class LdapFluff::FreeIPA

Public Class Methods

new(config = {}) click to toggle source
Calls superclass method LdapFluff::Generic.new
# File lib/ldap_fluff/freeipa.rb, line 3
def initialize(config = {})
  @base       = config.base_dn
  @bind_user  = config.service_user
  @bind_pass  = config.service_pass
  @anon       = config.anon_queries
  super
end

Public Instance Methods

bind?(uid = nil, password = nil) click to toggle source
# File lib/ldap_fluff/freeipa.rb, line 11
def bind?(uid = nil, password = nil)
  @ldap.auth("uid=#{uid},cn=users,cn=accounts,#{@base}", password)
  @ldap.bind
end
group_exists?(gid) click to toggle source
Calls superclass method LdapFluff::Generic#group_exists?
# File lib/ldap_fluff/freeipa.rb, line 47
def group_exists?(gid)
  service_bind
  super
end
groups_for_uid(uid) click to toggle source
Calls superclass method LdapFluff::Generic#groups_for_uid
# File lib/ldap_fluff/freeipa.rb, line 16
def groups_for_uid(uid)
  begin
  service_bind
  super
  rescue MemberService::InsufficientQueryPrivilegesException
    raise UnauthenticatedException, "Insufficient Privileges to query groups data"
  end
end
is_in_groups(uid, gids = [], all = true) click to toggle source

In freeipa, a simple user query returns a full set of nested groups! yipee

gids should be an array of group common names

returns true if owner is in ALL of the groups if all=true, otherwise returns true if owner is in ANY of the groups

# File lib/ldap_fluff/freeipa.rb, line 32
def is_in_groups(uid, gids = [], all = true)
  service_bind
  groups = @member_service.find_user_groups(uid)
  if all
    return groups & gids == gids
  else
    return groups & gids != []
  end
end
user_exists?(uid) click to toggle source
Calls superclass method LdapFluff::Generic#user_exists?
# File lib/ldap_fluff/freeipa.rb, line 42
def user_exists?(uid)
  service_bind
  super
end

Private Instance Methods

users_from_search_results(search, method) click to toggle source
# File lib/ldap_fluff/freeipa.rb, line 54
def users_from_search_results(search, method)
  # Member results come in the form uid=sampleuser,cn=users, etc.. or gid=samplegroup,cn=groups
  users = []

  search.send(method).each do |member|
    type = member.downcase.split(',')[1]
    if type == 'cn=users'
      users << @member_service.get_logins([member])
    elsif type == 'cn=groups'
      users << users_for_gid(member.split(',')[0].split('=')[1])
    end
  end

  users.flatten.uniq
end