Module: Hydra::LDAP

Defined in:

lib/hydra-ldap.rb,
lib/hydra/ldap/engine.rb,
lib/hydra/ldap/version.rb

Defined Under Namespace

Classes: Engine, GroupNotFound, MissingOwnerError, NoUsersError

Constant Summary

VERSION =

"0.0.3"

Class Method Summary

• .add_users_to_group(group_code, users) ⇒ Object
• .connection ⇒ Object
• .create_group(code, description, owner, users) ⇒ Object
• .delete_group(code) ⇒ Object
• .dn(code) ⇒ Object
• .find_group(group_code) ⇒ Object
• .group_base ⇒ Object
• .groups_for_user(uid) ⇒ Object

  same as ldapsearch -h ec2-107-20-53-121.compute-1.amazonaws.com -p 389 -x -b dc=example,dc=com -D “cn=admin,dc=example,dc=com” -W “(&(objectClass=groupofnames)(member=uid=vanessa))” cn.

• .groups_owned_by_user(uid) ⇒ Object
• .invalidate_cache(group_code) ⇒ Object
• .ldap_config ⇒ Object
• .ldap_connection_config ⇒ Object
• .owner_for_group(group_code) ⇒ Object
• .remove_users_from_group(group_code, users) ⇒ Object
• .title_of_group(group_code) ⇒ Object
• .treebase ⇒ Object
• .users_for_group(group_code) ⇒ Object

Class Method Details

.add_users_to_group(group_code, users) ⇒ Object

# File 'lib/hydra-ldap.rb', line 94

def self.add_users_to_group(group_code, users)
  invalidate_cache(group_code)
  ops = []
  users.each do |u|
    ops << [:add, :member, "uid=#{u}"]
  end
  connection.modify(:dn=>dn(group_code), :operations=>ops)
end

.connection ⇒ Object

# File 'lib/hydra-ldap.rb', line 15

def self.connection
  @ldap_conn ||= Net::LDAP.new(ldap_connection_config) 
end

.create_group(code, description, owner, users) ⇒ Object

Raises:

• (NoUsersError)

# File 'lib/hydra-ldap.rb', line 51

def self.create_group(code, description, owner, users)
  raise NoUsersError, "Unable to persist a group without users" unless users.present?
  raise MissingOwnerError, "Unable to persist a group without owner" unless owner
  attributes = {
    :cn => code,
    :objectclass => "groupofnames",
    :description => description,
    :member=>users.map {|u| "uid=#{u}"},
    :owner=>"uid=#{owner}"
  }
  connection.add(:dn=>dn(code), :attributes=>attributes)
end

.delete_group(code) ⇒ Object

# File 'lib/hydra-ldap.rb', line 64

def self.delete_group(code)
  Hydra::LDAP.connection.delete(:dn=>dn(code))
end

.dn(code) ⇒ Object

# File 'lib/hydra-ldap.rb', line 47

def self.dn(code)
  dn = "cn=#{code},#{group_base}"
end

.find_group(group_code) ⇒ Object

Raises:

• (GroupNotFound)

# File 'lib/hydra-ldap.rb', line 117

def self.find_group(group_code)
  @cache ||= {}
  return @cache[group_code] if @cache[group_code]
  result = Hydra::LDAP.connection.search(:base=>group_base, :filter=> Net::LDAP::Filter.construct("(&(objectClass=groupofnames)(cn=#{group_code}))"), :attributes=>['member', 'owner', 'description'])
  val = {}
  raise GroupNotFound, "Can't find group '#{group_code}' in ldap" unless result.first
  result.first.each do |k, v|
    val[k] = v
  end
  #puts "Val is: #{val}"
  @cache[group_code] = val
end

.group_base ⇒ Object

# File 'lib/hydra-ldap.rb', line 39

def self.group_base
  ldap_config[:group_base]
end

.groups_for_user(uid) ⇒ Object

same as ldapsearch -h ec2-107-20-53-121.compute-1.amazonaws.com -p 389 -x -b dc=example,dc=com -D “cn=admin,dc=example,dc=com” -W “(&(objectClass=groupofnames)(member=uid=vanessa))” cn

# File 'lib/hydra-ldap.rb', line 70

def self.groups_for_user(uid)
  result = Hydra::LDAP.connection.search(:base=>group_base, :filter=> Net::LDAP::Filter.construct("(&(objectClass=groupofnames)(member=uid=#{uid}))"), :attributes=>['cn'])
  result.map{|r| r[:cn].first}
end

.groups_owned_by_user(uid) ⇒ Object

# File 'lib/hydra-ldap.rb', line 75

def self.groups_owned_by_user(uid)
  result = Hydra::LDAP.connection.search(:base=>group_base, :filter=> Net::LDAP::Filter.construct("(&(objectClass=groupofnames)(owner=uid=#{uid}))"), :attributes=>['cn'])
  result.map{|r| r[:cn].first}
end

.invalidate_cache(group_code) ⇒ Object

# File 'lib/hydra-ldap.rb', line 112

def self.invalidate_cache(group_code)
  @cache ||= {}
  @cache[group_code] = nil
end

.ldap_config ⇒ Object

# File 'lib/hydra-ldap.rb', line 33

def self.ldap_config
  root = defined?(Rails) ? Rails.root : '.'
  env = defined?(Rails) ?  Rails.env : 'test'
  @ldap_config ||= YAML::load(ERB.new(IO.read(File.join(root, 'config', 'hydra-ldap.yml'))).result)[env].with_indifferent_access
end

.ldap_connection_config ⇒ Object

# File 'lib/hydra-ldap.rb', line 19

def self.ldap_connection_config
  return @ldap_connection_config if @ldap_connection_config
  @ldap_connection_config = {}
  yml = ldap_config
  @ldap_connection_config[:host] = yml[:host]
  @ldap_connection_config[:port] = yml[:port]
  if yml[:username] && yml[:password]
    @ldap_connection_config[:auth]={:method=>:simple}
    @ldap_connection_config[:auth][:username] = yml[:username]
    @ldap_connection_config[:auth][:password] = yml[:password]
  end
  @ldap_connection_config
end

.owner_for_group(group_code) ⇒ Object

# File 'lib/hydra-ldap.rb', line 89

def self.owner_for_group(group_code)
  result = find_group(group_code)
  result[:owner].first.sub(/^uid=/, '')
end

.remove_users_from_group(group_code, users) ⇒ Object

# File 'lib/hydra-ldap.rb', line 103

def self.remove_users_from_group(group_code, users)
  invalidate_cache(group_code)
  ops = []
  users.each do |u|
    ops << [:delete, :member, "uid=#{u}"]
  end
  connection.modify(:dn=>dn(group_code), :operations=>ops)
end

.title_of_group(group_code) ⇒ Object

# File 'lib/hydra-ldap.rb', line 79

def self.title_of_group(group_code)
  result = find_group(group_code)
  result[:description].first
end

.treebase ⇒ Object

# File 'lib/hydra-ldap.rb', line 43

def self.treebase
  ldap_config[:base]
end

.users_for_group(group_code) ⇒ Object

# File 'lib/hydra-ldap.rb', line 84

def self.users_for_group(group_code)
  result = find_group(group_code)
  result[:member].map { |v| v.sub(/^uid=/, '') }
end