lita-activedirectory

Build Status MIT License Gem Version Code Climate

A Lita handler plugin for basic interactions with Active Directory.

Installation

Add lita-activedirectory to your Lita instance's Gemfile:

gem "lita-activedirectory"

Configuration

  • config.handlers.activedirectory.host - LDAP host to query
  • config.handlers.activedirectory.port - LDAP port used to connect to the host
  • config.handlers.activedirectory.basedn - The basedn for the LDAP search
  • config.handlers.activedirectory.user_basedn - the basedn for LDAP user searches
  • config.handlers.activedirectory.username - User for connecting to LDAP
  • config.handlers.activedirectory.password - Password for connecting to LDAP

Usage

username expects the samaccount name

Check if a user account is locked out

is <username> locked?

Unlock a user account

unlock <username>

Requires membership in ad_admins authorization group.

The user account specified in config.handlers.activedirectory.username must have permission to write the lockouttime attribute for unlocking to succeed. We leave it up to you to secure this account accordingly.

List a User's Group Memberships

<username> groups>

List a Group's Members

group <groupname> members

Add a User to a Group

add <username> to <groupname>

Requires membership in ad_admins authorization group.

The user account specified in config.handlers.activedirectory.username must have permission to write the member attribute on groups for the membership change to succeed. We leave it up to you to secure this account accordingly.

Remove a User from a Group

remove <username> from <groupname>

Requires membership in ad_admins authorization group.

The user account specified in config.handlers.activedirectory.username must have permission to write the member attribute on groups for the membership change to succeed. We leave it up to you to secure this account accordingly.

Disable a User

disable user <username>

Requires membership in ad_admins authorization group.

The user account specified in config.handlers.activedirectory.username must have permission to write the userAccountControl attribute on groups for the change to succeed. We leave it up to you to secure this account accordingly.

Enable a User

enable user <username>

Requires membership in ad_admins authorization group.

The user account specified in config.handlers.activedirectory.username must have permission to write the userAccountControl attribute on groups for the change to succeed. We leave it up to you to secure this account accordingly.