Class: JSS::LDAPServer

Inherits:
APIObject show all
Defined in:
lib/jss/api_object/ldap_server.rb,
lib/jss.rb

Overview

An LDAP server in the JSS.

This class doesn't curretly provide creation or updaing of LDAP server definitions in the JSS. Please use the JSS web UI.

However, it does provide methods for querying users and usergroups from LDAP servers, and checking group membership.

The class methods LDAPServer.user_in_ldap? and LDAPServer.group_in_ldap? can be used to check all defined LDAP servers for a user or group. They are used by Scopable::Scope when adding user and groups to scope limitations and exceptions.

Within an LDAPServer instance, the methods #find_user and #find_group will return all matches in the server for a given search term.

See Also:

Constant Summary collapse

RSRC_BASE =

The base for REST resources of this class

'ldapservers'.freeze
RSRC_LIST_KEY =

the hash key used for the JSON list output of all objects in the JSS

:ldap_servers
RSRC_OBJECT_KEY =

The hash key used for the JSON object output. It's also used in various error messages

:ldap_server
VALID_DATA_KEYS =

these keys, as well as :id and :name, are present in valid API JSON data for this class

[].freeze
DEFAULT_PORT =

the default LDAP port

389
SEARCH_SCOPES =

possible values for search scope

['All Subtrees', 'First Level Only'].freeze
AUTH_TYPES =

possible authentication types

{ 'none' => :anonymous, 'simple' => :simple, 'CRAM-MD5' => :cram_md5, 'DIGEST-MD5' => :digest_md5 }.freeze
REFERRAL_RESPONSES =

possible referral responses

['', nil, 'follow', 'ignore'].freeze
OBJECT_CLASS_MAPPING_OPTIONS =

possible objectclass mapping options

%w[any all].freeze
OBJECT_HISTORY_OBJECT_TYPE =

the object type for this object in the object history table. See APIObject#add_object_history_entry

80

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(args = {}) ⇒ LDAPServer

See JSS::APIObject#initialize


272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
# File 'lib/jss/api_object/ldap_server.rb', line 272

def initialize(args = {})
  super

  @hostname = @init_data[:connection][:hostname]
  @port = @init_data[:connection][:port]
  @use_ssl = @init_data[:connection][:use_ssl]
  @authentication_type = AUTH_TYPES[@init_data[:connection][:authentication_type]]
  @open_close_timeout = @init_data[:connection][:open_close_timeout]
  @search_timeout = @init_data[:connection][:search_timeout]
  @referral_response = @init_data[:connection][:referral_response]
  @use_wildcards = @init_data[:connection][:use_wildcards]

  @lookup_dn = @init_data[:connection][:account][:distinguished_username]
  @lookup_pw_sha256 = @init_data[:connection][:account][:password_sha256]

  @user_mappings = @init_data[:mappings_for_users][:user_mappings]
  @user_group_mappings = @init_data[:mappings_for_users][:user_group_mappings]
  @user_group_membership_mappings = @init_data[:mappings_for_users][:user_group_membership_mappings]

  @connection = nil
  @connected = false
end

Instance Attribute Details

#authentication_typeString (readonly)

Returns what authentication method should be used?

Returns:

  • (String)

    what authentication method should be used?


187
188
189
# File 'lib/jss/api_object/ldap_server.rb', line 187

def authentication_type
  @authentication_type
end

#hostanmeString (readonly)

Returns the hostname of the server

Returns:

  • (String)

    the hostname of the server


178
179
180
# File 'lib/jss/api_object/ldap_server.rb', line 178

def hostanme
  @hostanme
end

#lookup_dnString (readonly)

Returns the Distinguished Name of the account used for connections/lookups?

Returns:

  • (String)

    the Distinguished Name of the account used for connections/lookups?


190
191
192
# File 'lib/jss/api_object/ldap_server.rb', line 190

def lookup_dn
  @lookup_dn
end

#lookup_pw_sha256String (readonly)

Returns the password for the connection/lookup account, as a SHA256 digest.

Returns:

  • (String)

    the password for the connection/lookup account, as a SHA256 digest.


193
194
195
# File 'lib/jss/api_object/ldap_server.rb', line 193

def lookup_pw_sha256
  @lookup_pw_sha256
end

#open_close_timeoutInteger (readonly)

Returns timeout, in seconds, for opening LDAP connections

Returns:

  • (Integer)

    timeout, in seconds, for opening LDAP connections


196
197
198
# File 'lib/jss/api_object/ldap_server.rb', line 196

def open_close_timeout
  @open_close_timeout
end

#portInteger (readonly)

Returns the port for ldap

Returns:

  • (Integer)

    the port for ldap


181
182
183
# File 'lib/jss/api_object/ldap_server.rb', line 181

def port
  @port
end

#referral_responseString (readonly)

Returns the referral response from the server

Returns:

  • (String)

    the referral response from the server


202
203
204
# File 'lib/jss/api_object/ldap_server.rb', line 202

def referral_response
  @referral_response
end

#search_timeoutInteger (readonly)

Returns timeout, in seconds, for search queries

Returns:

  • (Integer)

    timeout, in seconds, for search queries


199
200
201
# File 'lib/jss/api_object/ldap_server.rb', line 199

def search_timeout
  @search_timeout
end

#use_sslBoolean (readonly)

Returns should the connection use ssl?

Returns:

  • (Boolean)

    should the connection use ssl?


184
185
186
# File 'lib/jss/api_object/ldap_server.rb', line 184

def use_ssl
  @use_ssl
end

#use_wildcardsBoolean (readonly)

Returns should searches use wildcards?

Returns:

  • (Boolean)

    should searches use wildcards?


205
206
207
# File 'lib/jss/api_object/ldap_server.rb', line 205

def use_wildcards
  @use_wildcards
end

#user_group_mappingsHash<Symbol=>String> (readonly)

The LDAP attributes mapped to various user group data

The hash keys are:

  • :search_base =>

  • :search_scope =>

  • :object_classes =>

  • :map_object_class_to_any_or_all =>

  • :map_group_id =>

  • :map_group_name =>

  • :map_group_uuid =>

Returns:


243
244
245
# File 'lib/jss/api_object/ldap_server.rb', line 243

def user_group_mappings
  @user_group_mappings
end

#user_group_membership_mappingsHash<Symbol=>String> (readonly)

The LDAP attributes used to identify a user as a member of a group

The hash keys are:

  • :user_group_membership_stored_in =>

  • :map_user_membership_use_dn =>

  • :map_group_membership_to_user_field =>

  • :group_id =>

  • :map_object_class_to_any_or_all =>

  • :append_to_username =>

  • :username =>

  • :object_classes =>

  • :use_dn =>

  • :search_base =>

  • :recursive_lookups =>

  • :search_scope =>

  • :map_user_membership_to_group_field =>

Returns:


264
265
266
# File 'lib/jss/api_object/ldap_server.rb', line 264

def user_group_membership_mappings
  @user_group_membership_mappings
end

#user_mappingsHash<Symbol=>String> (readonly)

The LDAP attributes mapped to various user data

The hash keys are:

  • :search_base =>

  • :search_scope =>

  • :object_classes =>

  • :map_object_class_to_any_or_all =>

  • :map_username =>

  • :map_user_id =>

  • :map_department =>

  • :map_building =>

  • :map_room =>

  • :map_realname =>

  • :map_phone =>

  • :map_email_address =>

  • :map_position =>

  • :map_user_uuid =>

  • :append_to_email_results =>

Returns:


228
229
230
# File 'lib/jss/api_object/ldap_server.rb', line 228

def user_mappings
  @user_mappings
end

Class Method Details

.check_membership(ldap_server, user, group, api: JSS.api) ⇒ Boolean

On a given server, does a given group contain a given user?

This class method allows the check to happen without instanting the LDAPServer.

Parameters:

  • server (String, Integer)

    The name or id of the LDAP server to use

  • user (String)

    the username to check for memebership in the group

  • group (String)

    the group name to see if the user is a member

  • api (JSS::APIConnection)

    the API connection to use for the search

Returns:

  • (Boolean)

    is the user a member of the group?

Raises:


162
163
164
165
166
167
168
169
# File 'lib/jss/api_object/ldap_server.rb', line 162

def self.check_membership(ldap_server, user, group, api: JSS.api)
  ldap_server_id = valid_id ldap_server
  raise JSS::NoSuchItemError, "No LDAPServer matching #{ldap_server}" unless ldap_server_id
  rsrc = "#{RSRC_BASE}/id/#{ldap_server_id}/group/#{CGI.escape group}/user/#{CGI.escape user}"
  member_check = api.get_rsrc rsrc
  return false if member_check[:ldap_users].empty?
  true
end

.group_in_ldap?(group, api: JSS.api) ⇒ Boolean

For Backward Compatibility,

Parameters:

  • user (String)

    a group name to search for in all LDAP servers

  • api (JSS::APIConnection)

    the API connection to use for the search

Returns:

  • (Boolean)

    Does the group exist in any LDAP server?


143
144
145
# File 'lib/jss/api_object/ldap_server.rb', line 143

def self.group_in_ldap?(group, api: JSS.api)
  server_for_group(group, api: api) ? true : false
end

.server_for_group(group, api: JSS.api) ⇒ Integer?

Does a group exist in any ldap server?

Parameters:

  • group (String)

    a group to search for in all LDAP servers

  • api (JSS::APIConnection)

    the API connection to use for the search

Returns:

  • (Integer, nil)

    the id of the first LDAP server with the group, nil if not found


127
128
129
130
131
132
133
# File 'lib/jss/api_object/ldap_server.rb', line 127

def self.server_for_group(group, api: JSS.api)
  all_objects(:refresh, api: api).each do |ldap|
    next if ldap.find_group(group, :exact).empty?
    return ldap.id
  end
  nil
end

.server_for_user(user, api: JSS.api) ⇒ Integer?

Returns the id of the first LDAP server with the user, nil if not found

Returns:

  • (Integer, nil)

    the id of the first LDAP server with the user, nil if not found


98
99
100
101
102
103
104
# File 'lib/jss/api_object/ldap_server.rb', line 98

def self.server_for_user(user, api: JSS.api)
  all_objects(:refresh, api: api).each do |ldap|
    next if ldap.find_user(user, :exact).empty?
    return ldap.id
  end
  nil
end

.user_in_ldap?(user, api: JSS.api) ⇒ Boolean

For Backward Compatibility,

Parameters:

  • user (String)

    a username to search for in all LDAP servers

  • api (JSS::APIConnection)

    the API connection to use for the search

Returns:

  • (Boolean)

    Does the user exist in any LDAP server?


114
115
116
# File 'lib/jss/api_object/ldap_server.rb', line 114

def self.user_in_ldap?(user, api: JSS.api)
  server_for_user(user, api: api) ? true : false
end

Instance Method Details

#check_membership(user, group) ⇒ Boolean?

Returns is the user a member? Nil if unable to check

Parameters:

  • user (String)

    the username to check for memebership in the group

  • group (String)

    the group name to see if the user is a member

Returns:

  • (Boolean, nil)

    is the user a member? Nil if unable to check

Raises:


330
331
332
333
# File 'lib/jss/api_object/ldap_server.rb', line 330

def check_membership(user, group)
  raise JSS::NoSuchItemError, 'LDAPServer not yet saved in the JSS' unless @in_jss
  self.class.check_membership @id, user, group, api: @api
end

#find_group(group, exact = false) ⇒ Array<Hash>

Returns The groupname and uid for all groups matching the query

Parameters:

  • group (String)

    the group name to search for

  • exact (Boolean) (defaults to: false)

    if true, force an exact match, otherwuse use wildcards

Returns:

  • (Array<Hash>)

    The groupname and uid for all groups matching the query

Raises:


318
319
320
321
322
# File 'lib/jss/api_object/ldap_server.rb', line 318

def find_group(group, exact = false)
  raise JSS::NoSuchItemError, 'LDAPServer not yet saved in the JSS' unless @in_jss
  raw = api.get_rsrc("#{RSRC_BASE}/id/#{@id}/group/#{group}")[:ldap_groups]
  exact ? raw.select { |u| u[:groupname] == group } : raw
end

#find_user(user, exact = false) ⇒ Array<Hash>

Search for a user in this ldap server

Parameters:

  • user (String)

    the username to search for

  • exact (Boolean) (defaults to: false)

    if true, force an exact match, otherwise use wildcards

Returns:

  • (Array<Hash>)

    The mapped LDAP data for all usernames matching the query

Raises:


306
307
308
309
310
# File 'lib/jss/api_object/ldap_server.rb', line 306

def find_user(user, exact = false)
  raise JSS::NoSuchItemError, 'LDAPServer not yet saved in the JSS' unless @in_jss
  raw = api.get_rsrc("#{RSRC_BASE}/id/#{@id}/user/#{user}")[:ldap_users]
  exact ? raw.select { |u| u[:username] == user } : raw
end