Module: GitHub::Ldap::Filter

Included in:
Domain
Defined in:
lib/github/ldap/filter.rb

Constant Summary collapse

ALL_GROUPS_FILTER = 
Net::LDAP::Filter.eq("objectClass", "groupOfNames") |
Net::LDAP::Filter.eq("objectClass", "groupOfUniqueNames")

Instance Method Summary collapse

Instance Method Details

#group_contains_filter(query) ⇒ Object

Filter groups that match a query cn.

query: is a string to match the cn with.

Returns a Net::LDAP::Filter.



49
50
51
 
# File 'lib/github/ldap/filter.rb', line 49

def group_contains_filter(query)
  Net::LDAP::Filter.contains("cn", query) & ALL_GROUPS_FILTER
end

#group_filter(group_names, user_dn = nil) ⇒ Object

Filter to get the configured groups in the ldap server. Takes the list of the group names and generate a filter for the groups with cn that match and also include members:

group_names: is an array of group CNs. user_dn: is an optional member to scope the search to.

Returns a Net::LDAP::Filter.



15
16
17
18
 
# File 'lib/github/ldap/filter.rb', line 15

def group_filter(group_names, user_dn = nil)
  or_filters = group_names.map {|g| Net::LDAP::Filter.eq("cn", g)}.reduce(:|)
  member_filter(user_dn) & or_filters
end

#login_filter(uid, login) ⇒ Object

Filter to map a uid with a login. It escapes the login before creating the filter.

uid: the entry field to map. login: the login to map.

Returns a Net::LDAP::Filter.



40
41
42
 
# File 'lib/github/ldap/filter.rb', line 40

def (uid, )
  Net::LDAP::Filter.eq(uid, Net::LDAP::Filter.escape())
end

#member_filter(user_dn = nil) ⇒ Object

Filter to check a group membership.

user_dn: is an optional user_dn to scope the search to.

Returns a Net::LDAP::Filter.



25
26
27
28
29
30
31
 
# File 'lib/github/ldap/filter.rb', line 25

def member_filter(user_dn = nil)
  if user_dn
    Net::LDAP::Filter.eq("member", user_dn) | Net::LDAP::Filter.eq("uniqueMember", user_dn)
  else
    Net::LDAP::Filter.pres("member") | Net::LDAP::Filter.pres("uniqueMember")
  end
end