Module: DataTools::Transformations

Defined in:

lib/data_tools/transformations.rb

Class Method Summary

• .expand_msad_groups(hashes) ⇒ Object

  unraveling the hierarchical group membership structure in Microsoft Active Directory expand the group information from MSAD “memberOf” fields flatten the hierarchy, so each account records every group of which it is a member, even through sub-groups.

Class Method Details

.expand_msad_groups(hashes) ⇒ Object

unraveling the hierarchical group membership structure in Microsoft Active Directory expand the group information from MSAD “memberOf” fields flatten the hierarchy, so each account records every group of which it is a member, even through sub-groups

# File 'lib/data_tools/transformations.rb', line 5

def self.expand_msad_groups(hashes)
  $stderr.puts "Analyzing #{hashes.size} Active Directory records"
  msad_accounts_by_dn = hashes.key_on('DN')
  $stderr.puts "Found #{msad_accounts_by_dn.size} distinct DN values"

  # expand the multi-valued memberOf field, and look up each group
  # WARNING: does not report any cases if the DN for the group does not appear in the hashes, will just leave a nil in the list
  hashes.each do |hash|
    hash[:memberof] = (hash['memberOf'] || '').split(';').map {|dn| msad_accounts_by_dn[dn]}
  end
  $stderr.puts "Expanded groups on #{hashes.select {|h| h[:memberof].any?}.size} records"

  membership_counts = hashes.map {|h| h[:memberof].size}.sum

  begin
    $stderr.puts "Found #{membership_counts} memberships, moving up membership hierarchy..."
    base_membership_counts = membership_counts
    hashes.each do |hash|
      hash[:memberof] |= hash[:memberof].map {|g| g[:memberof]}.flatten.uniq  
    end
    membership_counts = hashes.map {|h| h[:memberof].size}.sum
    # repeat until no further memberships are found
  end while membership_counts == base_membership_counts
end