Module: ROM::Plugins::Relation::LDAP::ActiveDirectory

Defined in:

lib/rom/plugins/relation/ldap/active_directory.rb

Overview

Microsoft Active Directory specific extension.

Constant Summary

ACCOUNT_DISABLED =

2

ACCOUNT_TEMP_DUPLICATE =

256

ACCOUNT_NORMAL =

512

DOMAIN_CONTROLLER =

532_480

PREAUTH_NOT_REQUIRED =

Kerberos Preauthentication Disabled

4_194_304

ENCRYPTED_TEXT_PWD_ALLOWED =

128

GROUP_GLOBAL =

2

GROUP_LOCAL =

4

GROUP_UNIVERSAL =

8

GROUP_SECURITY_ENABLED =

2_147_483_648

HOMEDIR_REQUIRED =

8

INTERDOMAIN_TRUST_ACCOUNT =

2048

LOCKOUT =

16

MNS_LOGON_ACCOUNT =

131_072

NOT_DELEGATED =

1_048_576

PARTIAL_SECRETS_ACCOUNT =

67_108_864

PASSWORD_NOT_REQUIRED =

32

PASSWORD_CANT_CHANGE =

64

PASSWORD_DONT_EXPIRE =

65_536

SMARTCARD_REQUIRED =

Smart Card Login Enforced

262_144

PASSWORD_EXPIRED =

8_388_608

SCRIPT =

1

SERVER_TRUST_ACCOUNT =

8192

TRUSTED_FOR_DELEGATION =

524_288

TRUSTED_TO_AUTH_FOR_DELEGATION =

16_777_216

USE_DES_KEY_ONLY =

2_097_152

WORKSTATION_TRUST_ACCOUNT =

4096

RULE_BIT =

ROM::LDAP::OID[:matching_rule_bit_and]

RULE_CHAIN =

ROM::LDAP::OID[:matching_rule_in_chain]

FLAG =

"systemFlags:#{RULE_BIT}:"

GROUP =

"groupType:#{RULE_BIT}:"

MEMBER =

"memberOf:#{RULE_CHAIN}:"

OPTS =

"options:#{RULE_BIT}:"

UAC =

"userAccountControl:#{RULE_BIT}:"

Instance Method Summary

• #ad_accounts_all ⇒ Relation
• #ad_accounts_control(oid) ⇒ Object
• #ad_accounts_disabled ⇒ Relation

  AD_USER_DISABLED = Filter::Builder.ex(“userAccountControl:1.2.840.113556.1.4.803”, “2”).

• #ad_accounts_enabled ⇒ Object
• #ad_accounts_expired_password ⇒ Object
• #ad_accounts_hidden_email ⇒ Object
• #ad_accounts_insecure ⇒ Object
• #ad_accounts_membership(groupdn) ⇒ Object
• #ad_accounts_permanent_password ⇒ Object
• #ad_accounts_with_email ⇒ Object
• #ad_accounts_with_fax ⇒ Object

  FIXME: the attribute names should be original format? see for example ad_accounts_all.

• #ad_catalog_global ⇒ Object
• #ad_computers ⇒ Object
• #ad_contacts ⇒ Object
• #ad_controllers ⇒ Object
• #ad_exchanges ⇒ Object
• #ad_groups_empty ⇒ Object
• #ad_groups_security ⇒ Relation
• #ad_groups_universal ⇒ Object
• #ad_undeletable_object ⇒ Object
• #ad_unrenamable_object ⇒ Object
• #ambiguous(value) ⇒ Relation

  Ambiguous Name Resolution (ANR).

Instance Method Details

#ad_accounts_all ⇒ Relation

Returns:

• (Relation)

# File 'lib/rom/plugins/relation/ldap/active_directory.rb', line 73

def ad_accounts_all
  equal('sAMAccountType' => 805_306_368)
end

#ad_accounts_control(oid) ⇒ Object

# File 'lib/rom/plugins/relation/ldap/active_directory.rb', line 102

def ad_accounts_control(oid)
  ad_accounts_all.equal(UAC => oid)
end

#ad_accounts_disabled ⇒ Relation

AD_USER_DISABLED = Filter::Builder.ex(“userAccountControl:1.2.840.113556.1.4.803”, “2”)

Returns:

• (Relation)

# File 'lib/rom/plugins/relation/ldap/active_directory.rb', line 82

def ad_accounts_disabled
  ad_accounts_all.equal(UAC => ACCOUNT_DISABLED)
end

#ad_accounts_enabled ⇒ Object

# File 'lib/rom/plugins/relation/ldap/active_directory.rb', line 86

def ad_accounts_enabled
  ad_accounts_all.unequal(UAC => ACCOUNT_DISABLED)
end

#ad_accounts_expired_password ⇒ Object

# File 'lib/rom/plugins/relation/ldap/active_directory.rb', line 94

def ad_accounts_expired_password
  ad_accounts_all.equal(UAC => PASSWORD_EXPIRED)
end

#ad_accounts_hidden_email ⇒ Object

# File 'lib/rom/plugins/relation/ldap/active_directory.rb', line 121

def ad_accounts_hidden_email
  unequal(objectclass: 'publicFolder').equal(msexchhidefromaddresslists: 'TRUE')
end

#ad_accounts_insecure ⇒ Object

# File 'lib/rom/plugins/relation/ldap/active_directory.rb', line 90

def ad_accounts_insecure
  ad_accounts_all.equal(UAC => PASSWORD_NOT_REQUIRED)
end

#ad_accounts_membership(groupdn) ⇒ Object

# File 'lib/rom/plugins/relation/ldap/active_directory.rb', line 106

def ad_accounts_membership(groupdn)
  ad_accounts_all.equal(MEMBER => groupdn)
end

#ad_accounts_permanent_password ⇒ Object

# File 'lib/rom/plugins/relation/ldap/active_directory.rb', line 98

def ad_accounts_permanent_password
  ad_accounts_all.equal(UAC => PASSWORD_DONT_EXPIRE)
end

#ad_accounts_with_email ⇒ Object

# File 'lib/rom/plugins/relation/ldap/active_directory.rb', line 110

def ad_accounts_with_email
  ad_accounts_all.present(:mailnickname)
end

#ad_accounts_with_fax ⇒ Object

FIXME: the attribute names should be original format? see for example ad_accounts_all

# File 'lib/rom/plugins/relation/ldap/active_directory.rb', line 117

def ad_accounts_with_fax
  ad_accounts_all.equal(proxyaddresses: 'FAX:*')
end

#ad_catalog_global ⇒ Object

# File 'lib/rom/plugins/relation/ldap/active_directory.rb', line 145

def ad_catalog_global
  equal(objectcategory: 'nTDSDSA', OPTS => SCRIPT)
end

#ad_computers ⇒ Object

# File 'lib/rom/plugins/relation/ldap/active_directory.rb', line 149

def ad_computers
  equal(objectcategory: 'computer')
end

#ad_contacts ⇒ Object

# File 'lib/rom/plugins/relation/ldap/active_directory.rb', line 161

def ad_contacts
  equal(objectcategory: 'contact')
end

#ad_controllers ⇒ Object

# File 'lib/rom/plugins/relation/ldap/active_directory.rb', line 153

def ad_controllers
  ad_computers.equal(UAC => SERVER_TRUST_ACCOUNT)
end

#ad_exchanges ⇒ Object

# File 'lib/rom/plugins/relation/ldap/active_directory.rb', line 157

def ad_exchanges
  equal(objectclass: 'msExchExchangeServer').unequal(objectclass: 'msExchExchangeServerPolicy')
end

#ad_groups_empty ⇒ Object

# File 'lib/rom/plugins/relation/ldap/active_directory.rb', line 141

def ad_groups_empty
  equal(objectclass: 'group').missing(:member)
end

#ad_groups_security ⇒ Relation

Returns:

• (Relation)

# File 'lib/rom/plugins/relation/ldap/active_directory.rb', line 132

def ad_groups_security
  equal(GROUP => GROUP_SECURITY_ENABLED)
  # equal(grouptype: GROUP_SECURITY_ENABLED)
end

#ad_groups_universal ⇒ Object

# File 'lib/rom/plugins/relation/ldap/active_directory.rb', line 137

def ad_groups_universal
  equal(GROUP => GROUP_UNIVERSAL)
end

#ad_undeletable_object ⇒ Object

# File 'lib/rom/plugins/relation/ldap/active_directory.rb', line 169

def ad_undeletable_object
  equal(FLAG => -GROUP_SECURITY_ENABLED)
end

#ad_unrenamable_object ⇒ Object

# File 'lib/rom/plugins/relation/ldap/active_directory.rb', line 165

def ad_unrenamable_object
  equal(FLAG => 134_217_728)
end

#ambiguous(value) ⇒ Relation

Ambiguous Name Resolution (ANR)

Returns:

• (Relation)

# File 'lib/rom/plugins/relation/ldap/active_directory.rb', line 59

def ambiguous(value)
  equal('anr' => value)
end