Class: AdDir::User

Inherits:
Entry
  • Object
show all
Extended by:
CommonUserAttributes
Defined in:
lib/ad_dir/user.rb

Overview

AdDir::User models a 'User' entry in an Active Directory.

For a description of the most common CRUD actions have a look at Entry.

In addition to these basic functions User offers methods to list and manage Group relationships.

List Groups

  • #group_names List the names of all groups a user belongs to:
  jdoe = AdDir::User.find('jdoe')
  jdoe.group_names
  #=> ["testgroup", "admin", "lpadmi"]
  • #groups fetch all groups a user belongs to
  jdoe.groups
  #=> [#<AdDir::Group dn: "cn=testgroup...">, #<AdDir::Group dn: "cn.." ...]
  • #memberof display the DNs of all groups a user belongs to.
   jdoe.memberof
   # => ["CN=Testgroup,OU=groups,Dc...", ...]

Modifying Group Relationships

Note: Contrary to modifications of 'normal' attributes modifications of group relationships are instantly saved!

Add to Group

  lpa_gr = AdDir::Group.find('lpadmin')
  jdoe.add_group(lpa_gr)

Remove group

  lpa_gr = AdDir::Group.find('lpadmin')
  jdoe.remove_group(lpa_gr)

Constant Summary collapse

OBJECTCATEGORY =

This is used for building any filter search for a User. (objectcategory=#{OBJECTCATEGORY}).

'person'.freeze

Constants inherited from Entry

Entry::FIND_METHOD_REGEXP

Class Method Summary collapse

Instance Method Summary collapse

Methods included from CommonUserAttributes

map_common_attrs

Methods inherited from Entry

#[], #[]=, _select_dn, all, #attribute_for_inspect, #attribute_present?, #attributes, category_filter, #changed?, #changes, connection, #connection, create, #destroy, from_ldap_entry, #get_value, #initialize, #inspect, #modify, #new_entry?, parent_name, primary_key, primary_key=, #raw_attributes, #reload!, #save, select_dn, sibling_klass, #string_inspect, tree_base, tree_base=, where

Methods included from DerivedAttributes

#created_at, #derived_attribute_names, #objectguid_decoded, #objectsid_decoded, #updated_at

Constructor Details

This class inherits a constructor from AdDir::Entry

Dynamic Method Handling

This class handles dynamic methods through the method_missing method in the class AdDir::Entry

Class Method Details

.group_klass<Class>

Get the correct Group class.

When querying and managing group subclasses of this class have to get the correct Group model:

  module B
    class User < AdDir::User
    end

    class Group < AdDir::Group
    end
  end

  u = B::User.group_klass
  # => B::Group

If there is no class B::Group any group related methods will fail.

If you want to override this method simply set the class instance variable @group_klass to your custom group class:

  module B
    class User < AdDir::User
      @group_klass = C::Group
    end
  end
  #
  B::User.group_klass
  # => C::Group

Returns:

  • (<Class>)

109
110
111
112
# File 'lib/ad_dir/user.rb', line 109

def self.group_klass
  return @group_klass if defined? @group_klass
  @group_klass = sibling_klass('Group')
end

Instance Method Details

#add_group(group) ⇒ Object

Add a group


189
190
191
192
193
194
195
196
197
# File 'lib/ad_dir/user.rb', line 189

def add_group(group)
  return if memberof.include?(group.dn)
  if group.add_user(self)
    reload!
    memberof
  else
    false
  end
end

#group_namesArray<String>

Return an array of group names.

Returns:

  • (Array<String>)

    the group names


166
167
168
169
170
171
172
173
# File 'lib/ad_dir/user.rb', line 166

def group_names
  # In order to avoid multiple ldap-connection requests we do not
  # iterate over `.groups` (AKA @attributes[:memberof] but extract
  # the names from the DNs and return the CN part.
  @ldap_entry[:memberof].map do |dn|
    dn.split(',').first.split('=').last
  end.sort
end

#groupsArray<Group>

Return an array of the Group objects the user is member of.

Returns:

  • (Array<Group>)

    the groups the user is member of.


159
160
161
162
# File 'lib/ad_dir/user.rb', line 159

def groups
  # self[:memberof].map { |dn| Group.select_dn(dn) }
  self[:memberof].map { |dn| self.class.group_klass.select_dn(dn) }
end

#memberofObject

Explicit method to prevent User to fail when no group is defined. The original Net::LDAP::Entry#[](name) method silently adds a new attribute when it is not available. However the calling some_LDAP_Entry_instance.<non_existing_attr> fails with a No Method Error. A user without groups has no :memberof attributes, but we silently add it.


182
183
184
185
# File 'lib/ad_dir/user.rb', line 182

def memberof
  return @ldap_entry[:memberof] if attribute_present?(:memberof)
  @ldap_entry[:memberof] = []
end

#password=(val) ⇒ Object

Encodes and sets the provided clear text password

See Also:

  • AdDir::Utitlities.unicodepwd

117
118
119
# File 'lib/ad_dir/user.rb', line 117

def password=(val)
  @ldap_entry[:unicodePwd] = AdDir::Utilities.unicodepwd(val)
end

#primary_groupObject

Returns the primary_group of the user. The attribute :primarygroupid to construct the primarygroupSID and retrieve it from the AD.


131
132
133
134
135
# File 'lib/ad_dir/user.rb', line 131

def primary_group
  # @primary_group ||= Group.find_by_objectsid(primary_group_sid)
  @primary_group ||= self.class.group_klass
    .find_by_objectsid(primary_group_sid)
end

#primary_group_sidObject

The SID of the primary group is based on the User's SID

The last element of the user's SID is replaced with the value of :primarygroupid

Examples:

user = AdDir::User.find('jdoe')
user.objectsid_decoded
# => "S-1-5-21-15115519-869956856-4114428504-1105"
user.primarygroupid
# => "3912"
user.primary_group_sid
# => "S-1-5-21-15115519-869956856-4114428504-3912"

151
152
153
154
155
# File 'lib/ad_dir/user.rb', line 151

def primary_group_sid
  @primary_group_sid ||= [
    objectsid_decoded.split('-')[0...-1], @ldap_entry[:primarygroupid]
  ].join('-')
end

#remove_group(group) ⇒ Object

Remove a group


201
202
203
204
205
206
207
208
# File 'lib/ad_dir/user.rb', line 201

def remove_group(group)
  if group_names.include?(group.name)
    group.remove_user(self)
    @ldap_entry[:memberof].delete_if { |dn| dn == group.dn }
  end
  # return the new list of groups
  groups
end

#uac_decodedHash<String>

Decodes the binary :useraccountcontrol attribute

Returns:

  • (Hash<String>)

    a hash containing names and hex-values of the properties set.


124
125
126
# File 'lib/ad_dir/user.rb', line 124

def uac_decoded
  AdDir::Utilities.uac_decode(@ldap_entry[:useraccountcontrol].first)
end