Add user import for ldap

pull/5120/head
Oliver Günther 8 years ago
parent 11600efa96
commit d9a47753f9
No known key found for this signature in database
GPG Key ID: 88872239EB414F99
  1. 56
      lib/tasks/ldap.rake

@ -29,10 +29,7 @@
namespace :ldap do
desc 'Register a LDAP auth source for the given LDAP URL and attribute mapping: ' \
'rake ldap:register["url=<URL>, name=<Name>, onthefly=<true,false>, map_{login,firstname,lastname,mail}=attribute"]'
task register: :environment do
def parse_args
# Rake croaks when using commas in default args without properly escaping
args = {}
ARGV.drop(1).each do |arg|
@ -40,11 +37,59 @@ namespace :ldap do
args[key.to_sym] = val
end
args
end
desc 'Synchronize users from the LDAP auth source with an optional filter' \
'rake ldap:sync["name=<LdapAuthSource Name>", filter=<Optional RFC2254 filter string>]'
task sync: :environment do
args = parse_args
ldap = LdapAuthSource.find_by!(name: args.fetch(:name))
# Only get the required args for syncing
attributes = ['dn', ldap.attr_firstname, ldap.attr_lastname, ldap.attr_mail, ldap.attr_login]
# Map user attributes to their ldap counterpart
ar_map = Hash[ %w(firstname lastname mail login).zip(attributes.drop(1)) ]
# Parse filter string if available
filter = Net::LDAP::Filter.from_rfc2254 args.fetch(:filter, 'objectClass = *')
# Open LDAP connection
ldap_con = ldap.send(:initialize_ldap_con, ldap.account, ldap.account_password)
User.transaction do
results = ldap_con.search(base: ldap.base_dn, filter: filter) do |entry|
user = User.find_or_initialize_by(login: entry[ldap.attr_login])
user.attributes = {
firstname: entry[ldap.attr_firstname],
lastname: entry[ldap.attr_lastname],
mail: entry[ldap.attr_mail],
admin: entry[ldap.attr_admin],
auth_source: ldap
}
if user.changed?
Rails.logger.info "Updated user #{user.login} due to ldap synchronization"
user.save
end
end
end
end
desc 'Register a LDAP auth source for the given LDAP URL and attribute mapping: ' \
'rake ldap:register["url=<URL> name=<Name> onthefly=<true,false>map_{login,firstname,lastname,mail,admin}=attribute"]'
task register: :environment do
args = parse_args
url = URI.parse(args[:url])
unless %w(ldap ldaps).include?(url.scheme)
raise "Expected #{args[:url]} to be a valid ldap(s) URI."
end
source = LdapAuthSource.new name: args[:name],
host: url.host,
port: url.port,
@ -56,7 +101,8 @@ namespace :ldap do
attr_login: args[:map_login],
attr_firstname: args[:map_firstname],
attr_lastname: args[:map_lastname],
attr_mail: args[:map_mail]
attr_mail: args[:map_mail],
attr_admin: args[:map_admin]
if source.save
puts "Saved new LDAP auth source #{args[:name]}."

Loading…
Cancel
Save