Merge pull request 'Add custom LDAP attributes to schema' (#181) from feature/custom_ldap_attributes into master

Reviewed-on: #181
Reviewed-by: greg <greg@noreply.kosmos.org>

app/services/ldap_manager/fetch_avatar.rb

@@ -9,7 +9,7 @@ module LdapManager
       attributes = %w{ jpegPhoto }
       filter     = Net::LDAP::Filter.eq("cn", @cn)
 
-      entry = ldap_client.search(base: treebase, filter: filter, attributes: attributes).first
+      entry = client.search(base: treebase, filter: filter, attributes: attributes).first
       entry.try(:jpegPhoto) ? entry.jpegPhoto.first : nil
     end
   end

app/services/ldap_manager/fetch_user_by_nostr_key.rb

@@ -0,0 +1,18 @@
+module LdapManager
+  class FetchUserByNostrKey < LdapManagerService
+    def initialize(pubkey:)
+      @ou = Setting.primary_domain
+      @pubkey = pubkey
+    end
+
+    def call
+      treebase   = "ou=#{@ou},cn=users,#{ldap_suffix}"
+      attributes = %w{ cn }
+      filter     = Net::LDAP::Filter.eq("nostrKey", @pubkey)
+
+      entry = client.search(base: treebase, filter: filter, attributes: attributes).first
+
+      User.find_by cn: entry.cn, ou: @ou  unless entry.nil?
+    end
+  end
+end

app/services/ldap_manager/update_nostr_key.rb

@@ -0,0 +1,16 @@
+module LdapManager
+  class UpdateNostrKey < LdapManagerService
+    def initialize(dn:, pubkey:)
+      @dn = dn
+      @pubkey = pubkey
+    end
+
+    def call
+      if @pubkey.present?
+        replace_attribute @dn, :nostrKey, @pubkey
+      else
+        delete_attribute @dn, :nostrKey
+      end
+    end
+  end
+end

app/services/ldap_manager_service.rb

@@ -1,5 +1,2 @@
 class LdapManagerService < LdapService
-  def suffix
-    @suffix ||= ENV["LDAP_SUFFIX"] || "dc=kosmos,dc=org"
-  end
 end

app/services/ldap_service.rb

@@ -1,41 +1,47 @@
 class LdapService < ApplicationService
-  def initialize
-    @suffix = ENV["LDAP_SUFFIX"] || "dc=kosmos,dc=org"
+  def modify(dn, operations=[])
+    client.modify dn: dn, operations: operations
+    client.get_operation_result.code
   end
 
   def add_attribute(dn, attr, values)
-    ldap_client.add_attribute dn, attr, values
+    client.add_attribute dn, attr, values
+    client.get_operation_result.code
   end
 
   def replace_attribute(dn, attr, values)
-    ldap_client.replace_attribute dn, attr, values
+    client.replace_attribute dn, attr, values
+    client.get_operation_result.code
   end
 
   def delete_attribute(dn, attr)
-    ldap_client.delete_attribute dn, attr
+    client.delete_attribute dn, attr
+    client.get_operation_result.code
   end
 
   def add_entry(dn, attrs, interactive=false)
-    puts "Adding entry: #{dn}" if interactive
-    res = ldap_client.add dn: dn, attributes: attrs
-    puts res.inspect if interactive && !res
-    res
+    puts "Add entry: #{dn}" if interactive
+    client.add dn: dn, attributes: attrs
+    client.get_operation_result.code
   end
 
   def delete_entry(dn, interactive=false)
-    puts "Deleting entry: #{dn}" if interactive
-    res = ldap_client.delete dn: dn
-    puts res.inspect if interactive && !res
-    res
+    puts "Delete entry: #{dn}" if interactive
+    client.delete dn: dn
+    client.get_operation_result.code
   end
 
-  def delete_all_entries!
+  def delete_all_users!
+    delete_all_entries!(objectclass: "person")
+  end
+
+  def delete_all_entries!(objectclass: "*")
     if Rails.env.production?
       raise "Mass deletion of entries not allowed in production"
     end
 
-    filter  = Net::LDAP::Filter.eq("objectClass", "*")
-    entries = ldap_client.search(base: @suffix, filter: filter, attributes: %w{dn})
+    filter  = Net::LDAP::Filter.eq("objectClass", objectclass)
+    entries = client.search(base: ldap_suffix, filter: filter, attributes: %w{dn})
     entries.sort_by!{ |e| e.dn.length }.reverse!
 
     entries.each do |e|
@@ -45,18 +51,18 @@ class LdapService < ApplicationService
 
   def fetch_users(args={})
     if args[:ou]
-      treebase = "ou=#{args[:ou]},cn=users,#{@suffix}"
+      treebase = "ou=#{args[:ou]},cn=users,#{ldap_suffix}"
     else
       treebase = ldap_config["base"]
     end
 
     attributes = %w[
       dn cn uid mail displayName admin service
-      mailRoutingAddress mailpassword
+      mailRoutingAddress mailpassword nostrKey
     ]
     filter = Net::LDAP::Filter.eq("uid", args[:uid] || "*")
 
-    entries = ldap_client.search(base: treebase, filter: filter, attributes: attributes)
+    entries = client.search(base: treebase, filter: filter, attributes: attributes)
     entries.sort_by! { |e| e.cn[0] }
     entries = entries.collect do |e|
       {
@@ -64,9 +70,10 @@ class LdapService < ApplicationService
         mail: e.try(:mail) ? e.mail.first : nil,
         display_name: e.try(:displayName) ? e.displayName.first : nil,
         admin: e.try(:admin) ? 'admin' : nil,
-        service: e.try(:service),
+        services_enabled: e.try(:serviceEnabled),
         email_maildrop: e.try(:mailRoutingAddress),
-        email_password: e.try(:mailpassword)
+        email_password: e.try(:mailpassword),
+        nostr_key: e.try(:nostrKey) ? e.nostrKey.first : nil
       }
     end
   end
@@ -75,9 +82,9 @@ class LdapService < ApplicationService
     attributes = %w{dn ou description}
     filter     = Net::LDAP::Filter.eq("objectClass", "organizationalUnit")
     # filter     = Net::LDAP::Filter.eq("objectClass", "*")
-    treebase   = "cn=users,#{@suffix}"
+    treebase   = "cn=users,#{ldap_suffix}"
 
-    entries = ldap_client.search(base: treebase, filter: filter, attributes: attributes)
+    entries = client.search(base: treebase, filter: filter, attributes: attributes)
 
     entries.sort_by! { |e| e.ou[0] }
 
@@ -91,10 +98,10 @@ class LdapService < ApplicationService
   end
 
   def add_organization(ou, description, interactive=false)
-    dn = "ou=#{ou},cn=users,#{@suffix}"
+    dn = "ou=#{ou},cn=users,#{ldap_suffix}"
 
     aci = <<-EOS
-(target="ldap:///cn=*,ou=#{ou},cn=users,#{@suffix}")(targetattr="cn || sn || uid || mail || userPassword || nsRole || objectClass") (version 3.0; acl "service-#{ou.gsub(".", "-")}-read-search"; allow (read,search) userdn="ldap:///uid=service,ou=#{ou},cn=applications,#{@suffix}";)
+(target="ldap:///cn=*,ou=#{ou},cn=users,#{ldap_suffix}")(targetattr="cn || sn || uid || mail || userPassword || nsRole || objectClass") (version 3.0; acl "service-#{ou.gsub(".", "-")}-read-search"; allow (read,search) userdn="ldap:///uid=service,ou=#{ou},cn=applications,#{ldap_suffix}";)
     EOS
 
     attrs = {
@@ -115,22 +122,22 @@ class LdapService < ApplicationService
     delete_all_entries!
 
     user_read_aci = <<-EOS
-(target="ldap:///#{@suffix}")(targetattr="*") (version 3.0; acl "user-read-search-own-attributes"; allow (read,search) userdn="ldap:///self";)
+(target="ldap:///#{ldap_suffix}")(targetattr="*") (version 3.0; acl "user-read-search-own-attributes"; allow (read,search) userdn="ldap:///self";)
     EOS
 
-    add_entry @suffix, {
+    add_entry ldap_suffix, {
       dc: "kosmos", objectClass: ["top", "domain"], aci: user_read_aci
     }, true
 
-    add_entry "cn=users,#{@suffix}", {
+    add_entry "cn=users,#{ldap_suffix}", {
        cn: "users", objectClass: ["top", "organizationalRole"]
     }, true
   end
 
   private
 
-  def ldap_client
-    ldap_client ||= Net::LDAP.new host: ldap_config['host'],
+  def client
+    client ||= Net::LDAP.new host: ldap_config['host'],
       port: ldap_config['port'],
       # TODO has to be :simple_tls if TLS is enabled
       # encryption: ldap_config['ssl'],
@@ -144,4 +151,8 @@ class LdapService < ApplicationService
   def ldap_config
     ldap_config ||= YAML.load(ERB.new(File.read("#{Rails.root}/config/ldap.yml")).result)[Rails.env]
   end
+
+  def ldap_suffix
+    @ldap_suffix ||= ENV["LDAP_SUFFIX"] || "dc=kosmos,dc=org"
+  end
 end