:base=>group_base, :filter => filter, :attributes => attributes)
  block.call(result) if block_given?
end

.groups_owned_by_user(filter, attributes = ['cn'], &block) ⇒ Object

NW - return result.map{|r| r.first}



80
81
82
83
 
# File 'lib/hydra-ldap.rb', line 80

def self.groups_owned_by_user(filter, attributes=['cn'], &block)
  result = connection.search(:base=>group_base, :filter=> filter, :attributes=>attributes)
  block.call(result) if block_given?
end

.invalidate_cache(group_code) ⇒ Object 



130
131
132
133
 
# File 'lib/hydra-ldap.rb', line 130

def self.invalidate_cache(group_code)
  @cache ||= {}
  @cache[group_code] = nil
end

.is_user_unique?(filter) ⇒ Boolean

hits = connection.search(:base=>group_base, :filter=>Net::LDAP::Filter.eq(‘uid’, uid))

Returns:

  • (Boolean) 


160
161
162
163
 
# File 'lib/hydra-ldap.rb', line 160

def self.is_user_unique?(filter)
  hits = connection.search(:base=>treebase, :filter=>filter)
  return hits.count == 1
end

.ldap_configObject 



32
33
34
35
36
 
# File 'lib/hydra-ldap.rb', line 32

def self.ldap_config
  root = Rails.root || '.'
  env = Rails.env || 'test'
  @ldap_config ||= YAML::load(ERB.new(IO.read(File.join(root, 'config', 'hydra-ldap.yml'))).result)[env].with_indifferent_access
end

.ldap_connection_configObject 



18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/hydra-ldap.rb', line 18

def self.ldap_connection_config
  return @ldap_connection_config if @ldap_connection_config
  @ldap_connection_config = {}
  yml = ldap_config
  @ldap_connection_config[:host] = yml[:host]
  @ldap_connection_config[:port] = yml[:port]
  if yml[:username] && yml[:password]
    @ldap_connection_config[:auth]={:method=>:simple}
    @ldap_connection_config[:auth][:username] = yml[:username]
    @ldap_connection_config[:auth][:password] = yml[:password]
  end
  @ldap_connection_config
end

.owner_for_group(group_code, filter, attributes = ['owner'], &block) ⇒ Object

result.first.sub(/^uid=/, ”)



104
105
106
107
108
109
110
 
# File 'lib/hydra-ldap.rb', line 104

def self.owner_for_group(group_code, filter, attributes=['owner'], &block)
  if block_given?
    find_group(group_code, filter, attributes, &block)
  else  
    find_group(group_code, filter, attributes)
  end
end

.remove_users_from_group(group_code, users) ⇒ Object 



121
122
123
124
125
126
127
128
 
# File 'lib/hydra-ldap.rb', line 121

def self.remove_users_from_group(group_code, users)
  invalidate_cache(group_code)
  ops = []
  users.each do |u|
    ops << [:delete, ldap_config[:group_member], "uid=#{u}"]
  end
  connection.modify(:dn=>dn(group_code), :operations=>ops)
end

.title_of_group(group_code, filter, attributes = ['description'], &block) ⇒ Object

result.first



86
87
88
89
90
91
92
 
# File 'lib/hydra-ldap.rb', line 86

def self.title_of_group(group_code, filter, attributes=['description'], &block)
  if block_given?
    find_group(group_code, filter, attributes, &block)
  else 
    find_group(group_code, filter, attributes)
  end
end

.treebaseObject 



42
43
44
 
# File 'lib/hydra-ldap.rb', line 42

def self.treebase
  ldap_config[:base]
end

.users_for_group(group_code, filter, attributes = ['member'], &block) ⇒ Object

result.map { |v| v.sub(/^uid=/, ”) }



95
96
97
98
99
100
101
 
# File 'lib/hydra-ldap.rb', line 95

def self.users_for_group(group_code, filter, attributes=['member'], &block)
  if block_given?
    find_group(group_code, filter, attributes, &block)
  else  
    find_group(group_code, filter, attributes)
  end
end