Class: DirectoryUser

Inherits:
Object
  • Object
show all
Defined in:
lib/casserver/core_ext/directory_user.rb

Overview

ActiveDirectory user class

Constant Summary collapse

TREEBASE = 
"dc=synapsedev,dc=com"
FIELDS = 
[
  "accountExpires", "displayName", "dn", "mail", "title", "sn", "givenName",
  "c", "co", "company", "department", "employeeType", "facsimiletelephonenumber",
  "hashedPassword", "l", "mail", "mobile", "manager", "physicalDeliveryOfficeName",
  "pinNumber", "postalcode", "proxyAddresses", "pwdLastSet", "sAMAccountName",
  "sAMAccountType", "streetAddress", "synapseAccessCardNumber",
  "synapseConferencingStatus", "synapseConferencingUniqueID", "synapseExtendedAttributes",
  "synapseExtendedAttributesTest", "synapseExtensionNumber", "synapseRecursiveGroups",
  "synapseEmployeeStartDate", "synapsePersonalEmailAddress", "synapseEmergencyContact",
  "synapseDateOfBirth", "synapseBusinessUnit", "synapseObjectGUID", "telephoneNumber",
  "title", "userAccountControl", "userPrincipalName", "uSNChanged",
  "uSNCreated", "whenCreated", "whenChanged"
]

Class Method Summary collapse

Class Method Details

.change_user_password(username, password) ⇒ Object

Public: Change password for ActiveDirectory user

pwd - The new password for the user

Examples

user = DirectoryUser.('conference.test')
user.change_password("MyNewPassword")
# => true

Returns true if the password was updated Return error if the password was not updated



32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'lib/casserver/core_ext/directory_user.rb', line 32

def self.change_user_password(username, password)
  filter = "(&(objectCategory=person)(objectClass=user)(samaccountname=#{username}))"
  ldap_con = self.ldap_connect(username, password)

  if ldap_con
    result = self.ldap_search(TREEBASE, filter, FIELDS, ldap_con).first
    dn = result[:dn].first
    ops = [
        [ :delete, :unicodePwd, [microsoft_encode_password(password)] ],
        [ :add, :unicodePwd, [microsoft_encode_password(password)] ]
    ]
    ldap_con.modify(:dn => dn, :operations => ops)
    true
    # if ldap_con.get_operation_result.code == 0
    #   return true
    # else
    #   raise StandardError, "Password field was not updated for #{username}. LDAP #{ldap_con.get_operation_result.code} Error: #{ldap_con.get_operation_result.message}"
    # end
  else
    raise StandardError, "Ldap failed to connect Error #{ldap_con.get_operation_result.message}"
  end
end

.ldap_connect(username, password) ⇒ Object 



65
66
67
68
69
70
71
72
73
 
# File 'lib/casserver/core_ext/directory_user.rb', line 65

def self.ldap_connect(username, password)
  ldap = Net::LDAP.new(
    :host =>  "core-dc-1.synapsedev.com",
    :port => 636,
    :encryption => :simple_tls
  )
  ldap.authenticate("SYNAPSEDEV\\#{username}", password)
  ldap
end

.ldap_search(treebase, filter, attrs, ldap_con) ⇒ Object 



55
56
57
58
59
60
61
62
63
 
# File 'lib/casserver/core_ext/directory_user.rb', line 55

def self.ldap_search(treebase, filter, attrs, ldap_con)
  results = []
  results = ldap_con.search( :base => treebase, :filter => filter, :attributes => attrs )
  if results
    results
  else
    raise StandardError, "No results for ldap search #{filter} in treebase #{treebase} LDAP Error: #{ldap_con.get_operation_result}"
  end
end

.microsoft_encode_password(pwd) ⇒ Object 



75
76
77
78
79
80
 
# File 'lib/casserver/core_ext/directory_user.rb', line 75

def self.microsoft_encode_password(pwd)
  ret = ""
  pwd = "\"" + pwd + "\""
  pwd.length.times{|i| ret+= "#{pwd[i..i]}\000" }
  ret
end