Module: Socialcast::LdapIntegration

Defined in:

lib/socialcast/ldap_integration.rb,
lib/socialcast/ldap_integration/version.rb

Constant Summary

NULL_FILTER =

::Net::LDAP::Filter.pres("objectclass")

VERSION =

"1.1.30"

Class Method Summary

• .authenticated?(identifier, password, options = {}) ⇒ Boolean

  Supported options: [:identifying_field] the field which is being used to look up the user.

• .available? ⇒ Boolean
• .config ⇒ Object
• .config=(config) ⇒ Object
• .connect(options = {}) ⇒ Object

  Connects to the Directory servers specified in the configuration.

• .connect_to(connection_options) ⇒ Object
• .discover_base_dn(identifying_field, identifier) ⇒ Object

  Identifying field will be something like “mail” or “sAMAccountName”.

• .fetch_account_info(identifier, options = {}) ⇒ Object
• .mirror_lazily? ⇒ Boolean
• .mirroring_field?(field) ⇒ Boolean

  Returns true if LDAP will manage the user field with the given name.

• .schedule ⇒ Object
• .scheduled? ⇒ Boolean
• .search(options = {}) ⇒ Object

  Supported options [:filter] A string representing the search filter to use instead of the default search filter.

• .user_present_in_directory?(identifier, options) ⇒ Boolean
• .with_connections(options = {}) {|connections| ... } ⇒ Object

Class Method Details

.authenticated?(identifier, password, options = {}) ⇒ Boolean

Supported options:

:identifying_field

the field which is being used to look up the user. Should probably be ‘company_login’ or ‘email’.

Defaults to 'company_login'

Returns:

• (Boolean)

# File 'lib/socialcast/ldap_integration.rb', line 132

def self.authenticated?(identifier, password, options = {})
  return false if password.blank?
  return false if !self.user_present_in_directory?(identifier, options)

  identifying_field = options.reverse_merge!({:identifying_field => 'company_login'}).delete(:identifying_field)

  Socialcast::LdapIntegration.connect do |ldap, connection|
    connection_options = {}
    connection_options.reverse_merge! options
    base = connection['base']
    host = connection['host']
    port = connection['port']
    map = connection['map']

    if base.blank?
      base = self.discover_base_dn(map[identifying_field], identifier)
    end

    connection_options.reverse_merge!({
      :host => host, 
      :port => port, 
      :base => base, 
      :filter => "#{map[identifying_field]}=#{identifier}", 
      :password => password
    })
    return true if !ldap.bind_as(connection_options).blank?
  end
  return false
end

.available? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/socialcast/ldap_integration.rb', line 18

def self.available?
  return false unless self.config

  return self.config['connections'].all? do |connection|
    self.connection_fields_present?(connection) && self.required_fields_present?(connection)
  end
end

.config ⇒ Object

# File 'lib/socialcast/ldap_integration.rb', line 10

def self.config
  @@config
end

.config=(config) ⇒ Object

# File 'lib/socialcast/ldap_integration.rb', line 14

def self.config=(config)
  @@config = config
end

.connect(options = {}) ⇒ Object

Connects to the Directory servers specified in the configuration.

Supported Options:

:config

One or more LDAP connection specifications to connect to, overrides those in LdapIntegration.config

Yields:

• Connected and authenticated Net::LDAP object

• Connection settings for the connection

Raises:

• (ArgumentError)

# File 'lib/socialcast/ldap_integration.rb', line 62

def self.connect(options={})
  raise ArgumentError.new("connect requires a block, see connect_to") unless block_given?

  config = options[:config] ? [options[:config]] : Socialcast::LdapIntegration.config['connections']
  config.each do |connection_options|
    ldap = connect_to(connection_options)
    yield(ldap, connection_options)
  end
  nil
end

.connect_to(connection_options) ⇒ Object

# File 'lib/socialcast/ldap_integration.rb', line 82

def self.connect_to(connection_options)
  searcher_username = connection_options['searcher_username']
  searcher_password = connection_options['searcher_password']
  base = connection_options['base']
  host = connection_options['host']
  port = connection_options['port']
  ssl = connection_options['ssl']
  options = {:host => host, :port => port, :base => base}
  options[:encryption] = :simple_tls if ssl
  ldap = Net::LDAP.new options
  ldap.auth searcher_username, searcher_password

  return ldap
end

.discover_base_dn(identifying_field, identifier) ⇒ Object

Identifying field will be something like “mail” or “sAMAccountName”

# File 'lib/socialcast/ldap_integration.rb', line 169

def self.discover_base_dn(identifying_field, identifier)
  sanitized_field_name = identifying_field.downcase.to_sym
  Socialcast::LdapIntegration.search do |entry, connection| 
    if entry.respond_to?(sanitized_field_name) && entry.send(sanitized_field_name).first == identifier
      return entry.dn
    end
  end
  ""
end

.fetch_account_info(identifier, options = {}) ⇒ Object

# File 'lib/socialcast/ldap_integration.rb', line 195

def self.fetch_account_info(identifier, options = {})
  identifying_field = options.delete(:identifying_field) || 'company_login'
  matched_account = nil

  self.connect do |ldap, connection|
    map = connection["map"]
    base = connection["base"]
    if base.blank?
      base = discover_base_dn(map[identifying_field], identifier)  
    end
    filter = self.construct_filter_for_search(connection, nil, "#{map[identifying_field]}=#{identifier}")
    ldap.search(:base => base, :filter => filter[:filter]) do |entry, connection|
      matched_account = entry
    end
    if matched_account
      mapped_account_info = HashWithIndifferentAccess.new
      map.each_pair do |sc_field, ldap_field|
        mapped_account_info[sc_field] = matched_account[ldap_field].first unless ldap_field.blank?
      end
      return mapped_account_info
    end
  end

  nil
end

.mirror_lazily? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/socialcast/ldap_integration.rb', line 30

def self.mirror_lazily?
  # should we really return true here if the connection is unavailable?
  return true unless self.available? 

  self.config['lazy_mirroring'].to_s == 'true'
end

.mirroring_field?(field) ⇒ Boolean

Returns true if LDAP will manage the user field with the given name

Returns:

• (Boolean)

# File 'lib/socialcast/ldap_integration.rb', line 180

def self.mirroring_field?(field)
  string_field = field.to_s
  if self.available? && (["password", "email"].include?(string_field))
    return true
  else
    ldap_connections = self.config["connections"]
    ldap_connections.each do |connection|
      map = connection["map"]
      field_populated = map.keys.include?(string_field) && !map[string_field].blank?
      return true if field_populated
    end
  end
  false
end

.schedule ⇒ Object

# File 'lib/socialcast/ldap_integration.rb', line 37

def self.schedule
  config = Socialcast::LdapIntegration.config
  cron_line = nil
  if config['enableLdapSchedule']
    case config['schedule']['checkFreq']
    when 'Hourly'
      cron_line = "0 */#{config['schedule']['hourInterval'].to_i} * * *"
    when 'Daily'
      cron_line = "0 #{config['schedule']['timeHour']} * * *"
    when 'Weekly'
      cron_line = "0 #{config['schedule']['timeHour']} * * #{config['schedule']['timeDay'].to_i + 1}"
    end
  end

  return cron_line
end

.scheduled? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/socialcast/ldap_integration.rb', line 26

def self.scheduled?
  self.config['enableLdapSchedule'].to_s == 'true'
end

.search(options = {}) ⇒ Object

Supported options

:filter

A string representing the search filter to use instead

of the default search filter.  Overrides any :auxiliary_filter 
option.

:auxiliary_filter

A string representing a search filter to use

in addition to the default search filter.  The two filters
will be combined using a logical AND.

:limit

A number representing the maxmimum number of records to

return, defaults to unlimited.

# File 'lib/socialcast/ldap_integration.rb', line 106

def self.search(options={})
  options.reverse_merge! :connect_options => {}
  Socialcast::LdapIntegration.connect(options.delete(:connect_options) || {}) do |ldap, connection|
    ldap_search_options = self.construct_filter_for_search(connection, options.delete(:filter), options.delete(:auxiliary_filter))
    ldap_search_options[:size] = options[:limit] if options.has_key?(:limit)
    ldap_search_options[:return_result] = false

    options_for_search = [ldap_search_options]

    if connection["base"].blank?
      tree_root = ldap.search_root_dse
      distinguished_names = Array.wrap(tree_root.namingcontexts)
      options_for_search = distinguished_names.map { |dn| ldap_search_options.merge(:base => dn ) }
    end

    options_for_search.each do |options|
      ldap.search(options) do |entry|
        yield(entry, connection) if block_given?
      end
    end
  end
end

.user_present_in_directory?(identifier, options) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/socialcast/ldap_integration.rb', line 162

def self.user_present_in_directory?(identifier, options)      
  account_info = self.fetch_account_info(identifier, options.dup)
  is_user_present = !account_info.nil?
  is_user_present
end

.with_connections(options = {}) {|connections| ... } ⇒ Object

Yields:

• (connections)

# File 'lib/socialcast/ldap_integration.rb', line 73

def self.with_connections(options={})
  connections = []
  connect(options) do |ldap, connection_options|
    connections << [ldap, connection_options]
  end
  yield connections
  nil
end