Module: GitHub::Ldap::Filter

Included in:: Domain, Group, MemberSearch::Recursive, MembershipValidators::Recursive, UserSearch::Default, VirtualGroup

Defined in:: lib/github/ldap/filter.rb

Constant Summary collapse

ALL_GROUPS_FILTER =

Net::LDAP::Filter.eq("objectClass", "groupOfNames") |
Net::LDAP::Filter.eq("objectClass", "groupOfUniqueNames") |
Net::LDAP::Filter.eq("objectClass", "posixGroup") |
Net::LDAP::Filter.eq("objectClass", "group")

MEMBERSHIP_NAMES =

%w(member uniqueMember)

Instance Method Summary collapse

#all_members_by_uid(uids, uid_attr) ⇒ Object

Filter to get all the members of a group which uid is included in ‘memberUid`.
#group_contains_filter(query) ⇒ Object

Filter groups that match a query cn.
#group_filter(group_names) ⇒ Object

Filter to get the configured groups in the ldap server.
#login_filter(uid, login) ⇒ Object

Filter to map a uid with a login.
#member_filter(entry = nil) ⇒ Object

Filter to check group membership.
#members_of_group(group_dn, attr = 'memberOf') ⇒ Object

Filter to get all the members of a group using the virtual attribute ‘memberOf`.
#posix_member_filter(entry_or_uid, uid_attr = nil) ⇒ Object

Filter to check group membership for posixGroups.
#subgroups_of_group(group_dn, attr = 'memberOf') ⇒ Object

Filter to get all the members of a group that are groups using the virtual attribute ‘memberOf`.

Instance Method Details

#all_members_by_uid(uids, uid_attr) ⇒ `Object`

Filter to get all the members of a group which uid is included in ‘memberUid`.

uids: is an array with all the uids to search. uid_attr: is the names of the uid attribute in the directory.

Returns a Net::LDAP::Filter



106
107
108

# File 'lib/github/ldap/filter.rb', line 106

def all_members_by_uid(uids, uid_attr)
  uids.map {|uid| Net::LDAP::Filter.eq(uid_attr, uid)}.reduce(:|)
end

#group_contains_filter(query) ⇒ `Object`

Filter groups that match a query cn.

query: is a string to match the cn with.

Returns a Net::LDAP::Filter.



76
77
78

# File 'lib/github/ldap/filter.rb', line 76

def group_contains_filter(query)
  Net::LDAP::Filter.contains("cn", query) & ALL_GROUPS_FILTER
end

#group_filter(group_names) ⇒ `Object`

Filter to get the configured groups in the ldap server. Takes the list of the group names and generate a filter for the groups with cn that match.

group_names: is an array of group CNs.

Returns a Net::LDAP::Filter.



18
19
20

# File 'lib/github/ldap/filter.rb', line 18

def group_filter(group_names)
  group_names.map {|g| Net::LDAP::Filter.eq("cn", g)}.reduce(:|)
end

#login_filter(uid, login) ⇒ `Object`

Filter to map a uid with a login. It escapes the login before creating the filter.

uid: the entry field to map. login: the login to map.

Returns a Net::LDAP::Filter.



67
68
69

# File 'lib/github/ldap/filter.rb', line 67

def login_filter(uid, login)
  Net::LDAP::Filter.eq(uid, Net::LDAP::Filter.escape(login))
end

#member_filter(entry = nil) ⇒ `Object`

Filter to check group membership.

entry: finds groups this entry is a member of (optional)

Expects a Net::LDAP::Entry or String DN.

Returns a Net::LDAP::Filter.

# File 'lib/github/ldap/filter.rb', line 28

def member_filter(entry = nil)
  if entry
    entry = entry.dn if entry.respond_to?(:dn)
    MEMBERSHIP_NAMES.
      map {|n| Net::LDAP::Filter.eq(n, entry) }.reduce(:|)
  else
    MEMBERSHIP_NAMES.
      map {|n| Net::LDAP::Filter.pres(n) }.     reduce(:|)
  end
end

#members_of_group(group_dn, attr = 'memberOf') ⇒ `Object`

Filter to get all the members of a group using the virtual attribute ‘memberOf`.

group_dn: is the group dn to look members for. attr: is the membership attribute.

Returns a Net::LDAP::Filter



86
87
88

# File 'lib/github/ldap/filter.rb', line 86

def members_of_group(group_dn, attr = 'memberOf')
  Net::LDAP::Filter.eq(attr, group_dn)
end

#posix_member_filter(entry_or_uid, uid_attr = nil) ⇒ `Object`

Filter to check group membership for posixGroups.

Used by Domain#membership when posix_support_enabled? is true.

entry: finds groups this Net::LDAP::Entry is a member of uid_attr: specifies the memberUid attribute to match with

Returns a Net::LDAP::Filter or nil if no entry has no UID set.

# File 'lib/github/ldap/filter.rb', line 47

def posix_member_filter(entry_or_uid, uid_attr = nil)
  case entry_or_uid
  when Net::LDAP::Entry
    entry = entry_or_uid
    if !entry[uid_attr].empty?
      entry[uid_attr].map { |uid| Net::LDAP::Filter.eq("memberUid", uid) }.
                      reduce(:|)
    end
  when String
    Net::LDAP::Filter.eq("memberUid", entry_or_uid)
  end
end

#subgroups_of_group(group_dn, attr = 'memberOf') ⇒ `Object`

Filter to get all the members of a group that are groups using the virtual attribute ‘memberOf`.

group_dn: is the group dn to look members for. attr: is the membership attribute.

Returns a Net::LDAP::Filter



96
97
98

# File 'lib/github/ldap/filter.rb', line 96

def subgroups_of_group(group_dn, attr = 'memberOf')
  Net::LDAP::Filter.eq(attr, group_dn) & ALL_GROUPS_FILTER
end

Module: GitHub::Ldap::Filter

Constant Summary collapse

Instance Method Summary collapse

Instance Method Details

#all_members_by_uid(uids, uid_attr) ⇒ Object

#group_contains_filter(query) ⇒ Object

#group_filter(group_names) ⇒ Object

#login_filter(uid, login) ⇒ Object

#member_filter(entry = nil) ⇒ Object

#members_of_group(group_dn, attr = 'memberOf') ⇒ Object

#posix_member_filter(entry_or_uid, uid_attr = nil) ⇒ Object

#subgroups_of_group(group_dn, attr = 'memberOf') ⇒ Object

#all_members_by_uid(uids, uid_attr) ⇒ `Object`

#group_contains_filter(query) ⇒ `Object`

#group_filter(group_names) ⇒ `Object`

#login_filter(uid, login) ⇒ `Object`

#member_filter(entry = nil) ⇒ `Object`

#members_of_group(group_dn, attr = 'memberOf') ⇒ `Object`

#posix_member_filter(entry_or_uid, uid_attr = nil) ⇒ `Object`

#subgroups_of_group(group_dn, attr = 'memberOf') ⇒ `Object`