Class: Blueauth

Inherits:

Object

• Object
• Blueauth

Defined in:

lib/blueauth.rb,
lib/blueauth/error.rb,
lib/blueauth/version.rb,
lib/blueauth/certificates.rb

Defined Under Namespace

Classes: BlueError, Error

Constant Summary

BPBASE =

'ou=bluepages,o=ibm.com'

BGBASE =

'ou=memberlist,ou=ibmgroups,o=ibm.com'

BPHOSTS =

[['bluepages.ibm.com',636]]

VERSION =

"1.0.2"

NEW_CERT =

Having only the root signer certificate (DigiCert Global Root G2) in the TLS client truststore is sufficient. w3-connections.ibm.com/wikis/home?lang=en-us#!/wiki/W1f849f7604cc_43a5_a6d9_2ad1fcbc532e/page/Digital%20Certificate%20FAQs knowledge.geotrust.com/support/knowledge-base/index?page=content&id=INFO1421#lightbox-06

"-----BEGIN CERTIFICATE-----
MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI
2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx
1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ
q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz
tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ
vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP
BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV
5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY
1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4
NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG
Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91
8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe
pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl
MrY=
-----END CERTIFICATE-----"

OLD_CERT =

The root signer certificate (Equifax) in the current certificate chain will also expire on August 22, 2018. knowledge.geotrust.com/support/knowledge-base/index?page=content&id=INFO4668

"-----BEGIN CERTIFICATE-----
MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f
BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A
cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC
AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ
MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw
ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj
IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF
MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
-----END CERTIFICATE-----"

Instance Method Summary

• #authenticate(id, password) ⇒ Object

  using this method a user can be authenticated Intraned ID, password are mandatory.

• #bluegroups(dn) ⇒ Object
• #initialize ⇒ Blueauth constructor

  A new instance of Blueauth.

• #search(id) ⇒ Object

  Tries to find the given user id in Enterprise Directory and the result will be an LDAP object user id can be - Intranet ID (must contain ‘@’ sign) - Notes ID (must contain ‘/’ sign) - Common name (none of the previous two) return object contains :name, :country, :intranetid, :dn.

Constructor Details

#initialize ⇒ Blueauth

Returns a new instance of Blueauth.

# File 'lib/blueauth.rb', line 16

def initialize

  cert_store = OpenSSL::X509::Store.new
  cert_store.add_cert OpenSSL::X509::Certificate.new(NEW_CERT)
  cert_store.add_cert OpenSSL::X509::Certificate.new(OLD_CERT)

  @ldap = Net::LDAP.new hosts: BPHOSTS, connect_timeout: 15, encryption: {
    method: :simple_tls,
    tls_options: {
      ssl_version: :TLSv1_2,
      verify_mode: OpenSSL::SSL::VERIFY_PEER,
      cert_store: cert_store
    }
  }
end

Instance Method Details

#authenticate(id, password) ⇒ Object

using this method a user can be authenticated Intraned ID, password are mandatory

# File 'lib/blueauth.rb', line 34

def authenticate(id, password)
  user = search id.strip
  unless user.nil?
    @ldap.auth user[:dn], password.strip
    begin
      auth = @ldap.bind
    rescue => e
      raise BlueError, "BluePages Bind issue -> #{e.message}"
    end
    if auth
      groups = bluegroups user[:dn]
      return user.merge({groups: groups})
    else
      return nil
    end
  end
end

#bluegroups(dn) ⇒ Object

# File 'lib/blueauth.rb', line 98

def bluegroups(dn)
  result = []
  filter = Net::LDAP::Filter.eq('uniquemember', dn)
  begin
    bgres = @ldap.search(base: BGBASE, filter: filter, attributes: ['cn'])
    bgres.each {|g| result << g.cn.first}
  rescue => e
    raise BlueError, "BlueGroup Search issue -> #{e.message}"
  end
  return result
end

#search(id) ⇒ Object

Tries to find the given user id in Enterprise Directory and the result will be an LDAP object user id can be

- Intranet ID (must contain '@' sign)
- Notes ID (must contain '/' sign)
- Common name (none of the previous two)

return object contains :name, :country, :intranetid, :dn

# File 'lib/blueauth.rb', line 59

def search(id)
  if id.include? '@'
    searchfield = 'mail'
  elsif id.include? '/'
    searchfield = 'notesid'
    email_parts = id.split('/')
    id = ''
    c = 1
    email_parts.each do |part|
      id =
        case c
          when 1
            'CN='+part
          when email_parts.count
            id + '/O='+part
          else
            id + '/OU='+part
        end
      c += 1
    end
  else
    searchfield = 'cn'
  end
  filter = Net::LDAP::Filter.eq(searchfield, id) & Net::LDAP::Filter.eq('objectclass', "ibmPerson")
  begin
    user_array = @ldap.search(base: BPBASE, filter: filter, size: 1)
  rescue => e
    raise BlueError, "BluePages Search issue -> #{e.message}"
  end

  if user_array.count == 0
    result = nil
  else
    user = user_array.first
    result = {name: user.cn.first, callupname: user&.callupname&.first || '', country: user.co.first, intranetid: user.preferredidentity.first, dn: user.dn}
  end
  return result
end