Class: GitHub::Ldap::MemberSearch::ActiveDirectory

Inherits:

Object
Base
GitHub::Ldap::MemberSearch::ActiveDirectory

Defined in:: lib/github/ldap/member_search/active_directory.rb

Overview

Look up group members using the ActiveDirectory “in chain” matching rule.

The 1.2.840.113556.1.4.1941 matching rule (LDAP_MATCHING_RULE_IN_CHAIN) “walks the chain of ancestry in objects all the way to the root until it finds a match”. Source: msdn.microsoft.com/en-us/library/aa746475(v=vs.85).aspx

This means we have an efficient method of searching for group members, even in nested groups, performed on the server side.

Constant Summary collapse

OID =

"1.2.840.113556.1.4.1941"

DEFAULT_ATTRS =

Internal: The default attributes to query for. NOTE: We technically don’t need any by default, but if we left this empty, we’d be querying for all attributes which is less ideal.

%w(objectClass)

Instance Attribute Summary collapse

#attrs ⇒ Object readonly

Internal: The attributes to search for.

Attributes inherited from Base

#ldap

Instance Method Summary collapse

#initialize(ldap, options = {}) ⇒ ActiveDirectory constructor

Public: Instantiate new search strategy.
#member_of_in_chain_filter(entry) ⇒ Object

Internal: Constructs a member filter using the “in chain” extended matching rule afforded by ActiveDirectory.
#perform(group) ⇒ Object

Public: Performs search for group members, including groups and members of subgroups, using ActiveDirectory’s “in chain” matching rule.

Constructor Details

#initialize(ldap, options = {}) ⇒ `ActiveDirectory`

Public: Instantiate new search strategy.

ldap: GitHub::Ldap object
options: Hash of options

NOTE: This overrides default behavior to configure attrs`.

# File 'lib/github/ldap/member_search/active_directory.rb', line 30

def initialize(ldap, options = {})
  super
  @attrs = Array(options[:attrs]).concat DEFAULT_ATTRS
end

Instance Attribute Details

#attrs ⇒ `Object` (readonly)

Internal: The attributes to search for.



22
23
24

# File 'lib/github/ldap/member_search/active_directory.rb', line 22

def attrs
  @attrs
end

Instance Method Details

#member_of_in_chain_filter(entry) ⇒ `Object`

Internal: Constructs a member filter using the “in chain” extended matching rule afforded by ActiveDirectory.

Returns a Net::LDAP::Filter object.



54
55
56

# File 'lib/github/ldap/member_search/active_directory.rb', line 54

def member_of_in_chain_filter(entry)
  Net::LDAP::Filter.ex("memberOf:#{OID}", entry.dn)
end

#perform(group) ⇒ `Object`

Public: Performs search for group members, including groups and members of subgroups, using ActiveDirectory’s “in chain” matching rule.

Returns Array of Net::LDAP::Entry objects.

# File 'lib/github/ldap/member_search/active_directory.rb', line 40

def perform(group)
  filter = member_of_in_chain_filter(group)

  # search for all members of the group, including subgroups, by
  # searching "in chain".
  domains.each_with_object([]) do |domain, members|
    members.concat domain.search(filter: filter, attributes: attrs)
  end
end