Class: Cratus::Group

Inherits:

Object

Object
Cratus::Group

show all

Includes:: Comparable

Defined in:: lib/cratus/group.rb

Overview

An LDAP Group representation

Instance Attribute Summary collapse

#name ⇒ Object readonly

Returns the value of attribute name.
#search_base ⇒ Object readonly

Returns the value of attribute search_base.

Class Method Summary collapse

Instance Method Summary collapse

#<=>(other) ⇒ Object

Compare based on the group’s name TODO: possibly change to dn.
#add_user(user) ⇒ Object

Add a User to the group.
#description ⇒ Object

LDAP description attribute.
#dn ⇒ Object

Returns the LDAP dn for a Group.
#initialize(name) ⇒ Group constructor

A new instance of Group.
#member_groups ⇒ Object
#member_of ⇒ Object

Recursively determine group memberships of a group.
#members ⇒ Object

LDAP users that are a member of this group.
#remove_user(user) ⇒ Object

Remove a User from the group.

Constructor Details

#initialize(name) ⇒ `Group`

Returns a new instance of Group.

# File 'lib/cratus/group.rb', line 7

def initialize(name)
  @name = name
  @search_base = self.class.ldap_search_base
  @raw_ldap_data = Cratus::LDAP.search(
    "(#{self.class.ldap_dn_attribute}=#{@name})",
    basedn: @search_base,
    attrs: self.class.ldap_return_attributes
  ).last
end

Instance Attribute Details

#name ⇒ `Object` (readonly)

Returns the value of attribute name.



5
6
7

# File 'lib/cratus/group.rb', line 5

def name
  @name
end

#search_base ⇒ `Object` (readonly)

Returns the value of attribute search_base.



5
6
7

# File 'lib/cratus/group.rb', line 5

def search_base
  @search_base
end

Class Method Details

.all ⇒ `Object`

All the LDAP Groups

# File 'lib/cratus/group.rb', line 91

def self.all
  filter = "(#{ldap_dn_attribute}=*)"
  Cratus::LDAP.search(filter, basedn: ldap_search_base, attrs: ldap_dn_attribute).map do |entry|
    new(entry[ldap_dn_attribute.to_sym].last)
  end
end

.ldap_dn_attribute ⇒ `Object`



98
99
100

# File 'lib/cratus/group.rb', line 98

def self.ldap_dn_attribute
  Cratus.config.group_dn_attribute.to_s
end

.ldap_object_class ⇒ `Object`



102
103
104

# File 'lib/cratus/group.rb', line 102

def self.ldap_object_class
  Cratus.config.group_objectclass.to_s
end

.ldap_return_attributes ⇒ `Object`

# File 'lib/cratus/group.rb', line 106

def self.ldap_return_attributes
  [
    Cratus.config.group_dn_attribute.to_s,
    Cratus.config.group_member_attribute.to_s,
    Cratus.config.group_description_attribute.to_s,
    Cratus.config.group_memberof_attribute.to_s
  ]
end

.ldap_search_base ⇒ `Object`



115
116
117

# File 'lib/cratus/group.rb', line 115

def self.ldap_search_base
  Cratus.config.group_basedn.to_s
end

Instance Method Details

#<=>(other) ⇒ `Object`

Compare based on the group’s name TODO: possibly change to dn



121
122
123

# File 'lib/cratus/group.rb', line 121

def <=>(other)
  @name <=> other.name
end

#add_user(user) ⇒ `Object`

Add a User to the group

# File 'lib/cratus/group.rb', line 63

def add_user(user)
  raise 'InvalidUser' unless user.respond_to?(:dn)
  direct_members = @raw_ldap_data[Cratus.config.group_member_attribute]
  return true if direct_members.include?(user.dn)

  direct_members << user.dn
  Cratus::LDAP.replace_attribute(
    dn,
    Cratus.config.group_member_attribute,
    direct_members.uniq
  )
end

#description ⇒ `Object`

LDAP description attribute



58
59
60

# File 'lib/cratus/group.rb', line 58

def description
  @raw_ldap_data[Cratus.config.group_description_attribute].last
end

#dn ⇒ `Object`

Returns the LDAP dn for a Group



53
54
55

# File 'lib/cratus/group.rb', line 53

def dn
  @raw_ldap_data[:dn].last
end

#member_groups ⇒ `Object`



22
23
24

# File 'lib/cratus/group.rb', line 22

def member_groups
  all_members[:groups]
end

#member_of ⇒ `Object`

Recursively determine group memberships of a group

# File 'lib/cratus/group.rb', line 27

def member_of
  memrof_attr = Cratus.config.group_memberof_attribute

  # TODO: make this work with more things...
  unless @raw_ldap_data
    STDERR.puts "WARNING: Group '#{@name}' appears to be invalid or beyond the search scope!"
    return []
  end

  # TODO: move the search filter to a configurable param
  if Cratus.config.include_distribution_groups
    raw_groups = @raw_ldap_data[memrof_attr]
  else
    raw_groups = @raw_ldap_data[memrof_attr].reject { |g| g.match(/OU=Distribution Groups/) }
  end
  initial_groups = raw_groups.map do |raw_group|
    Group.new(raw_group.match(/^#{Group.ldap_dn_attribute.to_s.upcase}=([^,]+),/)[1])
  end
  all_the_groups = initial_groups
  initial_groups.each do |group|
    all_the_groups.concat(group.member_of) # recursion!
  end
  all_the_groups.uniq(&:name)
end

#members ⇒ `Object`

LDAP users that are a member of this group



18
19
20

# File 'lib/cratus/group.rb', line 18

def members
  all_members[:users]
end

#remove_user(user) ⇒ `Object`

Remove a User from the group

# File 'lib/cratus/group.rb', line 77

def remove_user(user)
  raise 'InvalidUser' unless user.respond_to?(:dn)
  direct_members = @raw_ldap_data[Cratus.config.group_member_attribute]
  return true unless direct_members.include?(user.dn)

  direct_members.delete(user.dn)
  Cratus::LDAP.replace_attribute(
    dn,
    Cratus.config.group_member_attribute,
    direct_members.uniq
  )
end

Class: Cratus::Group

Overview

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(name) ⇒ Group

Instance Attribute Details

#name ⇒ Object (readonly)

#search_base ⇒ Object (readonly)

Class Method Details

.all ⇒ Object

.ldap_dn_attribute ⇒ Object

.ldap_object_class ⇒ Object

.ldap_return_attributes ⇒ Object

.ldap_search_base ⇒ Object

Instance Method Details

#<=>(other) ⇒ Object

#add_user(user) ⇒ Object

#description ⇒ Object

#dn ⇒ Object

#member_groups ⇒ Object

#member_of ⇒ Object

#members ⇒ Object

#remove_user(user) ⇒ Object