Class: LdapFluff::ActiveDirectory::MemberService

Inherits:

GenericMemberService

• Object
• GenericMemberService
• LdapFluff::ActiveDirectory::MemberService

Defined in:

lib/ldap_fluff/ad_member_service.rb

Overview

Naughty bits of active directory ldap queries

Defined Under Namespace

Classes: GIDNotFoundException, UIDNotFoundException

Instance Attribute Summary

Attributes inherited from GenericMemberService

#ldap

Instance Method Summary

• #_get_domain_func_level ⇒ Object

  return the domain functionality level, default to 0.

• #_groups_from_ldap_data(payload) ⇒ Object

  return the :memberof attrs + parents, recursively.

• #_walk_group_ancestry(group_dns = [], known_groups = []) ⇒ Object

  recursively loop over the parent list.

• #class_filter ⇒ Object
• #find_user_groups(uid) ⇒ Object

  get a list [] of ldap groups for a given user try to use msds-memberOfTransitive if it is supported, otherwise do a recursive loop.

• #initialize(ldap, config) ⇒ MemberService constructor

  A new instance of MemberService.

Methods inherited from GenericMemberService

#find_by_dn, #find_group, #find_user, #get_groups, #get_login_from_entry, #get_logins, #get_netgroup_users, #group_filter, #name_filter

Constructor Details

#initialize(ldap, config) ⇒ MemberService

Returns a new instance of MemberService.

# File 'lib/ldap_fluff/ad_member_service.rb', line 5

def initialize(ldap, config)
  @attr_login = (config.attr_login || 'samaccountname')
  super
end

Instance Method Details

#_get_domain_func_level ⇒ Object

return the domain functionality level, default to 0

# File 'lib/ldap_fluff/ad_member_service.rb', line 28

def _get_domain_func_level
  return @domain_functionality if defined?(@domain_functionality)

  @domain_functionality = 0

  search = @ldap.search(:base => "", :scope => Net::LDAP::SearchScope_BaseObject, :attributes => ['domainFunctionality'])
  if !search.nil? && !search.first.nil?
    @domain_functionality = search.first[:domainfunctionality].first.to_i
  end

  @domain_functionality
end

#_groups_from_ldap_data(payload) ⇒ Object

return the :memberof attrs + parents, recursively

# File 'lib/ldap_fluff/ad_member_service.rb', line 42

def _groups_from_ldap_data(payload)
  data = []
  unless payload.nil?
    first_level = payload[:memberof]
    total_groups, = _walk_group_ancestry(first_level, first_level)
    data = get_groups(first_level + total_groups).uniq
  end
  data
end

#_walk_group_ancestry(group_dns = [], known_groups = []) ⇒ Object

recursively loop over the parent list

# File 'lib/ldap_fluff/ad_member_service.rb', line 53

def _walk_group_ancestry(group_dns = [], known_groups = [])
  set = []
  group_dns.each do |group_dn|
    search = @ldap.search(:base => group_dn, :scope => Net::LDAP::SearchScope_BaseObject, :attributes => ['memberof'])
    next unless !search.nil? && !search.first.nil?
    groups = search.first[:memberof] - known_groups
    known_groups                += groups
    next_level, _new_known_groups = _walk_group_ancestry(groups, known_groups)
    set                         += next_level
    set                         += groups
    known_groups                += next_level
  end
  [set, known_groups]
end

#class_filter ⇒ Object

# File 'lib/ldap_fluff/ad_member_service.rb', line 68

def class_filter
  Net::LDAP::Filter.eq("objectclass", "group")
end

#find_user_groups(uid) ⇒ Object

get a list [] of ldap groups for a given user try to use msds-memberOfTransitive if it is supported, otherwise do a recursive loop

# File 'lib/ldap_fluff/ad_member_service.rb', line 12

def find_user_groups(uid)
  user_data = find_user(uid).first

  if _get_domain_func_level >= 6
    user_dn = user_data[:distinguishedname].first
    search = @ldap.search(:base => user_dn, :scope => Net::LDAP::SearchScope_BaseObject, :attributes => ['msds-memberOfTransitive'])
    if !search.nil? && !search.first.nil?
      return get_groups(search.first['msds-memberoftransitive'])
    end
  end

  # Fall back to recursive lookup
  _groups_from_ldap_data(user_data)
end