Class: Blueauth
- Inherits:
-
Object
- Object
- Blueauth
- Defined in:
- lib/blueauth.rb,
lib/blueauth/error.rb,
lib/blueauth/version.rb,
lib/blueauth/certificates.rb
Defined Under Namespace
Constant Summary collapse
- BPBASE =
'ou=bluepages,o=ibm.com'
- BGBASE =
'ou=memberlist,ou=ibmgroups,o=ibm.com'
- BPHOSTS =
[['bluepages.ibm.com',636]]
- VERSION =
"1.1.0"
- OLD_CERT =
Having only the root signer certificate (DigiCert Global Root G2) in the TLS client truststore is sufficient. w3-connections.ibm.com/wikis/home?lang=en-us#!/wiki/W1f849f7604cc_43a5_a6d9_2ad1fcbc532e/page/Digital%20Certificate%20FAQs knowledge.geotrust.com/support/knowledge-base/index?page=content&id=INFO1421#lightbox-06
"-----BEGIN CERTIFICATE----- MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI 2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx 1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV 5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY 1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4 NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91 8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl MrY= -----END CERTIFICATE-----"
- NEW_CERT =
The root signer certificate (Equifax) in the current certificate chain will also expire on August 22, 2018. knowledge.geotrust.com/support/knowledge-base/index?page=content&id=INFO4668
"-----BEGIN CERTIFICATE----- MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97 nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt 43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4 gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg 06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= -----END CERTIFICATE-----"
Instance Method Summary collapse
-
#authenticate(id, password) ⇒ Object
using this method a user can be authenticated Intraned ID, password are mandatory.
- #bluegroups(dn) ⇒ Object
-
#initialize ⇒ Blueauth
constructor
A new instance of Blueauth.
-
#search(id) ⇒ Object
Tries to find the given user id in Enterprise Directory and the result will be an LDAP object user id can be - Intranet ID (must contain ‘@’ sign) - Notes ID (must contain ‘/’ sign) - Common name (none of the previous two) return object contains :name, :country, :intranetid, :dn.
Constructor Details
#initialize ⇒ Blueauth
Returns a new instance of Blueauth.
16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
# File 'lib/blueauth.rb', line 16 def initialize cert_store = OpenSSL::X509::Store.new cert_store.add_cert OpenSSL::X509::Certificate.new(NEW_CERT) cert_store.add_cert OpenSSL::X509::Certificate.new(OLD_CERT) @ldap = Net::LDAP.new hosts: BPHOSTS, connect_timeout: 15, encryption: { method: :simple_tls, tls_options: { ssl_version: :TLSv1_2, verify_mode: OpenSSL::SSL::VERIFY_PEER, cert_store: cert_store } } end |
Instance Method Details
#authenticate(id, password) ⇒ Object
using this method a user can be authenticated Intraned ID, password are mandatory
34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 |
# File 'lib/blueauth.rb', line 34 def authenticate(id, password) user = search id.strip unless user.nil? @ldap.auth user[:dn], password.strip begin auth = @ldap.bind rescue => e raise BlueError, "BluePages Bind issue -> #{e.}" end if auth groups = bluegroups user[:dn] return user.merge({groups: groups}) else return nil end end end |
#bluegroups(dn) ⇒ Object
98 99 100 101 102 103 104 105 106 107 108 |
# File 'lib/blueauth.rb', line 98 def bluegroups(dn) result = [] filter = Net::LDAP::Filter.eq('uniquemember', dn) begin bgres = @ldap.search(base: BGBASE, filter: filter, attributes: ['cn']) bgres.each {|g| result << g.cn.first} rescue => e raise BlueError, "BlueGroup Search issue -> #{e.}" end return result end |
#search(id) ⇒ Object
Tries to find the given user id in Enterprise Directory and the result will be an LDAP object user id can be
- Intranet ID (must contain '@' sign)
- Notes ID (must contain '/' sign)
- Common name (none of the previous two)
return object contains :name, :country, :intranetid, :dn
59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 |
# File 'lib/blueauth.rb', line 59 def search(id) if id.include? '@' searchfield = 'mail' elsif id.include? '/' searchfield = 'notesid' email_parts = id.split('/') id = '' c = 1 email_parts.each do |part| id = case c when 1 'CN='+part when email_parts.count id + '/O='+part else id + '/OU='+part end c += 1 end else searchfield = 'cn' end filter = Net::LDAP::Filter.eq(searchfield, id) & Net::LDAP::Filter.eq('objectclass', "ibmPerson") begin user_array = @ldap.search(base: BPBASE, filter: filter, size: 1) rescue => e raise BlueError, "BluePages Search issue -> #{e.}" end if user_array.count == 0 result = nil else user = user_array.first result = {name: user.cn.first, callupname: user&.callupname&.first || '', country: user.co.first, intranetid: user.preferredidentity.first, dn: user.dn} end return result end |