class Jamf::LdapServer
An LDAP server in the JSS
.
This class doesn’t curretly provide creation or updaing of LDAP server definitions in the JSS
. Please use the JSS
web UI.
However, it does provide methods for querying users and usergroups from LDAP servers, and checking group membership.
The class methods {LdapServer.user_in_ldap?} and {LdapServer.group_in_ldap?} can be used to check all defined LDAP servers for a user or group. They are used by {Jamf::Scopable::Scope} when adding user and groups to scope limitations and exceptions.
Within an LdapServer
instance, the methods {#find_user} and {#find_group} will return all matches in the server for a given search term.
@see Jamf::APIObject
Constants
- AUTH_TYPES
possible authentication types
- DEFAULT_PORT
the default LDAP port
- OBJECT_CLASS_MAPPING_OPTIONS
possible objectclass mapping options
- OBJECT_HISTORY_OBJECT_TYPE
the object type for this object in the object history table. See {APIObject#add_object_history_entry}
- REFERRAL_RESPONSES
possible referral responses
- RSRC_BASE
The base for REST resources of this class
- RSRC_LIST_KEY
the hash key used for the JSON list output of all objects in the
JSS
- RSRC_OBJECT_KEY
The hash key used for the JSON object output. It’s also used in various error messages
- SEARCH_SCOPES
possible values for search scope
Attributes
@return [String] what authentication method should be used?
@return [String] the hostname of the server
@return [String] the Distinguished Name of the account used for connections/lookups?
@return [String] the password for the connection/lookup account, as a SHA256 digest.
@return [Integer] timeout, in seconds, for opening LDAP connections
@return [Integer] the port for ldap
@return [String] the referral response from the server
@return [Integer] timeout, in seconds, for search queries
@return [Boolean] should the connection use ssl?
@return [Boolean] should searches use wildcards?
@return [Hash<Symbol=>String>]
The LDAP attributes mapped to various user group data
The hash keys are:
-
:search_base =>
-
:search_scope =>
-
:object_classes =>
-
:map_object_class_to_any_or_all =>
-
:map_group_id =>
-
:map_group_name =>
-
:map_group_uuid =>
@return [Hash<Symbol=>String>]
The LDAP attributes used to identify a user as a member of a group
The hash keys are:
-
:user_group_membership_stored_in =>
-
:map_user_membership_use_dn =>
-
:map_group_membership_to_user_field =>
-
:group_id =>
-
:map_object_class_to_any_or_all =>
-
:append_to_username =>
-
:username =>
-
:object_classes =>
-
:use_dn =>
-
:search_base =>
-
:recursive_lookups =>
-
:search_scope =>
-
:map_user_membership_to_group_field =>
@return [Hash<Symbol=>String>]
The LDAP attributes mapped to various user data
The hash keys are:
-
:search_base =>
-
:search_scope =>
-
:object_classes =>
-
:map_object_class_to_any_or_all =>
-
:map_username =>
-
:map_user_id =>
-
:map_department =>
-
:map_building =>
-
:map_room =>
-
:map_realname =>
-
:map_phone =>
-
:map_email_address =>
-
:map_position =>
-
:map_user_uuid =>
-
:append_to_email_results =>
Public Class Methods
On a given server, does a given group contain a given user?
This class method allows the check to happen without instanting the LdapServer
.
@param server[String, Integer] The name or id of the LDAP server to use
@param user the username to check for memebership in the group
@param group the group name to see if the user is a member
@param cnx [Jamf::Connection] the API connection to use for the search
@return [Boolean] is the user a member of the group?
# File lib/jamf/api/classic/api_objects/ldap_server.rb 169 def self.check_membership(ldap_server, user, group, api: nil, cnx: Jamf.cnx) 170 cnx = api if api 171 172 ldap_server_id = valid_id ldap_server, cnx: cnx 173 raise Jamf::NoSuchItemError, "No LdapServer matching #{ldap_server}" unless ldap_server_id 174 175 rsrc = "#{RSRC_BASE}/id/#{ldap_server_id}/group/#{CGI.escape group.to_s}/user/#{CGI.escape user.to_s}" 176 member_check = cnx.c_get rsrc 177 178 !member_check[:ldap_users].empty? 179 end
For Backward Compatibility,
@param user a group name to search for in all LDAP servers
@param cnx [Jamf::Connection] the API connection to use for the search
@return [Boolean] Does the group exist in any LDAP server?
# File lib/jamf/api/classic/api_objects/ldap_server.rb 148 def self.group_in_ldap?(group, api: nil, cnx: Jamf.cnx) 149 cnx = api if api 150 151 server_for_group(group, cnx: cnx) ? true : false 152 end
See Jamf::APIObject#initialize
Jamf::APIObject::new
# File lib/jamf/api/classic/api_objects/ldap_server.rb 282 def initialize(**args) 283 super 284 285 @hostname = @init_data[:connection][:hostname] 286 @port = @init_data[:connection][:port] 287 @use_ssl = @init_data[:connection][:use_ssl] 288 @authentication_type = AUTH_TYPES[@init_data[:connection][:authentication_type]] 289 @open_close_timeout = @init_data[:connection][:open_close_timeout] 290 @search_timeout = @init_data[:connection][:search_timeout] 291 @referral_response = @init_data[:connection][:referral_response] 292 @use_wildcards = @init_data[:connection][:use_wildcards] 293 294 @lookup_dn = @init_data[:connection][:account][:distinguished_username] 295 @lookup_pw_sha256 = @init_data[:connection][:account][:password_sha256] 296 297 @user_mappings = @init_data[:mappings_for_users][:user_mappings] 298 @user_group_mappings = @init_data[:mappings_for_users][:user_group_mappings] 299 @user_group_membership_mappings = @init_data[:mappings_for_users][:user_group_membership_mappings] 300 301 @connection = nil 302 @connected = false 303 end
Does a group exist in any ldap server?
@param group a group to search for in all LDAP servers
@param cnx [Jamf::Connection] the API connection to use for the search
@return [Integer, nil] the id of the first LDAP server with the group,
nil if not found
# File lib/jamf/api/classic/api_objects/ldap_server.rb 129 def self.server_for_group(group, api: nil, cnx: Jamf.cnx) 130 cnx = api if api 131 132 all_objects(:refresh, cnx: cnx).each do |ldap| 133 next if ldap.find_group(group, :exact).empty? 134 135 return ldap.id 136 end 137 nil 138 end
@return [Integer, nil] the id of the first LDAP server with the user,
nil if not found
# File lib/jamf/api/classic/api_objects/ldap_server.rb 95 def self.server_for_user(user, api: nil, cnx: Jamf.cnx) 96 cnx = api if api 97 98 all_objects(:refresh, cnx: cnx).each do |ldap| 99 next if ldap.find_user(user, :exact).empty? 100 101 return ldap.id 102 end 103 nil 104 end
For Backward Compatibility,
@param user a username to search for in all LDAP servers
@param cnx [Jamf::Connection] the API connection to use for the search
@return [Boolean] Does the user exist in any LDAP server?
# File lib/jamf/api/classic/api_objects/ldap_server.rb 114 def self.user_in_ldap?(user, api: nil, cnx: Jamf.cnx) 115 cnx = api if api 116 117 server_for_user(user, cnx: cnx) ? true : false 118 end
Public Instance Methods
@param user the username to check for memebership in the group
@param group the group name to see if the user is a member
@return [Boolean, nil] is the user a member? Nil if unable to check
# File lib/jamf/api/classic/api_objects/ldap_server.rb 342 def check_membership(user, group) 343 raise Jamf::NoSuchItemError, 'LdapServer not yet saved in the JSS' unless @in_jss 344 345 self.class.check_membership @id, user, group, cnx: @cnx 346 end
@param group the group name to search for
@param exact if true, force an exact match, otherwuse use wildcards
@return [Array<Hash>] The groupname and uid for all groups matching the query
# File lib/jamf/api/classic/api_objects/ldap_server.rb 329 def find_group(group, exact = false) 330 raise Jamf::NoSuchItemError, 'LdapServer not yet saved in the JSS' unless @in_jss 331 332 raw = cnx.c_get("#{RSRC_BASE}/id/#{@id}/group/#{CGI.escape group.to_s}")[:ldap_groups] 333 exact ? raw.select { |u| u[:groupname] == group } : raw 334 end
Search for a user in this ldap server
@param user the username to search for
@param exact if true, force an exact match, otherwise use wildcards
@return [Array<Hash>] The mapped LDAP data for all usernames matching the query
# File lib/jamf/api/classic/api_objects/ldap_server.rb 316 def find_user(user, exact = false) 317 raise Jamf::NoSuchItemError, 'LdapServer not yet saved in the JSS' unless @in_jss 318 319 raw = cnx.c_get("#{RSRC_BASE}/id/#{@id}/user/#{CGI.escape user.to_s}")[:ldap_users] 320 exact ? raw.select { |u| u[:username] == user } : raw 321 end