class LdapFluff::FreeIPA
Attributes
ldap[RW]
member_service[RW]
Public Class Methods
new(config = {})
click to toggle source
# File lib/ldap_fluff/freeipa.rb, line 5 def initialize(config = {}) @ldap = Net::LDAP.new(:host => config.host, :base => config.base_dn, :port => config.port, :encryption => config.encryption) @group_base = config.group_base || config.base_dn @base = config.base_dn @bind_user = config.service_user @bind_pass = config.service_pass @anon = config.anon_queries @member_service = MemberService.new(@ldap, @group_base) end
Public Instance Methods
bind?(uid = nil, password = nil)
click to toggle source
# File lib/ldap_fluff/freeipa.rb, line 19 def bind?(uid = nil, password = nil) @ldap.auth("uid=#{uid},cn=users,cn=accounts,#{@base}", password) @ldap.bind end
group_exists?(gid)
click to toggle source
# File lib/ldap_fluff/freeipa.rb, line 70 def group_exists?(gid) begin service_bind @member_service.find_group(gid) rescue MemberService::GIDNotFoundException return false end return true end
groups_for_uid(uid)
click to toggle source
# File lib/ldap_fluff/freeipa.rb, line 24 def groups_for_uid(uid) service_bind begin @member_service.find_user_groups(uid) rescue MemberService::UIDNotFoundException return [] rescue MemberService::InsufficientQueryPrivilegesException raise UnauthenticatedFreeIPAException, "Insufficient Privileges to query groups data" end end
is_in_groups(uid, gids = [], all = true)
click to toggle source
In freeipa, a simple user query returns a full set of nested groups! yipee
gids should be an array of group common names
returns true if owner is in ALL of the groups if all=true, otherwise returns true if owner is in ANY of the groups
# File lib/ldap_fluff/freeipa.rb, line 50 def is_in_groups(uid, gids = [], all = true) service_bind groups = @member_service.find_user_groups(uid) if all return groups & gids == gids else return groups & gids != [] end end
service_bind()
click to toggle source
AD generally does not support un-authenticated searching Typically AD admins configure a public user for searching
# File lib/ldap_fluff/freeipa.rb, line 37 def service_bind unless @anon || bind?(@bind_user, @bind_pass) raise UnauthenticatedFreeIPAException, "Could not bind to FreeIPA Query User" end end
user_exists?(uid)
click to toggle source
# File lib/ldap_fluff/freeipa.rb, line 60 def user_exists?(uid) begin service_bind @member_service.find_user(uid) rescue MemberService::UIDNotFoundException return false end return true end