class Blueauth

Constants

BGBASE
BPBASE
BPHOSTS
NEW_CERT: The root signer certificate (Equifax) in the current certificate chain will also expire on August 22, 2018. knowledge.geotrust.com/support/knowledge-base/index?page=content&id=INFO4668
OLD_CERT: Having only the root signer certificate (DigiCert Global Root G2) in the TLS client truststore is sufficient. w3-connections.ibm.com/wikis/home?lang=en-us#!/wiki/W1f849f7604cc_43a5_a6d9_2ad1fcbc532e/page/Digital%20Certificate%20FAQs knowledge.geotrust.com/support/knowledge-base/index?page=content&id=INFO1421#lightbox-06
VERSION

Public Class Methods

new() click to toggle source

# File lib/blueauth.rb, line 16
def initialize

  cert_store = OpenSSL::X509::Store.new
  cert_store.add_cert OpenSSL::X509::Certificate.new(NEW_CERT)
  cert_store.add_cert OpenSSL::X509::Certificate.new(OLD_CERT)

  @ldap = Net::LDAP.new hosts: BPHOSTS, connect_timeout: 15, encryption: {
    method: :simple_tls,
    tls_options: {
      ssl_version: :TLSv1_2,
      verify_mode: OpenSSL::SSL::VERIFY_PEER,
      cert_store: cert_store
    }
  }
end

Public Instance Methods

authenticate(id, password) click to toggle source

using this method a user can be authenticated Intraned ID, password are mandatory

# File lib/blueauth.rb, line 34
def authenticate(id, password)
  user = search id.strip
  unless user.nil?
    @ldap.auth user[:dn], password.strip
    begin
      auth = @ldap.bind
    rescue => e
      raise BlueError, "BluePages Bind issue -> #{e.message}"
    end
    if auth
      groups = bluegroups user[:dn]
      return user.merge({groups: groups})
    else
      return nil
    end
  end
end

bluegroups(dn) click to toggle source

# File lib/blueauth.rb, line 98
def bluegroups(dn)
  result = []
  filter = Net::LDAP::Filter.eq('uniquemember', dn)
  begin
    bgres = @ldap.search(base: BGBASE, filter: filter, attributes: ['cn'])
    bgres.each {|g| result << g.cn.first}
  rescue => e
    raise BlueError, "BlueGroup Search issue -> #{e.message}"
  end
  return result
end

search(id) click to toggle source

Tries to find the given user id in Enterprise Directory and the result will be an LDAP object user id can be

- Intranet ID (must contain '@' sign)
- Notes ID (must contain '/' sign)
- Common name (none of the previous two)

return object contains :name, :country, :intranetid, :dn

# File lib/blueauth.rb, line 59
def search(id)
  if id.include? '@'
    searchfield = 'mail'
  elsif id.include? '/'
    searchfield = 'notesid'
    email_parts = id.split('/')
    id = ''
    c = 1
    email_parts.each do |part|
      id =
        case c
          when 1
            'CN='+part
          when email_parts.count
            id + '/O='+part
          else
            id + '/OU='+part
        end
      c += 1
    end
  else
    searchfield = 'cn'
  end
  filter = Net::LDAP::Filter.eq(searchfield, id) & Net::LDAP::Filter.eq('objectclass', "ibmPerson")
  begin
    user_array = @ldap.search(base: BPBASE, filter: filter, size: 1)
  rescue => e
    raise BlueError, "BluePages Search issue -> #{e.message}"
  end

  if user_array.count == 0
    result = nil
  else
    user = user_array.first
    result = {name: user.cn.first, callupname: user&.callupname&.first || '', country: user.co.first, intranetid: user.preferredidentity.first, dn: user.dn}
  end
  return result
end