Class: JSS::LDAPServer

Inherits:

APIObject

• Object
• APIObject
• JSS::LDAPServer

Defined in:

lib/jss/api_object/ldap_server.rb,
lib/jss.rb

Overview

An LDAP server in the JSS.

This class doesn’t curretly provide creation or updaing of LDAP server definitions in the JSS. Please use the JSS web UI.

However, it does provide methods for querying users and usergroups from LDAP servers, and checking group membership.

The class methods LDAPServer.user_in_ldap? and LDAPServer.group_in_ldap? can be used to check all defined LDAP servers for a user or group. They are used by Scopable::Scope when adding user and groups to scope limitations and exceptions.

Within an LDAPServer instance, the methods #find_user and #find_group will return all matches in the server for a given search term.

See Also:

• APIObject

Constant Summary

RSRC_BASE =

The base for REST resources of this class

'ldapservers'.freeze

RSRC_LIST_KEY =

the hash key used for the JSON list output of all objects in the JSS

:ldap_servers

RSRC_OBJECT_KEY =

The hash key used for the JSON object output. It’s also used in various error messages

:ldap_server

DEFAULT_PORT =

the default LDAP port

389

SEARCH_SCOPES =

possible values for search scope

['All Subtrees', 'First Level Only'].freeze

AUTH_TYPES =

possible authentication types

{ 'none' => :anonymous, 'simple' => :simple, 'CRAM-MD5' => :cram_md5, 'DIGEST-MD5' => :digest_md5 }.freeze

REFERRAL_RESPONSES =

possible referral responses

['', nil, 'follow', 'ignore'].freeze

OBJECT_CLASS_MAPPING_OPTIONS =

possible objectclass mapping options

%w[any all].freeze

OBJECT_HISTORY_OBJECT_TYPE =

the object type for this object in the object history table. See APIObject#add_object_history_entry

80

Instance Attribute Summary

• #authentication_type ⇒ String readonly

  What authentication method should be used?.

• #hostanme ⇒ String readonly

  The hostname of the server.

• #lookup_dn ⇒ String readonly

  The Distinguished Name of the account used for connections/lookups?.

• #lookup_pw_sha256 ⇒ String readonly

  The password for the connection/lookup account, as a SHA256 digest.

• #open_close_timeout ⇒ Integer readonly

  Timeout, in seconds, for opening LDAP connections.

• #port ⇒ Integer readonly

  The port for ldap.

• #referral_response ⇒ String readonly

  The referral response from the server.

• #search_timeout ⇒ Integer readonly

  Timeout, in seconds, for search queries.

• #use_ssl ⇒ Boolean readonly

  Should the connection use ssl?.

• #use_wildcards ⇒ Boolean readonly

  Should searches use wildcards?.

• #user_group_mappings ⇒ Hash<Symbol=>String> readonly

  The LDAP attributes mapped to various user group data.

• #user_group_membership_mappings ⇒ Hash<Symbol=>String> readonly

  The LDAP attributes used to identify a user as a member of a group.

• #user_mappings ⇒ Hash<Symbol=>String> readonly

  The LDAP attributes mapped to various user data.

Class Method Summary

• .check_membership(ldap_server, user, group, api: JSS.api) ⇒ Boolean

  On a given server, does a given group contain a given user?.

• .group_in_ldap?(group, api: JSS.api) ⇒ Boolean

  For Backward Compatibility,.

• .server_for_group(group, api: JSS.api) ⇒ Integer^?

  Does a group exist in any ldap server?.

• .server_for_user(user, api: JSS.api) ⇒ Integer^?

  The id of the first LDAP server with the user, nil if not found.

• .user_in_ldap?(user, api: JSS.api) ⇒ Boolean

  For Backward Compatibility,.

Instance Method Summary

• #check_membership(user, group) ⇒ Boolean^?

  Is the user a member? Nil if unable to check.

• #find_group(group, exact = false) ⇒ Array<Hash>

  The groupname and uid for all groups matching the query.

• #find_user(user, exact = false) ⇒ Array<Hash>

  Search for a user in this ldap server.

• #initialize(args = {}) ⇒ LDAPServer constructor

  See JSS::APIObject#initialize.

Constructor Details

#initialize(args = {}) ⇒ LDAPServer

See JSS::APIObject#initialize

# File 'lib/jss/api_object/ldap_server.rb', line 269

def initialize(args = {})
  super

  @hostname = @init_data[:connection][:hostname]
  @port = @init_data[:connection][:port]
  @use_ssl = @init_data[:connection][:use_ssl]
  @authentication_type = AUTH_TYPES[@init_data[:connection][:authentication_type]]
  @open_close_timeout = @init_data[:connection][:open_close_timeout]
  @search_timeout = @init_data[:connection][:search_timeout]
  @referral_response = @init_data[:connection][:referral_response]
  @use_wildcards = @init_data[:connection][:use_wildcards]

  @lookup_dn = @init_data[:connection][:account][:distinguished_username]
  @lookup_pw_sha256 = @init_data[:connection][:account][:password_sha256]

  @user_mappings = @init_data[:mappings_for_users][:user_mappings]
  @user_group_mappings = @init_data[:mappings_for_users][:user_group_mappings]
  @user_group_membership_mappings = @init_data[:mappings_for_users][:user_group_membership_mappings]

  @connection = nil
  @connected = false
end

Instance Attribute Details

#authentication_type ⇒ String (readonly)

# File 'lib/jss/api_object/ldap_server.rb', line 184

def authentication_type
  @authentication_type
end

#hostanme ⇒ String (readonly)

# File 'lib/jss/api_object/ldap_server.rb', line 175

def hostanme
  @hostanme
end

#lookup_dn ⇒ String (readonly)

# File 'lib/jss/api_object/ldap_server.rb', line 187

def lookup_dn
  @lookup_dn
end

#lookup_pw_sha256 ⇒ String (readonly)

# File 'lib/jss/api_object/ldap_server.rb', line 190

def lookup_pw_sha256
  @lookup_pw_sha256
end

#open_close_timeout ⇒ Integer (readonly)

# File 'lib/jss/api_object/ldap_server.rb', line 193

def open_close_timeout
  @open_close_timeout
end

#port ⇒ Integer (readonly)

# File 'lib/jss/api_object/ldap_server.rb', line 178

def port
  @port
end

#referral_response ⇒ String (readonly)

# File 'lib/jss/api_object/ldap_server.rb', line 199

def referral_response
  @referral_response
end

#search_timeout ⇒ Integer (readonly)

# File 'lib/jss/api_object/ldap_server.rb', line 196

def search_timeout
  @search_timeout
end

#use_ssl ⇒ Boolean (readonly)

# File 'lib/jss/api_object/ldap_server.rb', line 181

def use_ssl
  @use_ssl
end

#use_wildcards ⇒ Boolean (readonly)

# File 'lib/jss/api_object/ldap_server.rb', line 202

def use_wildcards
  @use_wildcards
end

#user_group_mappings ⇒ Hash<Symbol=>String> (readonly)

The LDAP attributes mapped to various user group data

The hash keys are:

• :search_base =>

• :search_scope =>

• :object_classes =>

• :map_object_class_to_any_or_all =>

• :map_group_id =>

• :map_group_name =>

• :map_group_uuid =>

# File 'lib/jss/api_object/ldap_server.rb', line 240

def user_group_mappings
  @user_group_mappings
end

#user_group_membership_mappings ⇒ Hash<Symbol=>String> (readonly)

The LDAP attributes used to identify a user as a member of a group

The hash keys are:

• :user_group_membership_stored_in =>

• :map_user_membership_use_dn =>

• :map_group_membership_to_user_field =>

• :group_id =>

• :map_object_class_to_any_or_all =>

• :append_to_username =>

• :username =>

• :object_classes =>

• :use_dn =>

• :search_base =>

• :recursive_lookups =>

• :search_scope =>

• :map_user_membership_to_group_field =>

# File 'lib/jss/api_object/ldap_server.rb', line 261

def user_group_membership_mappings
  @user_group_membership_mappings
end

#user_mappings ⇒ Hash<Symbol=>String> (readonly)

The LDAP attributes mapped to various user data

The hash keys are:

• :search_base =>

• :search_scope =>

• :object_classes =>

• :map_object_class_to_any_or_all =>

• :map_username =>

• :map_user_id =>

• :map_department =>

• :map_building =>

• :map_room =>

• :map_realname =>

• :map_phone =>

• :map_email_address =>

• :map_position =>

• :map_user_uuid =>

• :append_to_email_results =>

# File 'lib/jss/api_object/ldap_server.rb', line 225

def user_mappings
  @user_mappings
end

Class Method Details

.check_membership(ldap_server, user, group, api: JSS.api) ⇒ Boolean

On a given server, does a given group contain a given user?

This class method allows the check to happen without instanting the LDAPServer.

Raises:

• (JSS::NoSuchItemError)

# File 'lib/jss/api_object/ldap_server.rb', line 159

def self.check_membership(ldap_server, user, group, api: JSS.api)
  ldap_server_id = valid_id ldap_server
  raise JSS::NoSuchItemError, "No LDAPServer matching #{ldap_server}" unless ldap_server_id
  rsrc = "#{RSRC_BASE}/id/#{ldap_server_id}/group/#{CGI.escape group.to_s}/user/#{CGI.escape user.to_s}"
  member_check = api.get_rsrc rsrc
  return false if member_check[:ldap_users].empty?
  true
end

.group_in_ldap?(group, api: JSS.api) ⇒ Boolean

For Backward Compatibility,

# File 'lib/jss/api_object/ldap_server.rb', line 140

def self.group_in_ldap?(group, api: JSS.api)
  server_for_group(group, api: api) ? true : false
end

.server_for_group(group, api: JSS.api) ⇒ Integer^?

Does a group exist in any ldap server?

# File 'lib/jss/api_object/ldap_server.rb', line 124

def self.server_for_group(group, api: JSS.api)
  all_objects(:refresh, api: api).each do |ldap|
    next if ldap.find_group(group, :exact).empty?
    return ldap.id
  end
  nil
end

.server_for_user(user, api: JSS.api) ⇒ Integer^?

# File 'lib/jss/api_object/ldap_server.rb', line 95

def self.server_for_user(user, api: JSS.api)
  all_objects(:refresh, api: api).each do |ldap|
    next if ldap.find_user(user, :exact).empty?
    return ldap.id
  end
  nil
end

.user_in_ldap?(user, api: JSS.api) ⇒ Boolean

For Backward Compatibility,

# File 'lib/jss/api_object/ldap_server.rb', line 111

def self.user_in_ldap?(user, api: JSS.api)
  server_for_user(user, api: api) ? true : false
end

Instance Method Details

#check_membership(user, group) ⇒ Boolean^?

Returns is the user a member? Nil if unable to check.

Raises:

• (JSS::NoSuchItemError)

# File 'lib/jss/api_object/ldap_server.rb', line 327

def check_membership(user, group)
  raise JSS::NoSuchItemError, 'LDAPServer not yet saved in the JSS' unless @in_jss
  self.class.check_membership @id, user, group, api: @api
end

#find_group(group, exact = false) ⇒ Array<Hash>

Returns The groupname and uid for all groups matching the query.

Raises:

• (JSS::NoSuchItemError)

# File 'lib/jss/api_object/ldap_server.rb', line 315

def find_group(group, exact = false)
  raise JSS::NoSuchItemError, 'LDAPServer not yet saved in the JSS' unless @in_jss
  raw = api.get_rsrc("#{RSRC_BASE}/id/#{@id}/group/#{CGI.escape group.to_s}")[:ldap_groups]
  exact ? raw.select { |u| u[:groupname] == group } : raw
end

#find_user(user, exact = false) ⇒ Array<Hash>

Search for a user in this ldap server

Raises:

• (JSS::NoSuchItemError)

# File 'lib/jss/api_object/ldap_server.rb', line 303

def find_user(user, exact = false)
  raise JSS::NoSuchItemError, 'LDAPServer not yet saved in the JSS' unless @in_jss
  raw = api.get_rsrc("#{RSRC_BASE}/id/#{@id}/user/#{CGI.escape user.to_s}")[:ldap_users]
  exact ? raw.select { |u| u[:username] == user } : raw
end