Class: Blueauth

Inherits:
Object
  • Object
show all
Defined in:
lib/blueauth.rb,
lib/blueauth/error.rb,
lib/blueauth/version.rb,
lib/blueauth/certificates.rb

Defined Under Namespace

Classes: BlueError, Error

Constant Summary collapse

BPBASE = 
'ou=bluepages,o=ibm.com'
BGBASE = 
'ou=memberlist,ou=ibmgroups,o=ibm.com'
BPHOSTS = 
[['bluepages.ibm.com',636]]
VERSION = 
"1.1.0"
OLD_CERT =

Having only the root signer certificate (DigiCert Global Root G2) in the TLS client truststore is sufficient. w3-connections.ibm.com/wikis/home?lang=en-us#!/wiki/W1f849f7604cc_43a5_a6d9_2ad1fcbc532e/page/Digital%20Certificate%20FAQs knowledge.geotrust.com/support/knowledge-base/index?page=content&id=INFO1421#lightbox-06

"-----BEGIN CERTIFICATE-----
MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI
2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx
1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ
q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz
tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ
vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP
BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV
5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY
1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4
NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG
Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91
8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe
pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl
MrY=
-----END CERTIFICATE-----"
NEW_CERT =

The root signer certificate (Equifax) in the current certificate chain will also expire on August 22, 2018. knowledge.geotrust.com/support/knowledge-base/index?page=content&id=INFO4668

"-----BEGIN CERTIFICATE-----
MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB
CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97
nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt
43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P
T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4
gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO
BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR
TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw
DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr
hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg
06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF
PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls
YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
-----END CERTIFICATE-----"

Instance Method Summary collapse

Constructor Details

#initializeBlueauth

Returns a new instance of Blueauth.



16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/blueauth.rb', line 16

def initialize

  cert_store = OpenSSL::X509::Store.new
  cert_store.add_cert OpenSSL::X509::Certificate.new(NEW_CERT)
  cert_store.add_cert OpenSSL::X509::Certificate.new(OLD_CERT)

  @ldap = Net::LDAP.new hosts: BPHOSTS, connect_timeout: 15, encryption: {
    method: :simple_tls,
    tls_options: {
      ssl_version: :TLSv1_2,
      verify_mode: OpenSSL::SSL::VERIFY_PEER,
      cert_store: cert_store
    }
  }
end

Instance Method Details

#authenticate(id, password) ⇒ Object

using this method a user can be authenticated Intraned ID, password are mandatory



34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
 
# File 'lib/blueauth.rb', line 34

def authenticate(id, password)
  user = search id.strip
  unless user.nil?
    @ldap.auth user[:dn], password.strip
    begin
      auth = @ldap.bind
    rescue => e
      raise BlueError, "BluePages Bind issue -> #{e.message}"
    end
    if auth
      groups = bluegroups user[:dn]
      return user.merge({groups: groups})
    else
      return nil
    end
  end
end

#bluegroups(dn) ⇒ Object 



98
99
100
101
102
103
104
105
106
107
108
 
# File 'lib/blueauth.rb', line 98

def bluegroups(dn)
  result = []
  filter = Net::LDAP::Filter.eq('uniquemember', dn)
  begin
    bgres = @ldap.search(base: BGBASE, filter: filter, attributes: ['cn'])
    bgres.each {|g| result << g.cn.first}
  rescue => e
    raise BlueError, "BlueGroup Search issue -> #{e.message}"
  end
  return result
end

#search(id) ⇒ Object

Tries to find the given user id in Enterprise Directory and the result will be an LDAP object user id can be

- Intranet ID (must contain '@' sign)
- Notes ID (must contain '/' sign)
- Common name (none of the previous two)

return object contains :name, :country, :intranetid, :dn



59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
 
# File 'lib/blueauth.rb', line 59

def search(id)
  if id.include? '@'
    searchfield = 'mail'
  elsif id.include? '/'
    searchfield = 'notesid'
    email_parts = id.split('/')
    id = ''
    c = 1
    email_parts.each do |part|
      id =
        case c
          when 1
            'CN='+part
          when email_parts.count
            id + '/O='+part
          else
            id + '/OU='+part
        end
      c += 1
    end
  else
    searchfield = 'cn'
  end
  filter = Net::LDAP::Filter.eq(searchfield, id) & Net::LDAP::Filter.eq('objectclass', "ibmPerson")
  begin
    user_array = @ldap.search(base: BPBASE, filter: filter, size: 1)
  rescue => e
    raise BlueError, "BluePages Search issue -> #{e.message}"
  end

  if user_array.count == 0
    result = nil
  else
    user = user_array.first
    result = {name: user.cn.first, callupname: user&.callupname&.first || '', country: user.co.first, intranetid: user.preferredidentity.first, dn: user.dn}
  end
  return result
end