Module: Hydra::LDAP

Defined in:
lib/hydra-ldap.rb,
lib/hydra/ldap/engine.rb,
lib/hydra/ldap/version.rb

Defined Under Namespace

Classes: Engine, GroupNotFound, MissingOwnerError, NoUsersError

Constant Summary collapse

VERSION = 
"0.1.0"

Class Method Summary collapse

Class Method Details

.add_users_to_group(group_code, users) ⇒ Object 



113
114
115
116
117
118
119
120
 
# File 'lib/hydra-ldap.rb', line 113

def self.add_users_to_group(group_code, users)
  invalidate_cache(group_code)
  ops = []
  users.each do |u|
    ops << [:add, ldap_config[:group_member], "uid=#{u}"]
  end
  connection.modify(:dn=>dn(group_code), :operations=>ops)
end

.connectionObject 



14
15
16
 
# File 'lib/hydra-ldap.rb', line 14

def self.connection
  @ldap_conn ||= Net::LDAP.new(ldap_connection_config)
end

.create_group(code, attributes) ⇒ Object

def self.create_group(code, description, owner, users) dn => dn(code) attributes = 

:cn => code,
:objectclass => "groupofnames",
:description => description,
:member=>users.map {|u| "uid=#{u"},
:owner=>"uid=#owner"

}

Raises:



60
61
62
63
64
 
# File 'lib/hydra-ldap.rb', line 60

def self.create_group(code, attributes)
  raise NoUsersError, "Unable to persist a group without users" unless attributes[:uniquemember] 
  raise MissingOwnerError, "Unable to persist a group without owner" unless attributes[:owner] 
  connection.add(:dn=>dn(code), :attributes=>attributes)
end

.delete_group(code) ⇒ Object 



66
67
68
 
# File 'lib/hydra-ldap.rb', line 66

def self.delete_group(code)
  connection.delete(:dn=>dn(code))
end

.dn(code) ⇒ Object 



47
48
49
 
# File 'lib/hydra-ldap.rb', line 47

def self.dn(code)
  dn = "cn=#{code},#{group_base}"
end

.does_group_exist?(filter) ⇒ Boolean

hits = connection.search(:base=>group_base, :filter=>Net::LDAP::Filter.eq(‘cn’, cn))

Returns:

  • (Boolean) 


167
168
169
170
 
# File 'lib/hydra-ldap.rb', line 167

def self.does_group_exist?(filter)
  hits = connection.search(:base=>group_base, :filter=>filter)
  return hits.count == 1
end

.does_user_exist?(filter) ⇒ Boolean

hits = connection.search(:base=>group_base, :filter=>Net::LDAP::Filter.eq(‘uid’, uid))

Returns:

  • (Boolean) 


155
156
157
158
 
# File 'lib/hydra-ldap.rb', line 155

def self.does_user_exist?(filter)
  hits = connection.search(:base=>treebase, :filter=>filter)
  return !hits.empty?
end

.find_group(group_code, filter, attributes, &block) ⇒ Object

NW result = connection.search(:base=>group_base, :filter=> Net::LDAP::Filter.construct(“(&(objectClass=groupofnames)(cn=#group_code))”), :attributes=>[‘member’, ‘owner’, ‘description’]) result.first.each do |k, v|

val[k] = v

end

Raises:



140
141
142
143
144
145
146
147
 
# File 'lib/hydra-ldap.rb', line 140

def self.find_group(group_code, filter, attributes, &block)
  @cache ||= {}
  return @cache[[group_code, filter, attributes]] if @cache[[group_code, filter, attributes]]
  result = connection.search(:base=>group_base, :filter=> filter, :attributes=>attributes)
  raise GroupNotFound, "Can't find group '#{group_code}' in ldap" unless result.first
  @cache[[group_code, filter, attributes]] = result
  block.call(result) if block_given?
end

.get_user(filter, attribute = []) ⇒ Object 



149
150
151
152
 
# File 'lib/hydra-ldap.rb', line 149

def self.get_user(filter, attribute=[])
  result = connection.search(:base=>treebase, :filter => filter, :attributes => attribute)
  return result
end

.group_baseObject 



39
40
41
 
# File 'lib/hydra-ldap.rb', line 39

def self.group_base
  ldap_config[:group_base]
end

.groups_for_user(filter, attributes = ['psMemberOf'], &block) ⇒ Object

same as ldapsearch -h ec2-107-20-53-121.compute-1.amazonaws.com -p 389 -x -b dc=example,dc=com -D “cn=admin,dc=example,dc=com” -W “(&(objectClass=groupofnames)(member=uid=vanessa))” cn Northwestern passes attributes= PSU filter=Net::LDAP::Filter.eq(‘uid’, uid) NW filter=Net::LDAP::Filter.construct(“(&(objectClass=groupofnames)(member=uid=#uid))”))



75
76
77
78
 
# File 'lib/hydra-ldap.rb', line 75

def self.groups_for_user(filter, attributes=['psMemberOf'], &block)
  result = connection.search(:base=>group_base, :filter => filter, :attributes => attributes)
  block.call(result) if block_given?
end

.groups_owned_by_user(filter, attributes = ['cn'], &block) ⇒ Object

NW - return result.map{|r| r.first}



81
82
83
84
 
# File 'lib/hydra-ldap.rb', line 81

def self.groups_owned_by_user(filter, attributes=['cn'], &block)
  result = connection.search(:base=>group_base, :filter=> filter, :attributes=>attributes)
  block.call(result) if block_given?
end

.invalidate_cache(group_code) ⇒ Object 



131
132
133
134
 
# File 'lib/hydra-ldap.rb', line 131

def self.invalidate_cache(group_code)
  @cache ||= {}
  @cache[group_code] = nil
end

.is_user_unique?(filter) ⇒ Boolean

hits = connection.search(:base=>group_base, :filter=>Net::LDAP::Filter.eq(‘uid’, uid))

Returns:

  • (Boolean) 


161
162
163
164
 
# File 'lib/hydra-ldap.rb', line 161

def self.is_user_unique?(filter)
  hits = connection.search(:base=>treebase, :filter=>filter)
  return hits.count == 1
end

.ldap_configObject 



33
34
35
36
37
 
# File 'lib/hydra-ldap.rb', line 33

def self.ldap_config
  root = Rails.root || '.'
  env = Rails.env || 'test'
  @ldap_config ||= YAML::load(ERB.new(IO.read(File.join(root, 'config', 'hydra-ldap.yml'))).result)[env].with_indifferent_access
end

.ldap_connection_configObject 



18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/hydra-ldap.rb', line 18

def self.ldap_connection_config
  return @ldap_connection_config if @ldap_connection_config
  @ldap_connection_config = {}
  yml = ldap_config
  @ldap_connection_config[:host] = yml[:host]
  @ldap_connection_config[:port] = yml[:port]
  if yml[:username] && yml[:password]
    @ldap_connection_config[:auth]={:method=>:simple}
    @ldap_connection_config[:auth][:username] = yml[:username]
    @ldap_connection_config[:auth][:password] = yml[:password]
    @ldap_connection_config[:base] = yml[:base]
  end
  @ldap_connection_config
end

.owner_for_group(group_code, filter, attributes = ['owner'], &block) ⇒ Object

result.first.sub(/^uid=/, ”)



105
106
107
108
109
110
111
 
# File 'lib/hydra-ldap.rb', line 105

def self.owner_for_group(group_code, filter, attributes=['owner'], &block)
  if block_given?
    find_group(group_code, filter, attributes, &block)
  else  
    find_group(group_code, filter, attributes)
  end
end

.remove_users_from_group(group_code, users) ⇒ Object 



122
123
124
125
126
127
128
129
 
# File 'lib/hydra-ldap.rb', line 122

def self.remove_users_from_group(group_code, users)
  invalidate_cache(group_code)
  ops = []
  users.each do |u|
    ops << [:delete, ldap_config[:group_member], "uid=#{u}"]
  end
  connection.modify(:dn=>dn(group_code), :operations=>ops)
end

.title_of_group(group_code, filter, attributes = ['description'], &block) ⇒ Object

result.first



87
88
89
90
91
92
93
 
# File 'lib/hydra-ldap.rb', line 87

def self.title_of_group(group_code, filter, attributes=['description'], &block)
  if block_given?
    find_group(group_code, filter, attributes, &block)
  else 
    find_group(group_code, filter, attributes)
  end
end

.treebaseObject 



43
44
45
 
# File 'lib/hydra-ldap.rb', line 43

def self.treebase
  ldap_config[:base]
end

.users_for_group(group_code, filter, attributes = ['member'], &block) ⇒ Object

result.map { |v| v.sub(/^uid=/, ”) }



96
97
98
99
100
101
102
 
# File 'lib/hydra-ldap.rb', line 96

def self.users_for_group(group_code, filter, attributes=['member'], &block)
  if block_given?
    find_group(group_code, filter, attributes, &block)
  else  
    find_group(group_code, filter, attributes)
  end
end