Class: ActiveDirectoryForRuby::ActiveDirectoryForRuby

Inherits:

Object

Object
ActiveDirectoryForRuby::ActiveDirectoryForRuby

Defined in:: lib/ActiveDirectoryForRuby.rb

Overview

ActiveDirectoryForRuby

Allows for easy access to MS Windows Server’s ActiveDirectory Authentication and data.

Overrides [] operator, maps LDAP fields to Method names, and provides a simple authenticate() method for easy authentication.

Instance Method Summary collapse

#[](username) ⇒ Object

pp adconn.
#authenticate(user, pass) ⇒ Object

Returns true or false depending on wether user and password were or not succesfully authenticated.
#get(user, what = nil) ⇒ Object

Receives a user’s login and optionally a second parameter as an array containing symbols representing fields in LDAP examples:.
#initialize(strConfigFile) ⇒ ActiveDirectoryForRuby constructor

Constructor.

Constructor Details

#initialize(strConfigFile) ⇒ `ActiveDirectoryForRuby`

Constructor

Receives a single parameter which is the path to the ActiveDirectory data YAML config file.

Config file’s structure is describe in README.txt

# File 'lib/ActiveDirectoryForRuby.rb', line 44

def initialize(strConfigFile)
	lconfig = YAML::load(ERB.new(IO.read(strConfigFile)).result).freeze
	@config = {}
	lconfig.each do |key, value|
		temp = {}
		value.each do |key2, value2|
			temp[key2.to_sym] = value2
		end
		@config[key.to_sym] = temp
	end
end

Instance Method Details

#[](username) ⇒ `Object`

pp adconn

Would return an object whose methods correspond to LDAP fields, with a ldap_ prefix for example:

pp adconn.ldap_givenname

Would return the user’s givenname, which usually is in AD, the user’s first name.



125
126
127

# File 'lib/ActiveDirectoryForRuby.rb', line 125

def[](username)
	return ActiveDirectoryForRubyFields.new(get(username))
end

#authenticate(user, pass) ⇒ `Object`

Returns true or false depending on wether user and password were or not succesfully authenticated. example:

adconn.authenticate(‘myuser’, ‘secretpass’)

> true

# File 'lib/ActiveDirectoryForRuby.rb', line 63

def authenticate(user, pass)
	ldap_con = createconnection(@config[:admin][:distinguished_name], @config[:admin][:password])
	user_filter = Net::LDAP::Filter.eq( @config[:search][:field], user )
	op_filter = Net::LDAP::Filter.eq( "objectClass", "organizationalPerson" )
	dn = String.new
	ldap_con.search( :base => @config[:search][:base], :filter => op_filter & user_filter, :attributes=> 'dn') do |entry|
		dn = entry.dn
	end
	login_succeeded = false
	unless dn.empty?
		ldap_con = createconnection(dn, pass)
		login_succeeded = true if ldap_con.bind
	end
	return login_succeeded
end

#get(user, what = nil) ⇒ `Object`

Receives a user’s login and optionally a second parameter as an array containing symbols representing fields in LDAP examples:

adconn.get(‘myuser’) # Would return all fields win.get(‘myuser’, [ :cn, :sn ]) # Would return :dn, :cn and :sn

Additionally get() creates an additional field :organizational_unit based on :dn with a humanized version of any Organizational Unit (OU) fields available in :dn and reversed, for example if we had a :dn like

‘CN=Homer Simpson,OU=Springfield,OU=USA,DC=nuclearplant,DC=com’

win.get(‘myuser’)

would yield: ‘USA, Springfield’

# File 'lib/ActiveDirectoryForRuby.rb', line 96

def get(user, what = nil)
	@data ||= {}
	if @data[user].nil?
		ldap_con = createconnection(@config[:admin][:distinguished_name], @config[:admin][:password])
		user_filter = Net::LDAP::Filter.eq( @config[:search][:field], user )
		op_filter = Net::LDAP::Filter.eq( "objectClass", "organizationalPerson" )
		data = nil
		ldap_con.search( :base => @config[:search][:base], :filter => op_filter & user_filter, :attributes=> what) do |entry|
			data = entry
			data[:organizational_unit] = ''
			data[:organizational_unit] = entry[:dn][0].split(',').collect{|c| case c[0..1] when 'OU' then c else nil end}.compact.collect{|c| c.split('=')[1] }.reverse.join(', ') unless entry[:dn][0].nil? unless entry[:dn].nil? unless entry.nil?
		end
		@data[user] = data
	end
	return @data[user]
end