|
|
|
@ -29,10 +29,7 @@ |
|
|
|
|
|
|
|
|
|
namespace :ldap do |
|
|
|
|
|
|
|
|
|
desc 'Register a LDAP auth source for the given LDAP URL and attribute mapping: ' \ |
|
|
|
|
'rake ldap:register["url=<URL>, name=<Name>, onthefly=<true,false>, map_{login,firstname,lastname,mail}=attribute"]' |
|
|
|
|
task register: :environment do |
|
|
|
|
|
|
|
|
|
def parse_args |
|
|
|
|
# Rake croaks when using commas in default args without properly escaping |
|
|
|
|
args = {} |
|
|
|
|
ARGV.drop(1).each do |arg| |
|
|
|
@ -40,11 +37,59 @@ namespace :ldap do |
|
|
|
|
args[key.to_sym] = val |
|
|
|
|
end |
|
|
|
|
|
|
|
|
|
args |
|
|
|
|
end |
|
|
|
|
|
|
|
|
|
desc 'Synchronize users from the LDAP auth source with an optional filter' \ |
|
|
|
|
'rake ldap:sync["name=<LdapAuthSource Name>", filter=<Optional RFC2254 filter string>]' |
|
|
|
|
task sync: :environment do |
|
|
|
|
args = parse_args |
|
|
|
|
ldap = LdapAuthSource.find_by!(name: args.fetch(:name)) |
|
|
|
|
|
|
|
|
|
# Only get the required args for syncing |
|
|
|
|
attributes = ['dn', ldap.attr_firstname, ldap.attr_lastname, ldap.attr_mail, ldap.attr_login] |
|
|
|
|
|
|
|
|
|
# Map user attributes to their ldap counterpart |
|
|
|
|
ar_map = Hash[ %w(firstname lastname mail login).zip(attributes.drop(1)) ] |
|
|
|
|
|
|
|
|
|
# Parse filter string if available |
|
|
|
|
filter = Net::LDAP::Filter.from_rfc2254 args.fetch(:filter, 'objectClass = *') |
|
|
|
|
|
|
|
|
|
# Open LDAP connection |
|
|
|
|
ldap_con = ldap.send(:initialize_ldap_con, ldap.account, ldap.account_password) |
|
|
|
|
|
|
|
|
|
User.transaction do |
|
|
|
|
results = ldap_con.search(base: ldap.base_dn, filter: filter) do |entry| |
|
|
|
|
|
|
|
|
|
user = User.find_or_initialize_by(login: entry[ldap.attr_login]) |
|
|
|
|
user.attributes = { |
|
|
|
|
firstname: entry[ldap.attr_firstname], |
|
|
|
|
lastname: entry[ldap.attr_lastname], |
|
|
|
|
mail: entry[ldap.attr_mail], |
|
|
|
|
admin: entry[ldap.attr_admin], |
|
|
|
|
auth_source: ldap |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if user.changed? |
|
|
|
|
Rails.logger.info "Updated user #{user.login} due to ldap synchronization" |
|
|
|
|
user.save |
|
|
|
|
end |
|
|
|
|
end |
|
|
|
|
end |
|
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
desc 'Register a LDAP auth source for the given LDAP URL and attribute mapping: ' \ |
|
|
|
|
'rake ldap:register["url=<URL> name=<Name> onthefly=<true,false>map_{login,firstname,lastname,mail,admin}=attribute"]' |
|
|
|
|
task register: :environment do |
|
|
|
|
args = parse_args |
|
|
|
|
|
|
|
|
|
url = URI.parse(args[:url]) |
|
|
|
|
unless %w(ldap ldaps).include?(url.scheme) |
|
|
|
|
raise "Expected #{args[:url]} to be a valid ldap(s) URI." |
|
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
source = LdapAuthSource.new name: args[:name], |
|
|
|
|
host: url.host, |
|
|
|
|
port: url.port, |
|
|
|
@ -56,7 +101,8 @@ namespace :ldap do |
|
|
|
|
attr_login: args[:map_login], |
|
|
|
|
attr_firstname: args[:map_firstname], |
|
|
|
|
attr_lastname: args[:map_lastname], |
|
|
|
|
attr_mail: args[:map_mail] |
|
|
|
|
attr_mail: args[:map_mail], |
|
|
|
|
attr_admin: args[:map_admin] |
|
|
|
|
|
|
|
|
|
if source.save |
|
|
|
|
puts "Saved new LDAP auth source #{args[:name]}." |
|
|
|
|