class LdapFluff::ActiveDirectory
Attributes
ldap[RW]
member_service[RW]
Public Class Methods
new(config = {})
click to toggle source
# File lib/ldap_fluff/active_directory.rb, line 4 def initialize(config = {}) @ldap = Net::LDAP.new(:host => config.host, :base => config.base_dn, :port => config.port, :encryption => config.encryption) @group_base = config.group_base || config.base_dn @ad_domain = config.ad_domain @bind_user = config.service_user @bind_pass = config.service_pass @anon = config.anon_queries @member_service = MemberService.new(@ldap, @group_base) end
Public Instance Methods
bind?(uid = nil, password = nil)
click to toggle source
# File lib/ldap_fluff/active_directory.rb, line 18 def bind?(uid = nil, password = nil) @ldap.auth("#{uid}@#{@ad_domain}", password) @ldap.bind end
group_exists?(gid)
click to toggle source
# File lib/ldap_fluff/active_directory.rb, line 66 def group_exists?(gid) begin service_bind @member_service.find_group(gid) rescue MemberService::GIDNotFoundException return false end return true end
groups_for_uid(uid)
click to toggle source
returns the list of groups to which a user belongs this query is simpler in active directory
# File lib/ldap_fluff/active_directory.rb, line 33 def groups_for_uid(uid) service_bind begin @member_service.find_user_groups(uid) rescue MemberService::UIDNotFoundException return [] end end
is_in_groups(uid, gids = [], all = false)
click to toggle source
active directory stores group membership on a users model TODO: query by group individually not like this
# File lib/ldap_fluff/active_directory.rb, line 44 def is_in_groups(uid, gids = [], all = false) service_bind return true if gids == [] begin groups = @member_service.find_user_groups(uid) intersection = gids & groups return (all ? intersection == gids : intersection.size > 0) rescue MemberService::UIDNotFoundException return false end end
service_bind()
click to toggle source
AD generally does not support un-authenticated searching Typically AD admins configure a public user for searching
# File lib/ldap_fluff/active_directory.rb, line 25 def service_bind unless @anon || bind?(@bind_user, @bind_pass) raise UnauthenticatedActiveDirectoryException, "Could not bind to AD Service User" end end
user_exists?(uid)
click to toggle source
# File lib/ldap_fluff/active_directory.rb, line 56 def user_exists?(uid) begin service_bind @member_service.find_user(uid) rescue MemberService::UIDNotFoundException return false end return true end