lib/ditty/tasks/omniauth-ldap.rake
# frozen_string_literal: true
namespace :ditty do
namespace :ldap do
desc 'Check the LDAP settings'
task :check do
settings = ::Ditty::Services::Settings[:authentication][:ldap][:arguments].first
ldap = Net::LDAP.new host: settings[:host], port: settings[:port]
ldap.authenticate settings[:bind_dn], settings[:password] if settings[:bind_dn]
raise 'Could not bind to LDAP server' unless ldap.bind
puts 'LDAP Binding Successful'
end
desc 'Add the AD / LDAP Groups to Ditty as Roles'
task :populate_groups, [:filter] do |_task, args|
puts 'Adding AD / LDAP Groups to Ditty as Roles'
require 'ditty/services/settings'
require 'ditty/models/role'
settings = ::Ditty::Services::Settings[:authentication][:ldap][:arguments].first
ldap = Net::LDAP.new host: settings[:host], port: settings[:port]
ldap.authenticate settings[:bind_dn], settings[:password] if settings[:bind_dn]
if ldap.bind
group_filter = Net::LDAP::Filter.construct(settings[:group_filter]) unless settings[:group_filter].blank?
group_filter ||= Net::LDAP::Filter.eq('ObjectClass', 'Group')
if args[:filter]
search_filter = Net::LDAP::Filter.eq(*args[:filter].split(':', 2))
filter = Net::LDAP::Filter.join(group_filter, search_filter)
else
filter = group_filter
end
ldap.search(base: settings[:base], filter: filter).each do |group|
Ditty::Role.find_or_create(name: group.name) do |role|
puts "Adding #{role.name}"
end
end
else
puts 'Could not connect to LDAP Server'
end
end
end
end