Class: ActiveDirectory::User

Inherits:

Base

• Object
• Base
• ActiveDirectory::User

Defined in:

lib/active_directory/user.rb

Overview

Represents a User object within an Active Directory instance.

Constant Summary

ATTRIBUTES =

Attributes that we wish to pull from Active Directory for any User that can be located within the directory.

["displayName",        # Name (e.g. "John Doe")
"givenName",          # Given (First) Name
"sn",                 # Surname (Last)
"distinguishedName",  # DN of User
"sAMAccountName",     # Account Name
"mail",               # Primary E-Mail Address
"manager",            # DN Reference to Manager
"directReports",      # DN References to Minions
"memberOf",           # Group Membership
"company",            # Company Name
"department",         # Department Name
"title",              # Title
"mobile",             # Mobile Phone Number
"telephoneNumber",    # Primary Phone Number
"streetAddress",      # Street Address
"l",                  # City
"st",                 # State
"postalCode",         # Zip Code
"co"]

Instance Attribute Summary

• #city ⇒ Object readonly

  City / Town.

• #company ⇒ Object readonly

  Company Name.

• #country ⇒ Object readonly

  Country.

• #department ⇒ Object readonly

  Department Name.

• #direct_reports ⇒ Object readonly

  Proxy for loading and returning the users who report directly to this user.

• #dn ⇒ Object readonly

  Distinguished Name (DN).

• #email ⇒ Object readonly

  Primary E-Mail Address.

• #given_name ⇒ Object readonly

  Given Name (e.g. “John”).

• #groups ⇒ Object readonly

  Proxy for loading and returning the group membership of this user.

• #main_number ⇒ Object readonly

  Primary Phone Number.

• #manager ⇒ Object readonly

  Proxy for loading and returning this users’ manager.

• #mobile_number ⇒ Object readonly

  Mobile Number.

• #name ⇒ Object readonly

  Display Name (e.g. “John Q. Public”).

• #state ⇒ Object readonly

  State/Province.

• #street_address ⇒ Object readonly

  Street Address.

• #surname ⇒ Object readonly

  Surname (e.g. “Public”).

• #title ⇒ Object readonly

  Job Title.

• #username ⇒ Object readonly

  Account/Username (e.g. “jpublic”).

• #zip ⇒ Object readonly

  Zip/Postal Code.

Instance Method Summary

• #authenticate(password) ⇒ Object

  Attempts to authenticate the loaded user with the supplied password.

• #initialize(identifier) ⇒ User constructor

  Attempts to load a User by a Distinguished Name (DN) or sAMAccountName.

• #member_of?(group) ⇒ Boolean

  Determines if the user is a member of the given group.

• #to_s ⇒ Object

  Conveniently return the name of the User if the object is called directly.

Methods inherited from Base

close, connect, connection, find, logger, reconnect

Constructor Details

#initialize(identifier) ⇒ User

Attempts to load a User by a Distinguished Name (DN) or sAMAccountName.

# File 'lib/active_directory/user.rb', line 116

def initialize(identifier)

  if (identifier =~ /(CN|cn)=/) != nil
    load_by_dn(identifier)
  else
    load_by_username(identifier)
  end

end

Instance Attribute Details

#city ⇒ Object (readonly)

City / Town

# File 'lib/active_directory/user.rb', line 69

def city
  @city
end

#company ⇒ Object (readonly)

Company Name

# File 'lib/active_directory/user.rb', line 54

def company
  @company
end

#country ⇒ Object (readonly)

Country

# File 'lib/active_directory/user.rb', line 78

def country
  @country
end

#department ⇒ Object (readonly)

Department Name

# File 'lib/active_directory/user.rb', line 57

def department
  @department
end

#direct_reports ⇒ Object (readonly)

Proxy for loading and returning the users who report directly to this user.

# File 'lib/active_directory/user.rb', line 81

def direct_reports
  @direct_reports
end

#dn ⇒ Object (readonly)

Distinguished Name (DN)

# File 'lib/active_directory/user.rb', line 33

def dn
  @dn
end

#email ⇒ Object (readonly)

Primary E-Mail Address

# File 'lib/active_directory/user.rb', line 45

def email
  @email
end

#given_name ⇒ Object (readonly)

Given Name (e.g. “John”)

# File 'lib/active_directory/user.rb', line 39

def given_name
  @given_name
end

#groups ⇒ Object (readonly)

Proxy for loading and returning the group membership of this user.

# File 'lib/active_directory/user.rb', line 87

def groups
  @groups
end

#main_number ⇒ Object (readonly)

Primary Phone Number

# File 'lib/active_directory/user.rb', line 60

def main_number
  @main_number
end

#manager ⇒ Object (readonly)

Proxy for loading and returning this users’ manager.

# File 'lib/active_directory/user.rb', line 84

def manager
  @manager
end

#mobile_number ⇒ Object (readonly)

Mobile Number

# File 'lib/active_directory/user.rb', line 63

def mobile_number
  @mobile_number
end

#name ⇒ Object (readonly)

Display Name (e.g. “John Q. Public”)

# File 'lib/active_directory/user.rb', line 36

def name
  @name
end

#state ⇒ Object (readonly)

State/Province

# File 'lib/active_directory/user.rb', line 72

def state
  @state
end

#street_address ⇒ Object (readonly)

Street Address

# File 'lib/active_directory/user.rb', line 66

def street_address
  @street_address
end

#surname ⇒ Object (readonly)

Surname (e.g. “Public”)

# File 'lib/active_directory/user.rb', line 42

def surname
  @surname
end

#title ⇒ Object (readonly)

Job Title

# File 'lib/active_directory/user.rb', line 51

def title
  @title
end

#username ⇒ Object (readonly)

Account/Username (e.g. “jpublic”)

# File 'lib/active_directory/user.rb', line 48

def username
  @username
end

#zip ⇒ Object (readonly)

Zip/Postal Code

# File 'lib/active_directory/user.rb', line 75

def zip
  @zip
end

Instance Method Details

#authenticate(password) ⇒ Object

Attempts to authenticate the loaded user with the supplied password. Returns true if the authentication attempt was successful.

Raises:

• (PasswordInvalid)

# File 'lib/active_directory/user.rb', line 130

def authenticate(password)

  # Clean up the password before we run it through our series of tests.
  password.strip!

  # If no password was specified, raise an exception. This check must
  # occur to avoid a huge security hole if anonymous bind is on - if this
  # check is not performed, someone can authenticate without providing a
  # password when anonymous bind is turned on.
  raise PasswordInvalid unless (!password.nil? and password.length > 0)

  # Clone our shared connection for isolated use in determining the
  # validity of our user's credentials.
  auth_connection = Base.connection.clone

  # Unbind the connection if it is already bound.
  auth_connection.unbind if auth_connection.bound?

  begin

    # Attempt to bind to the connection as the currently loaded user with
    # the supplied password.
    auth_connection.bind("#{@username}@#{@@server_settings[:domain]}",
                         password)

    return true

  rescue LDAP::ResultError
    if ($!.to_s == "Invalid credentials")
      raise PasswordInvalid
    else
      raise
    end
  ensure
    auth_connection.unbind
    auth_connection = nil
  end

  return false

end

#member_of?(group) ⇒ Boolean

Determines if the user is a member of the given group. Returns true if the user is in the passed group.

Returns:

• (Boolean)

# File 'lib/active_directory/user.rb', line 218

def member_of?(group)
  @groups.include?(group.dn)
end

#to_s ⇒ Object

Conveniently return the name of the User if the object is called directly.

# File 'lib/active_directory/user.rb', line 176

def to_s #:nodoc:
  @name
end