Class: GitHub::Ldap::MemberSearch::ActiveDirectory
- Defined in:
- lib/github/ldap/member_search/active_directory.rb
Overview
Look up group members using the ActiveDirectory “in chain” matching rule.
The 1.2.840.113556.1.4.1941 matching rule (LDAP_MATCHING_RULE_IN_CHAIN) “walks the chain of ancestry in objects all the way to the root until it finds a match”. Source: msdn.microsoft.com/en-us/library/aa746475(v=vs.85).aspx
This means we have an efficient method of searching for group members, even in nested groups, performed on the server side.
Constant Summary collapse
- OID =
"1.2.840.113556.1.4.1941"
- DEFAULT_ATTRS =
Internal: The default attributes to query for. NOTE: We technically don’t need any by default, but if we left this empty, we’d be querying for all attributes which is less ideal.
%w(objectClass)
Instance Attribute Summary collapse
-
#attrs ⇒ Object
readonly
Internal: The attributes to search for.
Attributes inherited from Base
Instance Method Summary collapse
-
#initialize(ldap, options = {}) ⇒ ActiveDirectory
constructor
Public: Instantiate new search strategy.
-
#member_of_in_chain_filter(entry) ⇒ Object
Internal: Constructs a member filter using the “in chain” extended matching rule afforded by ActiveDirectory.
-
#perform(group) ⇒ Object
Public: Performs search for group members, including groups and members of subgroups, using ActiveDirectory’s “in chain” matching rule.
Constructor Details
#initialize(ldap, options = {}) ⇒ ActiveDirectory
Public: Instantiate new search strategy.
-
ldap: GitHub::Ldap object
-
options: Hash of options
NOTE: This overrides default behavior to configure attrs`.
30 31 32 33 |
# File 'lib/github/ldap/member_search/active_directory.rb', line 30 def initialize(ldap, = {}) super @attrs = Array([:attrs]).concat DEFAULT_ATTRS end |
Instance Attribute Details
#attrs ⇒ Object (readonly)
Internal: The attributes to search for.
22 23 24 |
# File 'lib/github/ldap/member_search/active_directory.rb', line 22 def attrs @attrs end |
Instance Method Details
#member_of_in_chain_filter(entry) ⇒ Object
Internal: Constructs a member filter using the “in chain” extended matching rule afforded by ActiveDirectory.
Returns a Net::LDAP::Filter object.
54 55 56 |
# File 'lib/github/ldap/member_search/active_directory.rb', line 54 def member_of_in_chain_filter(entry) Net::LDAP::Filter.ex("memberOf:#{OID}", entry.dn) end |
#perform(group) ⇒ Object
Public: Performs search for group members, including groups and members of subgroups, using ActiveDirectory’s “in chain” matching rule.
Returns Array of Net::LDAP::Entry objects.
40 41 42 43 44 45 46 47 48 |
# File 'lib/github/ldap/member_search/active_directory.rb', line 40 def perform(group) filter = member_of_in_chain_filter(group) # search for all members of the group, including subgroups, by # searching "in chain". domains.each_with_object([]) do |domain, members| members.concat domain.search(filter: filter, attributes: attrs) end end |