class UC3Ldap::LDAPClient
LDAP Client
Attributes
Public Class Methods
Source
# File app/lib/client/ldap/ldap.rb, line 8 def self.client UC3::UC3Client.clients.fetch(self.class.to_s, LDAPClient.new) end
Source
# File app/lib/client/ldap/ldap.rb, line 12 def initialize @users = {} @collections = {} @collection_arks = {} @roles = {} @ldapconf = UC3::UC3Client.lookup_map_by_filename( 'app/config/mrt/ldap.lookup.yml', key: ENV.fetch('configkey', 'default'), symbolize_names: true ) # puts "LDAP HOST: #{@ldapconf.fetch(:host, '')}:#{@ldapconf.fetch(:port, '1389')}" @ldap_connect = { host: @ldapconf.fetch(:host, ''), port: @ldapconf.fetch(:port, '1389').to_i, auth: { method: :simple, username: @ldapconf.fetch(:admin_user, ''), password: @ldapconf.fetch(:admin_password, '') }, connect_timeout: @ldapconf.fetch(:connect_timeout, '60').to_i } if @ldapconf.fetch(:encryption, '') == 'simple_tls' @ldap_connect[:encryption] = { method: :simple_tls, tls_options: { ssl_version: @ldapconf.fetch('tls', 'TLSv1_2') } } end @ldap = Net::LDAP.new(@ldap_connect) @ldap.bind super(enabled: true) rescue Errno::ECONNRESET => e puts "(LDAP Conn Reset) #{e.class}: #{e};" super(enabled: false, message: e.to_s) rescue Errno::ECONNREFUSED => e puts "(LDAP Conn Refused) #{e.class}: #{e};" super(enabled: false, message: e.to_s) rescue StandardError => e puts "(LDAP) #{e.class}: #{e};" super(enabled: false, message: e.to_s) end
Calls superclass method
UC3::UC3Client::new
Public Instance Methods
Source
# File app/lib/client/ldap/ldap.rb, line 102 def apply_collection_role_changes(coll, newperms) %w[read write download admin].each do |perm| users = newperms.fetch(perm.to_sym, []) update_collection_role(coll, perm, users) end end
Source
# File app/lib/client/ldap/ldap.rb, line 72 def coll_displayname(coll) return col unless @collections.key?(coll) @collections[coll].description end
Source
# File app/lib/client/ldap/ldap.rb, line 78 def collection_detail_records(coll) return [] unless @collections.key?(coll) @collections.fetch(coll).detail_records end
Source
# File app/lib/client/ldap/ldap.rb, line 109 def collection_detail_records_for_ark(ark) return [] unless @collection_arks.key?(ark) @collection_arks.fetch(ark).detail_records end
Source
# File app/lib/client/ldap/ldap.rb, line 317 def collection_details_table(collection, roles) table = AdminUI::FilterTable.new( columns: [ AdminUI::Column.new(:user, header: 'User'), AdminUI::Column.new(:read, header: 'Read'), AdminUI::Column.new(:write, header: 'Write'), AdminUI::Column.new(:download, header: 'Download'), AdminUI::Column.new(:admin, header: 'Admin') ], description: "[Edit Roles for Collection](/ldap/collections/edit/#{collection})" ) roles.each_value do |role| table.add_row(AdminUI::Row.make_row(table.columns, { user: { value: role.user, href: "/ldap/users/#{role.user}" }, read: role.read, write: role.write, download: role.download, admin: role.admin })) end table end
Source
# File app/lib/client/ldap/ldap.rb, line 84 def collection_perm_records(coll) collperms = { read: [], write: [], download: [], admin: [] } return collperms unless @collections.key?(coll) @collections.fetch(coll).detail_records.each_value do |role| collperms[:read] << role.user if role.read collperms[:write] << role.user if role.write collperms[:download] << role.user if role.download collperms[:admin] << role.user if role.admin end collperms end
Source
# File app/lib/client/ldap/ldap.rb, line 275 def collections_table table = AdminUI::FilterTable.new( columns: [ AdminUI::Column.new(:mnemonic, header: 'Mnemonic'), AdminUI::Column.new(:unlinked, header: 'Unlinked'), AdminUI::Column.new(:arkid, header: 'Ark'), AdminUI::Column.new(:description, header: 'Description'), AdminUI::Column.new(:profile, header: 'Profile'), AdminUI::Column.new(:read_count, header: 'Read Count'), AdminUI::Column.new(:write_count, header: 'Write Count'), AdminUI::Column.new(:download_count, header: 'Download Count'), AdminUI::Column.new(:admin_count, header: 'Admin Count') ] ) collections_table_data.each do |coll| table.add_row(AdminUI::Row.make_row(table.columns, coll)) end table end
Source
# File app/lib/client/ldap/ldap.rb, line 257 def collections_table_data arr = [] @collections.each_value do |coll| arr.append({ mnemonic: { value: coll.mnemonic, href: "/ldap/collections/details/#{coll.mnemonic}" }, unlinked: coll.unlinked, description: coll.description, profile: coll.profile, arkid: coll.ark, read_count: coll.read_count, write_count: coll.write_count, download_count: coll.download_count, admin_count: coll.admin_count }) end arr end
Source
# File app/lib/client/ldap/ldap.rb, line 372 def create_collection(mnemonic, ark, description) dn = "ou=#{mnemonic},ou=mrt-classes,ou=uc3,dc=cdlib,dc=org" attributes = { objectclass: %w[top merrittClass organizationalUnit], submissionProfile: "#{mnemonic}_content", description: description, ou: mnemonic, arkId: ark } @ldap.add(dn: dn, attributes: attributes) end
Source
# File app/lib/client/ldap/ldap.rb, line 389 def create_collection_groups(body) j = JSON.parse(body) ark = j.fetch('ark', '') description = j.fetch('description', '') messages = [] mnemonic = j.fetch('mnemonic', '') if create_collection(mnemonic, ark, description) messages << "Created collection #{mnemonic} #{ark} #{description}" messages << 'Read role created' if create_collection_role(mnemonic, 'read', default_users(:default_read)) messages << 'Write role created' if create_collection_role(mnemonic, 'write', default_users(:default_write)) messages << 'Download role created' if create_collection_role(mnemonic, 'download', default_users(:default_download)) messages << 'Admin role created' if create_collection_role(mnemonic, 'admin', default_users(:default_admin)) end { message: messages.join(";\n"), redirect: '/ldap/collections', modal: true } end
Source
# File app/lib/client/ldap/ldap.rb, line 340 def create_collection_role(mnemonic, perm, users) dn = "cn=#{perm},ou=#{mnemonic},ou=mrt-classes,ou=uc3,dc=cdlib,dc=org" attributes = { objectclass: %w[top groupOfUniqueNames], cn: perm, uniquemember: [] } users.each do |u| attributes[:uniquemember] << "uid=#{u},ou=People,ou=uc3,dc=cdlib,dc=org" end @ldap.add(dn: dn, attributes: attributes) end
Source
# File app/lib/client/ldap/ldap.rb, line 385 def default_users(role) @ldapconf.fetch(role, '').gsub(/\s*/, '').split(',') end
Source
# File app/lib/client/ldap/ldap.rb, line 204 def format(attr, val) if attr == 'uniquemember' str = '' val.entries.each do |entry| str = "#{str}," unless str.empty? str = "#{str}#{normalize_dn(entry)}" end return str end val = normalize_dn(v.to_s) if %w[uniquemember dn].include?(attr) val end
Source
# File app/lib/client/ldap/ldap.rb, line 119 def group_base @ldapconf.fetch('group_base', '') end
Source
# File app/lib/client/ldap/ldap.rb, line 123 def load load_users load_collections load_roles end
Source
# File app/lib/client/ldap/ldap.rb, line 143 def load_collections @ldap.search(base: group_base, filter: Net::LDAP::Filter.eq('arkId', '*')) do |entry| coll = LdapCollection.new(entry) @collections[coll.mnemonic] = coll @collection_arks[coll.ark] = coll end end
Source
# File app/lib/client/ldap/ldap.rb, line 151 def load_roles @ldap.search(base: group_base, filter: Net::LDAP::Filter.eq('uniquemember', '*')) do |entry| role = LdapRole.new(entry) coll = nil if @collections.key?(role.coll) coll = @collections[role.coll] coll.add_role(role, role.users.length) else coll = LdapCollection.new(nil, role.coll) @collections[role.coll] = coll puts "LDAP: Not found: [#{role.coll}]" end role.set_collection(coll) role.users.each do |u| user = nil if @users.key?(u) user = @users[u] else puts "LDAP: Not found: [#{u}]" user = LdapUser.new(nil, u) @users[u] = user end role.add_user(user) user.add_role(role, 1) end @roles[role.dn] = role end end
Source
# File app/lib/client/ldap/ldap.rb, line 129 def load_users attr = %i[ dn objectclass mail sn tzregion cn arkid givenname userpassword displayname uid ds-pwp-last-login-time ] @ldap.search(base: user_base, attributes: attr) do |entry| user = LdapUser.new(entry) next if user.uid.nil? next if user.uid.empty? @users[user.uid] = user end end
Source
# File app/lib/client/ldap/ldap.rb, line 200 def normalize_dn(dispname) dispname.gsub(',', '/').gsub('cn=', '').gsub('ou=', '').gsub('dc=', '').gsub('uid=', '') end
Source
# File app/lib/client/ldap/ldap.rb, line 186 def search(treebase, ldapattrs) rows = [] @ldap.search(base: treebase) do |entry| row = [] ldapattrs.each do |attr| v = format(attr, entry[attr]) row.append(v) end rows.append(row) end rows end
github.com/CDLUC3/mrt-dashboard/blob/master/app/lib/group_ldap.rb github.com/CDLUC3/mrt-dashboard/blob/master/app/lib/institution_ldap.rb github.com/CDLUC3/mrt-dashboard/blob/master/app/lib/user_ldap.rb roles: cn,dn,objectclass,uniquemember users: dn,objectclass,mail,sn,tzregion,cn,arkid,givenname,telephonenumber,userpassword,displayname,uid
Source
# File app/lib/client/ldap/ldap.rb, line 354 def update_collection_role(mnemonic, perm, users) dn = "cn=#{perm},ou=#{mnemonic},ou=mrt-classes,ou=uc3,dc=cdlib,dc=org" data = users.map do |u| "uid=#{u},ou=People,ou=uc3,dc=cdlib,dc=org" end res = @ldap.replace_attribute(dn, :uniquemember, data) res ||= @ldap.add( dn: dn, attributes: { objectclass: %w[top groupOfUniqueNames], cn: perm, uniquemember: data } ) res end
Source
# File app/lib/client/ldap/ldap.rb, line 115 def user_base @ldapconf.fetch('user_base', '') end
Source
# File app/lib/client/ldap/ldap.rb, line 66 def user_detail_records(uid) return [] unless @users.key?(uid) @users.fetch(uid).detail_records end
Source
# File app/lib/client/ldap/ldap.rb, line 295 def user_details_table(roles) table = AdminUI::FilterTable.new( columns: [ AdminUI::Column.new(:collection, header: 'Collection'), AdminUI::Column.new(:read, header: 'Read'), AdminUI::Column.new(:write, header: 'Write'), AdminUI::Column.new(:download, header: 'Download'), AdminUI::Column.new(:admin, header: 'Admin') ] ) roles.each_value do |role| table.add_row(AdminUI::Row.make_row(table.columns, { collection: { value: role.collection, href: "/ldap/collections/details/#{role.collection}" }, read: role.read, write: role.write, download: role.download, admin: role.admin })) end table end
Source
# File app/lib/client/ldap/ldap.rb, line 60 def user_displayname(uid) return uid unless @users.key?(uid) @users[uid].displayname end
Source
# File app/lib/client/ldap/ldap.rb, line 236 def users_table table = AdminUI::FilterTable.new( columns: [ AdminUI::Column.new(:uid, header: 'User id'), AdminUI::Column.new(:unlinked, header: 'Unlinked'), AdminUI::Column.new(:email, header: 'Email'), AdminUI::Column.new(:displayname, header: 'Display Name'), AdminUI::Column.new(:arkid, header: 'Ark'), AdminUI::Column.new(:lastaccess, header: 'Last Access'), AdminUI::Column.new(:read_count, header: 'Read Count'), AdminUI::Column.new(:write_count, header: 'Write Count'), AdminUI::Column.new(:download_count, header: 'Download Count'), AdminUI::Column.new(:admin_count, header: 'Admin Count') ] ) users_table_data.each do |user| table.add_row(AdminUI::Row.make_row(table.columns, user)) end table end
Source
# File app/lib/client/ldap/ldap.rb, line 217 def users_table_data arr = [] @users.each_value do |user| arr.append({ uid: { value: user.uid, href: "/ldap/users/#{user.uid}" }, unlinked: user.unlinked, email: user.email, displayname: user.displayname, arkid: user.ark, lastaccess: user.lastaccess, read_count: user.read_count, write_count: user.write_count, download_count: user.download_count, admin_count: user.admin_count }) end arr end