Skeleton gem

.gitignore

@@ -16,3 +16,5 @@ tmp
 .yardoc
 _yardoc
 doc/
+
+*.swp

Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in hydra-ldap.gemspec
+gemspec

LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2012 TODO: Write your name
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -1,4 +1,34 @@
-hydra-ldap
-==========
+# Hydra::LDAP
 
-An ldap client for group management
+A gem for managing ldap groups used with hydra
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'hydra-ldap'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install hydra-ldap
+
+## Usage
+
+Create the config file (config/ldap.yml) by running:
+
+<pre>rails generate hydra-ldap</pre>
+
+
+<pre>Hydra::LDAP.create_group(code, description, owner, users)</pre>
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Added some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

Rakefile

@@ -0,0 +1,2 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"

hydra-ldap.gemspec

@@ -0,0 +1,21 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path('../lib/hydra-ldap/version', __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.authors       = ["Justin Coyne"]
+  gem.email         = ["justin.coyne@yourmediashelf.com"]
+  gem.description   = %q{A gem for managing groups with ldap}
+  gem.summary       = %q{Create, Read and Update LDAP groups}
+  gem.homepage      = "https://github.com/projecthydra/hydra-ldap"
+
+  gem.add_dependency('rails')
+  gem.add_dependency('net-ldap')
+
+
+  gem.files         = `git ls-files`.split($\)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.name          = "hydra-ldap"
+  gem.require_paths = ["lib"]
+  gem.version       = Hydra::LDAP::VERSION
+end

lib/hydra-ldap.rb

@@ -0,0 +1,124 @@
+require "hydra-ldap/version"
+
+module Hydra
+  module LDAP
+    # Your code goes here...
+    class NoUsersError < StandardError; end
+    class MissingOwnerError < StandardError; end
+    class GroupNotFound < StandardError; end
+
+    def self.connection
+      @ldap_conn ||= Net::LDAP.new(ldap_connection_config) 
+    end
+
+    def self.ldap_connection_config
+      return @ldap_connection_config if @ldap_connection_config
+      @ldap_connection_config = {}
+      yml = ldap_config
+      @ldap_connection_config[:host] = yml[:host]
+      @ldap_connection_config[:port] = yml[:port]
+      if yml[:username] && yml[:password]
+        @ldap_connection_config[:auth]={:method=>:simple}
+        @ldap_connection_config[:auth][:username] = yml[:username]
+        @ldap_connection_config[:auth][:password] = yml[:password]
+      end
+      @ldap_connection_config
+    end
+
+    def self.ldap_config
+      @ldap_config ||= YAML::load(ERB.new(IO.read(File.join(Rails.root, 'config', 'ldap.yml'))).result)[Rails.env].with_indifferent_access
+    end
+
+    def self.group_base
+      ldap_config[:group_base]
+    end
+
+    def self.treebase
+      ldap_config[:base]
+    end
+
+    def self.dn(code)
+      dn = "cn=#{code},#{group_base}"
+    end
+
+    def self.create_group(code, description, owner, users)
+      raise NoUsersError, "Unable to persist a group without users" unless users.present?
+      raise MissingOwnerError, "Unable to persist a group without owner" unless owner
+      attributes = {
+        :cn => code,
+        :objectclass => "groupofnames",
+        :description => description,
+        :member=>users.map {|u| "uid=#{u}"},
+        :owner=>"uid=#{owner}"
+      }
+      connection.add(:dn=>dn(code), :attributes=>attributes)
+    end
+
+    def self.delete_group(code)
+      Hydra::LDAP.connection.delete(:dn=>dn(code))
+    end
+
+    # same as
+    # ldapsearch -h ec2-107-20-53-121.compute-1.amazonaws.com -p 389 -x -b dc=example,dc=com -D "cn=admin,dc=example,dc=com" -W "(&(objectClass=groupofnames)(member=uid=vanessa))" cn
+    def self.groups_for_user(uid)
+      result = Hydra::LDAP.connection.search(:base=>group_base, :filter=> Net::LDAP::Filter.construct("(&(objectClass=groupofnames)(member=uid=#{uid}))"), :attributes=>['cn'])
+      result.map{|r| r[:cn].first}
+    end
+
+    def self.groups_owned_by_user(uid)
+      result = Hydra::LDAP.connection.search(:base=>group_base, :filter=> Net::LDAP::Filter.construct("(&(objectClass=groupofnames)(owner=uid=#{uid}))"), :attributes=>['cn'])
+      result.map{|r| r[:cn].first}
+    end
+    def self.title_of_group(group_code)
+      result = find_group(group_code)
+      result[:description].first
+    end
+
+    def self.users_for_group(group_code)
+      result = find_group(group_code)
+      result[:member].map { |v| v.sub(/^uid=/, '') }
+    end
+
+    def self.owner_for_group(group_code)
+      result = find_group(group_code)
+      result[:owner].first.sub(/^uid=/, '')
+    end
+
+    def self.add_users_to_group(group_code, users)
+      invalidate_cache(group_code)
+      ops = []
+      users.each do |u|
+        ops << [:add, :member, "uid=#{u}"]
+      end
+      connection.modify(:dn=>dn(group_code), :operations=>ops)
+    end
+
+    def self.remove_users_from_group(group_code, users)
+      invalidate_cache(group_code)
+      ops = []
+      users.each do |u|
+        ops << [:delete, :member, "uid=#{u}"]
+      end
+      connection.modify(:dn=>dn(group_code), :operations=>ops)
+    end
+
+    def self.invalidate_cache(group_code)
+      @cache ||= {}
+      @cache[group_code] = nil
+    end
+
+    def self.find_group(group_code)
+      @cache ||= {}
+      return @cache[group_code] if @cache[group_code]
+      result = Hydra::LDAP.connection.search(:base=>group_base, :filter=> Net::LDAP::Filter.construct("(&(objectClass=groupofnames)(cn=#{group_code}))"), :attributes=>['member', 'owner', 'description'])
+      val = {}
+      raise GroupNotFound, "Can't find group '#{group_code}' in ldap" unless result.first
+      result.first.each do |k, v|
+        val[k] = v
+      end
+      #puts "Val is: #{val}"
+      @cache[group_code] = val
+    end
+
+  end
+end

lib/hydra-ldap/version.rb

@@ -0,0 +1,5 @@
+module Hydra
+  module LDAP
+    VERSION = "0.0.1"
+  end
+end