class Jamf::LdapServer

An LDAP server in the JSS.

This class doesn’t curretly provide creation or updaing of LDAP server definitions in the JSS. Please use the JSS web UI.

However, it does provide methods for querying users and usergroups from LDAP servers, and checking group membership.

The class methods {LdapServer.user_in_ldap?} and {LdapServer.group_in_ldap?} can be used to check all defined LDAP servers for a user or group. They are used by {Jamf::Scopable::Scope} when adding user and groups to scope limitations and exceptions.

Within an LdapServer instance, the methods {#find_user} and {#find_group} will return all matches in the server for a given search term.

@see Jamf::APIObject

Constants

AUTH_TYPES

possible authentication types

DEFAULT_PORT

the default LDAP port

OBJECT_CLASS_MAPPING_OPTIONS

possible objectclass mapping options

OBJECT_HISTORY_OBJECT_TYPE

the object type for this object in the object history table. See {APIObject#add_object_history_entry}

REFERRAL_RESPONSES

possible referral responses

RSRC_BASE

The base for REST resources of this class

RSRC_LIST_KEY

the hash key used for the JSON list output of all objects in the JSS

RSRC_OBJECT_KEY

The hash key used for the JSON object output. It’s also used in various error messages

SEARCH_SCOPES

possible values for search scope

Attributes

authentication_type[R]

@return [String] what authentication method should be used?

hostanme[R]

@return [String] the hostname of the server

lookup_dn[R]

@return [String] the Distinguished Name of the account used for connections/lookups?

lookup_pw_sha256[R]

@return [String] the password for the connection/lookup account, as a SHA256 digest.

open_close_timeout[R]

@return [Integer] timeout, in seconds, for opening LDAP connections

port[R]

@return [Integer] the port for ldap

referral_response[R]

@return [String] the referral response from the server

search_timeout[R]

@return [Integer] timeout, in seconds, for search queries

use_ssl[R]

@return [Boolean] should the connection use ssl?

use_wildcards[R]

@return [Boolean] should searches use wildcards?

user_group_mappings[R]

@return [Hash<Symbol=>String>]

The LDAP attributes mapped to various user group data

The hash keys are:

  • :search_base =>

  • :search_scope =>

  • :object_classes =>

  • :map_object_class_to_any_or_all =>

  • :map_group_id =>

  • :map_group_name =>

  • :map_group_uuid =>

user_group_membership_mappings[R]

@return [Hash<Symbol=>String>]

The LDAP attributes used to identify a user as a member of a group

The hash keys are:

  • :user_group_membership_stored_in =>

  • :map_user_membership_use_dn =>

  • :map_group_membership_to_user_field =>

  • :group_id =>

  • :map_object_class_to_any_or_all =>

  • :append_to_username =>

  • :username =>

  • :object_classes =>

  • :use_dn =>

  • :search_base =>

  • :recursive_lookups =>

  • :search_scope =>

  • :map_user_membership_to_group_field =>

user_mappings[R]

@return [Hash<Symbol=>String>]

The LDAP attributes mapped to various user data

The hash keys are:

  • :search_base =>

  • :search_scope =>

  • :object_classes =>

  • :map_object_class_to_any_or_all =>

  • :map_username =>

  • :map_user_id =>

  • :map_department =>

  • :map_building =>

  • :map_room =>

  • :map_realname =>

  • :map_phone =>

  • :map_email_address =>

  • :map_position =>

  • :map_user_uuid =>

  • :append_to_email_results =>

Public Class Methods

check_membership(ldap_server, user, group, api: nil, cnx: Jamf.cnx) click to toggle source

On a given server, does a given group contain a given user?

This class method allows the check to happen without instanting the LdapServer.

@param server[String, Integer] The name or id of the LDAP server to use

@param user the username to check for memebership in the group

@param group the group name to see if the user is a member

@param cnx [Jamf::Connection] the API connection to use for the search

@return [Boolean] is the user a member of the group?

    # File lib/jamf/api/classic/api_objects/ldap_server.rb
169 def self.check_membership(ldap_server, user, group, api: nil, cnx: Jamf.cnx)
170   cnx = api if api
171 
172   ldap_server_id = valid_id ldap_server, cnx: cnx
173   raise Jamf::NoSuchItemError, "No LdapServer matching #{ldap_server}" unless ldap_server_id
174 
175   rsrc = "#{RSRC_BASE}/id/#{ldap_server_id}/group/#{CGI.escape group.to_s}/user/#{CGI.escape user.to_s}"
176   member_check = cnx.c_get rsrc
177 
178   !member_check[:ldap_users].empty?
179 end
group_in_ldap?(group, api: nil, cnx: Jamf.cnx) click to toggle source

For Backward Compatibility,

@param user a group name to search for in all LDAP servers

@param cnx [Jamf::Connection] the API connection to use for the search

@return [Boolean] Does the group exist in any LDAP server?

    # File lib/jamf/api/classic/api_objects/ldap_server.rb
148 def self.group_in_ldap?(group, api: nil, cnx: Jamf.cnx)
149   cnx = api if api
150 
151   server_for_group(group, cnx: cnx) ? true : false
152 end
new(**args) click to toggle source

See Jamf::APIObject#initialize

Calls superclass method Jamf::APIObject::new
    # File lib/jamf/api/classic/api_objects/ldap_server.rb
282 def initialize(**args)
283   super
284 
285   @hostname = @init_data[:connection][:hostname]
286   @port = @init_data[:connection][:port]
287   @use_ssl = @init_data[:connection][:use_ssl]
288   @authentication_type = AUTH_TYPES[@init_data[:connection][:authentication_type]]
289   @open_close_timeout = @init_data[:connection][:open_close_timeout]
290   @search_timeout = @init_data[:connection][:search_timeout]
291   @referral_response = @init_data[:connection][:referral_response]
292   @use_wildcards = @init_data[:connection][:use_wildcards]
293 
294   @lookup_dn = @init_data[:connection][:account][:distinguished_username]
295   @lookup_pw_sha256 = @init_data[:connection][:account][:password_sha256]
296 
297   @user_mappings = @init_data[:mappings_for_users][:user_mappings]
298   @user_group_mappings = @init_data[:mappings_for_users][:user_group_mappings]
299   @user_group_membership_mappings = @init_data[:mappings_for_users][:user_group_membership_mappings]
300 
301   @connection = nil
302   @connected = false
303 end
server_for_group(group, api: nil, cnx: Jamf.cnx) click to toggle source

Does a group exist in any ldap server?

@param group a group to search for in all LDAP servers

@param cnx [Jamf::Connection] the API connection to use for the search

@return [Integer, nil] the id of the first LDAP server with the group,

nil if not found
    # File lib/jamf/api/classic/api_objects/ldap_server.rb
129 def self.server_for_group(group, api: nil, cnx: Jamf.cnx)
130   cnx = api if api
131 
132   all_objects(:refresh, cnx: cnx).each do |ldap|
133     next if ldap.find_group(group, :exact).empty?
134 
135     return ldap.id
136   end
137   nil
138 end
server_for_user(user, api: nil, cnx: Jamf.cnx) click to toggle source

@return [Integer, nil] the id of the first LDAP server with the user,

nil if not found
    # File lib/jamf/api/classic/api_objects/ldap_server.rb
 95 def self.server_for_user(user, api: nil, cnx: Jamf.cnx)
 96   cnx = api if api
 97 
 98   all_objects(:refresh, cnx: cnx).each do |ldap|
 99     next if ldap.find_user(user, :exact).empty?
100 
101     return ldap.id
102   end
103   nil
104 end
user_in_ldap?(user, api: nil, cnx: Jamf.cnx) click to toggle source

For Backward Compatibility,

@param user a username to search for in all LDAP servers

@param cnx [Jamf::Connection] the API connection to use for the search

@return [Boolean] Does the user exist in any LDAP server?

    # File lib/jamf/api/classic/api_objects/ldap_server.rb
114 def self.user_in_ldap?(user, api: nil, cnx: Jamf.cnx)
115   cnx = api if api
116 
117   server_for_user(user, cnx: cnx) ? true : false
118 end

Public Instance Methods

check_membership(user, group) click to toggle source

@param user the username to check for memebership in the group

@param group the group name to see if the user is a member

@return [Boolean, nil] is the user a member? Nil if unable to check

    # File lib/jamf/api/classic/api_objects/ldap_server.rb
342 def check_membership(user, group)
343   raise Jamf::NoSuchItemError, 'LdapServer not yet saved in the JSS' unless @in_jss
344 
345   self.class.check_membership @id, user, group, cnx: @cnx
346 end
find_group(group, exact = false) click to toggle source

@param group the group name to search for

@param exact if true, force an exact match, otherwuse use wildcards

@return [Array<Hash>] The groupname and uid for all groups matching the query

    # File lib/jamf/api/classic/api_objects/ldap_server.rb
329 def find_group(group, exact = false)
330   raise Jamf::NoSuchItemError, 'LdapServer not yet saved in the JSS' unless @in_jss
331 
332   raw = cnx.c_get("#{RSRC_BASE}/id/#{@id}/group/#{CGI.escape group.to_s}")[:ldap_groups]
333   exact ? raw.select { |u| u[:groupname] == group } : raw
334 end
find_user(user, exact = false) click to toggle source

Search for a user in this ldap server

@param user the username to search for

@param exact if true, force an exact match, otherwise use wildcards

@return [Array<Hash>] The mapped LDAP data for all usernames matching the query

    # File lib/jamf/api/classic/api_objects/ldap_server.rb
316 def find_user(user, exact = false)
317   raise Jamf::NoSuchItemError, 'LdapServer not yet saved in the JSS' unless @in_jss
318 
319   raw = cnx.c_get("#{RSRC_BASE}/id/#{@id}/user/#{CGI.escape user.to_s}")[:ldap_users]
320   exact ? raw.select { |u| u[:username] == user } : raw
321 end