Class: Cratus::User

Inherits:

Object

• Object
• Cratus::User

Includes:

Comparable

Defined in:

lib/cratus/user.rb

Overview

An LDAP User representation

Instance Attribute Summary

• #search_base ⇒ Object readonly

  Returns the value of attribute search_base.

• #username ⇒ Object readonly

  Returns the value of attribute username.

Class Method Summary

• .all ⇒ Object

  All the LDAP Users.

• .ldap_dn_attribute ⇒ Object
• .ldap_object_class ⇒ Object
• .ldap_return_attributes ⇒ Object
• .ldap_search_base ⇒ Object

Instance Method Summary

• #<=>(other) ⇒ Object
• #add_to_group(group) ⇒ Object

  Add a user to a group.

• #department ⇒ Object
• #dn ⇒ Object
• #email ⇒ Object
• #fullname ⇒ Object
• #initialize(username) ⇒ User constructor

  A new instance of User.

• #locked? ⇒ Boolean

  fossies.org/linux/web2ldap/pylib/w2lapp/schema/plugins/activedirectory.py msdn.microsoft.com/en-us/library/windows/desktop/ms676843(v=vs.85).aspx.

• #lockoutduration ⇒ Object
• #lockouttime ⇒ Object
• #member_of ⇒ Object (also: #groups)
• #remove_from_group(group) ⇒ Object

  Remove a user from a group.

Constructor Details

#initialize(username) ⇒ User

Returns a new instance of User.

# File 'lib/cratus/user.rb', line 7

def initialize(username)
  @username = username
  @search_base = self.class.ldap_search_base
  @raw_ldap_data = Cratus::LDAP.search(
    "(#{self.class.ldap_dn_attribute}=#{@username})",
    basedn: @search_base,
    attrs: self.class.ldap_return_attributes
  ).last
end

Instance Attribute Details

#search_base ⇒ Object (readonly)

Returns the value of attribute search_base.

# File 'lib/cratus/user.rb', line 5

def search_base
  @search_base
end

#username ⇒ Object (readonly)

Returns the value of attribute username.

# File 'lib/cratus/user.rb', line 5

def username
  @username
end

Class Method Details

.all ⇒ Object

All the LDAP Users

# File 'lib/cratus/user.rb', line 98

def self.all
  raw_results = Cratus::LDAP.search(
    "(objectClass=#{ldap_object_class})",
    basedn: ldap_search_base,
    attrs: ldap_dn_attribute
  )
  raw_results.map do |entry|
    new(entry[ldap_dn_attribute.to_sym].last)
  end
end

.ldap_dn_attribute ⇒ Object

# File 'lib/cratus/user.rb', line 109

def self.ldap_dn_attribute
  Cratus.config.user_dn_attribute.to_s
end

.ldap_object_class ⇒ Object

# File 'lib/cratus/user.rb', line 113

def self.ldap_object_class
  Cratus.config.user_objectclass.to_s
end

.ldap_return_attributes ⇒ Object

# File 'lib/cratus/user.rb', line 117

def self.ldap_return_attributes
  [
    Cratus.config.user_dn_attribute.to_s,
    Cratus.config.user_department_attribute.to_s,
    Cratus.config.user_mail_attribute.to_s,
    Cratus.config.user_displayname_attribute.to_s,
    Cratus.config.user_memberof_attribute.to_s,
    Cratus.config.user_lockout_attribute.to_s
  ]
end

.ldap_search_base ⇒ Object

# File 'lib/cratus/user.rb', line 128

def self.ldap_search_base
  Cratus.config.user_basedn.to_s
end

Instance Method Details

#<=>(other) ⇒ Object

# File 'lib/cratus/user.rb', line 93

def <=>(other)
  @username <=> other.username
end

#add_to_group(group) ⇒ Object

Add a user to a group

# File 'lib/cratus/user.rb', line 18

def add_to_group(group)
  raise 'InvalidGroup' unless group.respond_to?(:add_user)
  # just be lazy and hand off to the group to do the work...
  group.add_user(self)
end

#department ⇒ Object

# File 'lib/cratus/user.rb', line 31

def department
  @raw_ldap_data[Cratus.config.user_department_attribute].last
end

#dn ⇒ Object

# File 'lib/cratus/user.rb', line 35

def dn
  @raw_ldap_data[:dn].last
end

#email ⇒ Object

# File 'lib/cratus/user.rb', line 39

def email
  @raw_ldap_data[Cratus.config.user_mail_attribute].last
end

#fullname ⇒ Object

# File 'lib/cratus/user.rb', line 43

def fullname
  @raw_ldap_data[Cratus.config.user_displayname_attribute].last
end

#locked? ⇒ Boolean

fossies.org/linux/web2ldap/pylib/w2lapp/schema/plugins/activedirectory.py msdn.microsoft.com/en-us/library/windows/desktop/ms676843(v=vs.85).aspx

Returns:

• (Boolean)

# File 'lib/cratus/user.rb', line 56

def locked?
  return false if lockouttime.zero?
  epoch = 116_444_736_000_000_000
  current = Time.now.to_i * 10_000_000
  current - (lockouttime - epoch) < lockoutduration
end

#lockoutduration ⇒ Object

# File 'lib/cratus/user.rb', line 63

def lockoutduration
  raw_results = Cratus::LDAP.search(
    '(objectClass=domain)',
    basedn: Cratus.config.basedn,
    attrs: 'lockoutDuration',
    scope: 'object'
  ).last
  Integer(raw_results[:lockoutduration].last) * -1
end

#lockouttime ⇒ Object

# File 'lib/cratus/user.rb', line 47

def lockouttime
  Integer(@raw_ldap_data[Cratus.config.user_lockout_attribute].last.to_s)
rescue => _e
  0 # If we can't determine the value (for instance, if it is empty), just assume 0
end

#member_of ⇒ Object Also known as: groups

# File 'lib/cratus/user.rb', line 73

def member_of
  memrof_attr = Cratus.config.user_memberof_attribute
  # TODO: move the search filter to a configurable param
  if Cratus.config.include_distribution_groups
    raw_groups = @raw_ldap_data[memrof_attr]
  else
    raw_groups = @raw_ldap_data[memrof_attr].reject { |g| g.match(/OU=Distribution Groups/) }
  end
  initial_groups = raw_groups.map do |raw_group|
    Group.new(raw_group.match(/^#{Group.ldap_dn_attribute.to_s.upcase}=([^,]+),/)[1])
  end
  all_the_groups = initial_groups
  initial_groups.each do |group|
    all_the_groups.concat(group.member_of)
  end
  all_the_groups.uniq(&:name)
end

#remove_from_group(group) ⇒ Object

Remove a user from a group

# File 'lib/cratus/user.rb', line 25

def remove_from_group(group)
  raise 'InvalidGroup' unless group.respond_to?(:remove_user)
  # just be lazy and hand off to the group to do the work...
  group.remove_user(self)
end