Class: Cloudscaling::LDAPUtils
- Inherits:
-
Object
- Object
- Cloudscaling::LDAPUtils
- Defined in:
- lib/cloudscaling/ldap.rb
Overview
Tools for interacting with LDAP using a TCP connection
Class Method Summary collapse
- .first_item(dn) ⇒ Object
- .openssl_extract_cert(rawcert) ⇒ Object
- .openssl_extract_key(rawcert, passphrase = nil) ⇒ Object
-
.ssha_password(clear_password, salt = nil) ⇒ Object
Generate a rfc2307 SSHA-hashed password in the format that slapd likes www.openldap.org/faq/data/cache/347.html.
Instance Method Summary collapse
-
#add_entry(dn, attrs) ⇒ Object
Add an entry to the directory dn: Distinguished name of the new entry attrs: hash of entry attributes.
-
#add_or_update_entry(dn, attrs) ⇒ Object
Add or update a directory entry.
- #dn_exists?(dn) ⇒ Boolean
-
#initialize(server, port = 389, auth_dn = nil, password = nil, tls_enable = true) ⇒ LDAPUtils
constructor
A new instance of LDAPUtils.
Constructor Details
#initialize(server, port = 389, auth_dn = nil, password = nil, tls_enable = true) ⇒ LDAPUtils
Returns a new instance of LDAPUtils.
137 138 139 140 141 142 143 144 145 146 147 |
# File 'lib/cloudscaling/ldap.rb', line 137 def initialize(server, port = 389, auth_dn = nil, password = nil, tls_enable = true) args = { host: server, port: port } auth_dn && args.update(auth: { method: :simple, username: auth_dn, password: password }) tls_enable && args.update(encryption: { method: :start_tls }) @ldap = Net::LDAP.new(args) @ldap.bind || fail("LDAP bind failed: #{@ldap.get_operation_result}") end |
Class Method Details
.first_item(dn) ⇒ Object
171 172 173 174 |
# File 'lib/cloudscaling/ldap.rb', line 171 def self.first_item(dn) m = dn.match(/^([^=]+)=([^,]+)/) { m[1] => m[2] } end |
.openssl_extract_cert(rawcert) ⇒ Object
149 150 151 |
# File 'lib/cloudscaling/ldap.rb', line 149 def self.openssl_extract_cert(rawcert) OpenSSL::X509::Certificate.new(rawcert).to_s end |
.openssl_extract_key(rawcert, passphrase = nil) ⇒ Object
153 154 155 |
# File 'lib/cloudscaling/ldap.rb', line 153 def self.openssl_extract_key(rawcert, passphrase = nil) OpenSSL::PKey.read(rawcert, passphrase).to_s end |
.ssha_password(clear_password, salt = nil) ⇒ Object
Generate a rfc2307 SSHA-hashed password in the format that slapd likes www.openldap.org/faq/data/cache/347.html
159 160 161 162 163 164 165 166 167 168 169 |
# File 'lib/cloudscaling/ldap.rb', line 159 def self.ssha_password(clear_password, salt = nil) unless salt len = 16 base = 16 # rubocop:disable Style/SingleLineBlockParams salt = len.times.reduce('') { |a| a << rand(base).to_s(base) } end digest = Digest::SHA1.digest("#{clear_password}#{salt}") hash = Base64.encode64("#{digest}#{salt}").chomp "{SSHA}#{hash}" end |
Instance Method Details
#add_entry(dn, attrs) ⇒ Object
Add an entry to the directory dn: Distinguished name of the new entry attrs: hash of entry attributes
185 186 187 188 189 |
# File 'lib/cloudscaling/ldap.rb', line 185 def add_entry(dn, attrs) # Chef::Log.info "Add LDAP entry: #{dn} #{attrs}" @ldap.add(dn: dn, attributes: attrs) || fail("LDAP add failure: #{@ldap.get_operation_result}") end |
#add_or_update_entry(dn, attrs) ⇒ Object
Add or update a directory entry. If the entry exists, any attributes provided to this function will be updated with a “replace” operation, which will add the attributes if necessary, and replace all values of the attribute otherwise.
195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 |
# File 'lib/cloudscaling/ldap.rb', line 195 def add_or_update_entry(dn, attrs) ret = @ldap.search(base: dn, scope: Net::LAP::SearchScope_BaseObject, return_result: true) entries && entries.size > 1 && fail("#{dn} matches more than one entry") if ret.nil? add_entry(dn, attrs) else entry = ret.first ops = attrs.each_with_object(Array.new) do |(k, v), acc| acc << [:replace, k, v] unless entry[k] == [v].flatten end # Chef::Log.info("Update LDAP entry: dn=#{dn}") @ldap.modify(dn: dn, operations: ops) || fail("LDAP update failure: #{@ldap.get_operation_result}") end end |
#dn_exists?(dn) ⇒ Boolean
176 177 178 179 180 |
# File 'lib/cloudscaling/ldap.rb', line 176 def dn_exists?(dn) @ldap.search(base: dn, scope: Net::LDAP::SearchScope_BaseObject, return_result: false) end |