lita-activedirectory
A Lita handler plugin for basic interactions with Active Directory.
Installation
Add lita-activedirectory to your Lita instance's Gemfile:
gem "lita-activedirectory"
Configuration
config.handlers.activedirectory.host
- LDAP host to queryconfig.handlers.activedirectory.port
- LDAP port used to connect to the hostconfig.handlers.activedirectory.basedn
- The basedn for the LDAP searchconfig.handlers.activedirectory.user_basedn
- the basedn for LDAP user searchesconfig.handlers.activedirectory.username
- User for connecting to LDAPconfig.handlers.activedirectory.password
- Password for connecting to LDAP
Usage
username expects the samaccount name
Check if a user account is locked out
is <username> locked?
Unlock a user account
unlock <username>
Requires membership in ad_admins
authorization group.
The user account specified in config.handlers.activedirectory.username
must have permission to write the lockouttime
attribute for unlocking to succeed. We leave it up to you to secure this account accordingly.
List a User's Group Memberships
<username> groups>
List a Group's Members
group <groupname> members
Add a User to a Group
add <username> to <groupname>
Requires membership in ad_admins
authorization group.
The user account specified in config.handlers.activedirectory.username
must have permission to write the member
attribute on groups for the membership change to succeed. We leave it up to you to secure this account accordingly.
Remove a User from a Group
remove <username> from <groupname>
Requires membership in ad_admins
authorization group.
The user account specified in config.handlers.activedirectory.username
must have permission to write the member
attribute on groups for the membership change to succeed. We leave it up to you to secure this account accordingly.
Disable a User
disable user <username>
Requires membership in ad_admins
authorization group.
The user account specified in config.handlers.activedirectory.username
must have permission to write the userAccountControl
attribute on groups for the change to succeed. We leave it up to you to secure this account accordingly.
Enable a User
enable user <username>
Requires membership in ad_admins
authorization group.
The user account specified in config.handlers.activedirectory.username
must have permission to write the userAccountControl
attribute on groups for the change to succeed. We leave it up to you to secure this account accordingly.