| Class | RADUM::UNIXGroup |
| In: |
lib/radum/group.rb
|
| Parent: | Group |
| gid | [R] | The UNIXGroup UNIX GID. This corresponds to the LDAP gidNumber attribute. |
Create a new UNIXGroup object that represents a UNIX group in Active Directory. A UNIX group is a Windows group that also has UNIX attributes. This method takes a Hash containing arguments, some of which are required and others optional. The supported arguments follow:
The :name argument (case-insensitive) and the :rid argument must be unique in the AD object, otherwise a RuntimeError is raised. The :type argument must be one of the RADUM group type constants. The :rid argument should not be set directly except from the AD#load method itself. The UNIXGroup object automatically adds itself to the Container object specified by the :container argument. The :gid argument specifies the UNIX GID value of the UNIXGroup. The :gid value must be unique in the AD object or a RuntimeError is raised (this is an Active Directory restriction - in UNIX it is fine). The :nis_domain defaults to "radum". The use of an NIS domain is not strictly required as one could simply set the right attributes in Active Directory and use LDAP on clients to access that data, but specifying an NIS domain allows for easy editing of UNIX attributes using the GUI tools in Windows, thus the use of a default value.
Be careful with the :gid argument. RADUM only checks in the AD object that the :container belongs to, which is the AD object the UNIXGroup belongs to as well. This does not include any GIDs for other objects in Active Directory. Creating a UNIXGroup with a duplicate GID will actually succeed when attempted in LDAP, but the GUI tools in Windows complain. If you need a new GID value, use AD#load_next_gid to get one as it does check all GIDs (those RADUM knows about and those in Active Directory). Creating a UNIXGroup object can‘t fail if the GID only exists in Active Directory because AD#load must be able to create UNIXGroup objects that already exist in Active Directory.
# File lib/radum/group.rb, line 352
352: def initialize(args = {})
353: super args
354: @gid = args[:gid] or raise "UNIXGroup :gid argument required."
355:
356: # The GID must be unique. This is an Active Directory restriction.
357: if @container.directory.gids.include?(@gid)
358: raise "GID #{gid} is already in use in the directory."
359: end
360:
361: @nis_domain = args[:nis_domain] || "radum"
362: @unix_password = "*"
363: @container.add_group self
364: end
Set the UNIXGroup UNIX NIS domain. This corresponds to the LDAP msSFU30NisDomain attribute. This needs to be set even if NIS services are not being used. This defaults to "radum" when a UNIXGroup is created using UNIXGroup.new, but it is set to the correct value when the UNIXGroup is loaded by AD#load from the AD object the Container belongs to.
# File lib/radum/group.rb, line 423
423: def nis_domain=(nis_domain)
424: @nis_domain = nis_domain
425: @modified = true
426: end
Remove the User or UNIXUser membership in the UNIXGroup. This automatically removes the UNIXGroup from the User or UNIXUser object‘s list of groups. This method returns a RuntimeError if the user has this UNIXGroup as their UNIX main group unless this group is also the User or UNIXUser object‘s primary Windows group as well (due to implicit membership handling, but nothing happens in that case with respect to UNIX membership). UNIXGroup membership cannot be removed for the UNIXUser object‘s UNIX main group because RADUM enforces Windows group membership in the UNIX main group, unless the group is also the UNIXUser object‘s primary Windows group too.
# File lib/radum/group.rb, line 380
380: def remove_user(user)
381: if !user.removed? && user.instance_of?(UNIXUser) &&
382: self == user.unix_main_group && self != user.primary_group
383: raise "A UNIXUser cannot be removed from their unix_main_group."
384: end
385:
386: # Removing a user from its unix_main_group is a special case due to
387: # the complicated logic. When called from Container#remove_user the
388: # user's removed flag is set to true when a removal from the user's
389: # unix_main_group is attempted. This catches that special case and
390: # does the right thing. This is needed because of all my checks for
391: # not working with removed objects.
392: if user.removed? && user.instance_of?(UNIXUser) &&
393: self == user.unix_main_group
394: @users.delete user
395:
396: # The UNIXUser is not a Windows member of their UNIX main group
397: # directly if it is also their primary Windows group.
398: if self != user.primary_group
399: @removed_users.push user unless @removed_users.include?(user)
400: end
401:
402: user.remove_group self if user.groups.include?(self)
403: @modified = true
404: else
405: super user
406: end
407: end
Set the UNIXGroup UNIX password field. This can be a crypt or MD5 value (or whatever your system supports potentially - Windows works with crypt and MD5 in Microsoft Identity Management for UNIX). This corresponds to the LDAP unixUserPassword attribute. The unix_password value defaults to "*" when a UNIXGroup is created using UNIXGroup.new, but it is set to the correct value when the UNIXGroup is loaded by AD#load from the AD object the Container belongs to.
# File lib/radum/group.rb, line 444
444: def unix_password=(unix_password)
445: @unix_password = unix_password
446: @modified = true
447: end