Module: LdapLookup

Extended by:

Configuration

Defined in:

lib/ldap_lookup.rb,
lib/ldap_lookup/version.rb

Constant Summary

VERSION =

"0.1.6"

Class Method Summary

• .all_groups_for_user(uid = nil) ⇒ Object

  ————————————————————————— Get the groups a user is a member of.

• .get_dept(uniqname = nil) ⇒ Object

  GET THE PRIMARY DEPARTMENT FOR A SINGLE USER.

• .get_email(uniqname = nil) ⇒ Object

  GET THE E-MAIL ADDRESS FOR A SINGLE USER.

• .get_email_distribution_list(group_name = nil) ⇒ Object

  ——————————————————————————————————————— Get the Name email and members of an LDAP group as a hash.

• .get_ldap_response(ldap) ⇒ Object

  HELPER/UTILITY METHOD This method interprets the response/return code from an LDAP bind operation (bind, search, add, modify, rename, delete).

• .get_simple_name(uniqname = nil) ⇒ Object

  GET THE DISPLAY NAME FOR A SINGLE USER.

• .is_member_of_group?(uid = nil, group_name = nil) ⇒ Boolean

  ——————————————————————————————————————— Check if the UID is a member of an LDAP group.

• .ldap_connection ⇒ Object

  SET UP LDAP CONNECTION Setting up a connection to the LDAP server using .new() does not actually send any network traffic to the LDAP server.

Methods included from Configuration

configuration, define_setting

Class Method Details

.all_groups_for_user(uid = nil) ⇒ Object

---

Get the groups a user is a member of

# File 'lib/ldap_lookup.rb', line 149

def self.all_groups_for_user(uid = nil)
  ldap = ldap_connection
  result_array = []
  result_attrs = ["dn"]
  ldap.search(filter: "member=uid=#{uid},ou=People,dc=umich,dc=edu", attributes: result_attrs) do |item|
    item.each { |key, value| result_array << value.first.split("=")[1].split(",")[0] }
  end
  return result_array.sort
  get_ldap_response(ldap)
end

.get_dept(uniqname = nil) ⇒ Object

GET THE PRIMARY DEPARTMENT FOR A SINGLE USER

# File 'lib/ldap_lookup.rb', line 66

def self.get_dept(uniqname = nil)
  ldap = ldap_connection
  search_param = uniqname # the AD account goes here
  result_attrs = [dept_attribute] # Whatever you want to bring back in your result set goes here
  # Build filter
  search_filter = Net::LDAP::Filter.eq("uid", search_param)
  # Execute search
  ldap.search(filter: search_filter, attributes: result_attrs) { |item|
    return dept_name = item.umichpostaladdressdata.first.split("}:{").first.split("=")[1] unless item.umichpostaladdressdata.first.nil?
  }
  get_ldap_response(ldap)
end

.get_email(uniqname = nil) ⇒ Object

GET THE E-MAIL ADDRESS FOR A SINGLE USER

# File 'lib/ldap_lookup.rb', line 80

def self.get_email(uniqname = nil)
  ldap = ldap_connection
  search_param = uniqname # the AD account goes here
  result_attrs = ["mail"] # Whatever you want to bring back in your result set goes here
  # Build filter
  search_filter = Net::LDAP::Filter.eq("uid", search_param)
  # Execute search
  ldap.search(filter: search_filter, attributes: result_attrs) { |item|
    return item.mail.first
  }
  get_ldap_response(ldap)
end

.get_email_distribution_list(group_name = nil) ⇒ Object

---

Get the Name email and members of an LDAP group as a hash

# File 'lib/ldap_lookup.rb', line 122

def self.get_email_distribution_list(group_name = nil)
  ldap = ldap_connection
  result_hash = {}
  member_hash = {}
  # GET THE MEMBERS OF AN E-MAIL DISTRIBUTION LIST
  search_param = group_name # the name of the distribution list you're looking for goes here
  result_attrs = ["cn", group_attribute, "member"]
  # Build filter
  search_filter = Net::LDAP::Filter.eq("cn", search_param)
  group_filter = Net::LDAP::Filter.eq("objectClass", "group")
  composite_filter = Net::LDAP::Filter.join(search_filter, group_filter)
  # Execute search, extracting the AD account name from each member of the distribution list
  ldap.search(filter: composite_filter, attributes: result_attrs) do |item|
    result_hash["group_name"] = item.cn.first
    result_hash["group_email"] = item.umichGroupEmail.first
    individual_array = []
    item.member.each do |individual|
      individual_array.push(individual.split(",").first.split("=")[1])
    end
    result_hash["members"] = individual_array.sort
  end
  return result_hash
  get_ldap_response(ldap)
end

.get_ldap_response(ldap) ⇒ Object

HELPER/UTILITY METHOD

This method interprets the response/return code from an LDAP bind operation (bind, search, add, modify, rename,
delete).  This method isn't necessarily complete, but it's a good starting point for handling the response codes
from an LDAP bind operation.

Additional details for the get_operation_result method can be found here:
http://net-ldap.rubyforge.org/Net/LDAP.html#method-i-get_operation_result

# File 'lib/ldap_lookup.rb', line 26

def self.get_ldap_response(ldap)
  msg = "Response Code: #{ldap.get_operation_result.code}, Message: #{ldap.get_operation_result.message}"
  raise msg unless ldap.get_operation_result.code == 0
end

.get_simple_name(uniqname = nil) ⇒ Object

GET THE DISPLAY NAME FOR A SINGLE USER

# File 'lib/ldap_lookup.rb', line 48

def self.get_simple_name(uniqname = nil)
  ldap = ldap_connection
  search_param = uniqname # the AD account goes here
  result_attrs = ["displayName"] # Whatever you want to bring back in your result set goes here
  # Build filter
  search_filter = Net::LDAP::Filter.eq("uid", search_param)
  # Execute search
  ldap.search(filter: search_filter, attributes: result_attrs) { |item|
    begin 
      return item.displayName.first
    rescue 
      return "not available"
    end
  }
  get_ldap_response(ldap)
end

.is_member_of_group?(uid = nil, group_name = nil) ⇒ Boolean

---

Check if the UID is a member of an LDAP group. This function returns TRUE if uid passed in is a member of group_name passed in. Otherwise it will return false.

Returns:

• (Boolean)

# File 'lib/ldap_lookup.rb', line 97

def self.is_member_of_group?(uid = nil, group_name = nil)
  ldap = ldap_connection
  # GET THE MEMBERS OF AN E-MAIL DISTRIBUTION LIST
  search_param = group_name # the name of the distribution list you're looking for goes here
  result_attrs = ["member"]
  # Build filter
  search_filter = Net::LDAP::Filter.eq("cn", search_param)
  group_filter = Net::LDAP::Filter.eq("objectClass", "group")
  composite_filter = Net::LDAP::Filter.join(search_filter, group_filter)
  # Execute search, extracting the AD account name from each member of the distribution list
  ldap.search(filter: composite_filter, attributes: result_attrs) do |item|
    if item.attribute_names.include?(:member)
      item.member.each do |entry|
        if entry.split(",").first.split("=")[1] == uid
          return true
        end
      end
    end
  end
  return false
  get_ldap_response(ldap)
end

.ldap_connection ⇒ Object

SET UP LDAP CONNECTION Setting up a connection to the LDAP server using .new() does not actually send any network traffic to the LDAP server. When you call an operation on ldap (e.g. add or search), .bind is called implicitly. *That’s* when the connection is made to the LDAP server. This means that each operation called on the ldap object will create its own network connection to the LDAP server.

# File 'lib/ldap_lookup.rb', line 38

def self.ldap_connection
  ldap = Net::LDAP.new host: host, # your LDAP host name or IP goes here,
                       port: port, # your LDAP host port goes here,
                       base: base, # the base of your AD tree goes here,
                       auth: {
                         :method => :anonymous,
                       }
end