Class: Entitlements::Data::People::LDAP

Inherits:

Object

• Object
• Entitlements::Data::People::LDAP

Includes:

Contracts::Core

Defined in:

lib/entitlements.rb,
lib/entitlements/data/people/ldap.rb

Constant Summary

C =

::Contracts

PEOPLE_ATTRIBUTES =

Default attributes

%w[cn]

UID_ATTRIBUTE =

"uid"

PARAMETERS =

Parameters

{
  "base"                     => { required: true, type: String },
  "ldap_binddn"              => { required: true, type: String },
  "ldap_bindpw"              => { required: true, type: String },
  "ldap_uri"                 => { required: true, type: String },
  "ldap_ca_file"             => { required: false, type: String },
  "person_dn_format"         => { required: true, type: String },
  "disable_ssl_verification" => { required: false, type: [FalseClass, TrueClass] },
  "additional_attributes"    => { required: false, type: Array },
  "uid_attribute"            => { required: false, type: String }
}

Class Method Summary

• .fingerprint(config) ⇒ Object
• .new_from_config(config) ⇒ Object
• .validate_config!(key, config) ⇒ Object

Instance Method Summary

• #initialize(ldap:, people_ou:, uid_attr: UID_ATTRIBUTE, people_attr: PEOPLE_ATTRIBUTES) ⇒ LDAP constructor

  A new instance of LDAP.

• #read(uid = nil) ⇒ Object

Constructor Details

#initialize(ldap:, people_ou:, uid_attr: UID_ATTRIBUTE, people_attr: PEOPLE_ATTRIBUTES) ⇒ LDAP

Returns a new instance of LDAP.

# File 'lib/entitlements/data/people/ldap.rb', line 94

def initialize(ldap:, people_ou:, uid_attr: UID_ATTRIBUTE, people_attr: PEOPLE_ATTRIBUTES)
  @ldap = ldap
  @people_ou = people_ou
  @uid_attr = uid_attr
  @people_attr = people_attr
end

Class Method Details

.fingerprint(config) ⇒ Object

# File 'lib/entitlements/data/people/ldap.rb', line 37

def self.fingerprint(config)
  PARAMETERS.keys.map { |key| config[key].inspect }.join("||")
end

.new_from_config(config) ⇒ Object

# File 'lib/entitlements/data/people/ldap.rb', line 50

def self.new_from_config(config)
  new(
    ldap: Entitlements::Service::LDAP.new_with_cache(
      addr: config.fetch("ldap_uri"),
      binddn: config.fetch("ldap_binddn"),
      bindpw: config.fetch("ldap_bindpw"),
      ca_file: config.fetch("ldap_ca_file", ENV["LDAP_CACERT"]),
      disable_ssl_verification: config.fetch("ldap_disable_ssl_verification", false),
      person_dn_format: config.fetch("person_dn_format")
    ),
    people_ou: config.fetch("base"),
    uid_attr: config.fetch("uid_attribute", UID_ATTRIBUTE),
    people_attr: config.fetch("additional_attributes", PEOPLE_ATTRIBUTES)
  )
end

.validate_config!(key, config) ⇒ Object

# File 'lib/entitlements/data/people/ldap.rb', line 75

def self.validate_config!(key, config)
  text = "LDAP people configuration for data source #{key.inspect}"
  Entitlements::Util::Util.validate_attr!(PARAMETERS, config, text)
end

Instance Method Details

#read(uid = nil) ⇒ Object

Raises:

• (Entitlements::Data::People::NoSuchPersonError)

# File 'lib/entitlements/data/people/ldap.rb', line 107

def read(uid = nil)
  @people ||= begin
    Entitlements.logger.debug "Loading people from LDAP"
    ldap.search(base: people_ou, filter: Net::LDAP::Filter.eq(uid_attr, "*"), attrs: people_attr.sort)
      .map { |person_dn, entry| [Entitlements::Util::Util.first_attr(person_dn).downcase, entry_to_person(entry)] }
      .to_h
  end

  return @people if uid.nil?
  return @people[uid.downcase] if @people[uid.downcase]
  raise Entitlements::Data::People::NoSuchPersonError, "read(#{uid.inspect}) matched no known person"
end