Class: ActiveDirectory
- Inherits:
-
Object
- Object
- ActiveDirectory
- Defined in:
- lib/active_directory.rb
Overview
This class provides active directory services
Class Method Summary collapse
-
.initialize ⇒ Object
Initialize connection to active directory.
Instance Method Summary collapse
-
#bind ⇒ Object
Attempt to bind to active directory, time out after N seconds, return true or false.
-
#create_account(user) ⇒ Object
Create a user account in active directory Return message as “Success”, “Unwilling to perform”, “Entity exists” or “No such object”.
-
#create_active_directory_account(user) ⇒ Object
Creates an Active Directory account for the user If this fails, it returns an error message as a string, else it returns true.
-
#ldap_attributes(user) ⇒ Object
Build attributes for active directory account Code 512 creates standard user account and enables it.
-
#ldap_distinguished_name(user) ⇒ Object
Build user distinguished name for active directory account.
-
#password_encode(password) ⇒ Object
Convert password to unicode format.
-
#reset_password(user, new_pass) ⇒ Object
Reset active directory password.
-
#send_password_reset_token(user) ⇒ Object
Send active directory password reset token.
Class Method Details
.initialize ⇒ Object
Initialize connection to active directory
37 38 39 40 41 |
# File 'lib/active_directory.rb', line 37 def self.initialize @connection = Net::LDAP.new(:host => LDAPConfig.host, :port => LDAPConfig.port) @connection.encryption(:method => :simple_tls) unless !LDAPConfig.is_encrypted? @connection.auth LDAPConfig.username, LDAPConfig.password unless LDAPConfig.username.nil? || LDAPConfig.password.nil? end |
Instance Method Details
#bind ⇒ Object
Attempt to bind to active directory, time out after N seconds, return true or false
44 45 46 47 48 49 50 51 52 53 |
# File 'lib/active_directory.rb', line 44 def bind return false unless !@connection.nil? begin Timeout::timeout(10) do return (@connection.bind) ? true : false end rescue Timeout::Error return false end end |
#create_account(user) ⇒ Object
Create a user account in active directory Return message as “Success”, “Unwilling to perform”, “Entity exists” or “No such object”
57 58 59 60 61 62 63 64 |
# File 'lib/active_directory.rb', line 57 def create_account(user) if self.bind @connection.add(:dn => user.ldap_distinguished_name(user), :attributes => ldap_attributes(user)) return @connection.get_operation_result. else return false end end |
#create_active_directory_account(user) ⇒ Object
Creates an Active Directory account for the user If this fails, it returns an error message as a string, else it returns true
11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
# File 'lib/active_directory.rb', line 11 def create_active_directory_account(user) # reject blank emails return "Empty email address" if user.email.blank? # log what is happening logger.debug("Attempting to create active directory account for " + user.email) # extract domain from email domain = user.email.split('@')[1] # Confirm domain name accuracy if domain != GOOGLE_DOMAIN logger.debug("Domain (" + domain + ") is not the same as the google domain (" + GOOGLE_DOMAIN) return "Domain (" + domain + ") is not the same as the google domain (" + GOOGLE_DOMAIN + ")" end # Attempt to create active directory account active_directory_service = ActiveDirectory.new if active_directory_service.create_account(user) == "Success" user.active_directory_account_created = Time.now() user.save end end |
#ldap_attributes(user) ⇒ Object
Build attributes for active directory account Code 512 creates standard user account and enables it
68 69 70 71 72 73 74 75 76 77 78 79 80 81 |
# File 'lib/active_directory.rb', line 68 def ldap_attributes(user) attributes = { :cn => user.human_name, :mail => user.email, :objectclass => ["top", "person", "organizationalPerson", "user"], :userPrincipalName => user.email, :unicodePwd => password_encode('Just4now' + Time.now.to_f.to_s[-4, 4]), :userAccountControl => "512", :sn => user.last_name, :givenName => user.first_name, :displayName => user.human_name } return attributes end |
#ldap_distinguished_name(user) ⇒ Object
Build user distinguished name for active directory account
84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 |
# File 'lib/active_directory.rb', line 84 def ldap_distinguished_name(user) distinguished_name = "cn=#{user.human_name}," base_distinguished_name = "dc=cmusv,dc=sv,dc=cmu,dc=local" if user.is_staff distinguished_name += "ou=Staff,ou=Sync," elsif !user.masters_program.blank? distinguished_name += "ou=" + user.masters_program + ",ou=Students,ou=Sync," else distinguished_name += "ou=Sync," end distinguished_name += base_distinguished_name return distinguished_name end |
#password_encode(password) ⇒ Object
Convert password to unicode format
101 102 103 104 105 106 |
# File 'lib/active_directory.rb', line 101 def password_encode(password) result = "" password = "\"" + password + "\"" password.length.times { |i| result+= "#{password[i..i]}\000" } return result end |
#reset_password(user, new_pass) ⇒ Object
Reset active directory password
117 118 119 120 121 122 123 124 125 |
# File 'lib/active_directory.rb', line 117 def reset_password(user, new_pass) if self.bind distinguished_name = ldap_distinguished_name(user) @connection.replace_attribute distinguished_name, :unicodePwd, password_encode(new_pass) return @connection.get_operation_result. else return false end end |
#send_password_reset_token(user) ⇒ Object
Send active directory password reset token
109 110 111 112 113 114 |
# File 'lib/active_directory.rb', line 109 def send_password_reset_token(user) user.set_password_reset_token self.password_reset_sent_at = Time.zone.now user.save! PasswordMailer.password_reset(user).deliver end |