| Class | RADUM::UNIXUser |
| In: |
lib/radum/user.rb
|
| Parent: | User |
| gid | [R] | The UNIXUser UNIX GID. This corresponds to the LDAP gidNumber attribute. This is set by setting the UNIXUser unix_main_group attribute with the UNIXUser.unix_main_group= method. |
| uid | [R] | The UNIXUser UNIX UID. This corresponds to the LDAP uidNumber attribute. |
Create a new UNIXUser object that represents a UNIX user in Active Directory. A UNIX user is a Windows user that also has UNIX attributes. This method takes a Hash containing arguments, some of which are required and others optional. The supported arguments follow:
The :username argument (case-insensitive) and the :rid argument must be unique in the AD object, otherwise a RuntimeError is raised. The :primary_group argument must be of the RADUM type GROUP_GLOBAL_SECURITY or GROUP_UNIVERSAL_SECURITY and not a removed group, otherwise a RuntimeError is raised. The :disabled argument indicates if the UNIXUser object should be disabled, and it defaults to false. The :rid argument should not be set directly except from the AD#load method itself. The :unix_main_group argument must be a UNIXGroup object and not removed or a RuntimeError is raised. The :uid argument must be unique in the AD object or a RuntimeError is raised (this is an Active Directory restriction - in UNIX it is fine). The UNIXUser object automatically adds itself to the Container object specified by the :container argument. The :nis_domain defaults to "radum". The use of an NIS domain is not strictly required as one could simply set the right attributes in Active Directory and use LDAP on clients to access that data, but specifying an NIS domain allows for easy editing of UNIX attributes using the GUI tools in Windows, thus the use of a default value.
Be careful with the :uid argument. RADUM only checks in the AD object that the :container belongs to, which is the AD object the UNIXUser belongs to as well. This does not include any UIDs for other objects in Active Directory. Creating a UNIXUser with a duplicate UID will actually succeed when attempted in LDAP, but the GUI tools in Windows complain. If you need a new UID value, use AD#load_next_uid to get one as it does check all UIDs (those RADUM knows about and those in Active Directory). Creating a UNIXUser object can‘t fail if the UID only exists in Active Directory because AD#load must be able to create UNIXUser objects that already exist in Active Directory.
See the documentation for each attribute method for what the default values of each attribute is based on calling this method.
# File lib/radum/user.rb, line 722
722: def initialize(args = {})
723: super args
724: @uid = args[:uid] or raise "UNIXUser :uid attribute required."
725:
726: # The UID must be unique. This is an Active Directory restriction.
727: if @container.directory.uids.include?(@uid)
728: raise "UID #{uid} is already in use in the directory."
729: end
730:
731: @unix_main_group = args[:unix_main_group] or raise "UNIXUser" +
732: " :unix_main_group" +
733: " argument required."
734:
735: if @container.directory == @unix_main_group.container.directory
736: if @unix_main_group.removed?
737: raise "UNIXUser unix_main_group cannot be a removed UNIXGroup."
738: end
739:
740: unless @unix_main_group.instance_of?(UNIXGroup)
741: raise "UNIXUser unix_main_group must be a UNIXGroup."
742: else
743: @gid = @unix_main_group.gid
744: # The UNIXUser is already a member of their primary Windows group
745: # implicitly.
746: add_group @unix_main_group unless @unix_main_group == @primary_group
747: end
748: else
749: raise "UNIXUser unix_main_group must be in the same directory."
750: end
751:
752: @shell = args[:shell] or raise "UNIXUser :shell argument required."
753: @home_directory = args[:home_directory] or raise "UNIXUser" +
754: " :home_directory" +
755: " argument required."
756: @nis_domain = args[:nis_domain] || "radum"
757: @gecos = @username
758: @unix_password = "*"
759: @shadow_expire = nil
760: @shadow_flag = nil
761: @shadow_inactive = nil
762: @shadow_last_change = nil
763: @shadow_max = nil
764: @shadow_min = nil
765: @shadow_warning = nil
766: @container.add_user self
767: end
Set the UNIXUser UNIX GECOS field. This corresponds to the LDAP gecos attribute. This defaults to username when a UNIXUser is created using UNIXUser.new, but it is set to the correct value when the UNIXUser is loaded by AD#load from the AD object the Container belongs to.
# File lib/radum/user.rb, line 833
833: def gecos=(gecos)
834: @gecos = gecos
835: @modified = true
836: end
Set the UNIXUser UNIX home directory. This corresponds to the LDAP unixHomeDirectory attribute.
# File lib/radum/user.rb, line 796
796: def home_directory=(home_directory)
797: @home_directory = home_directory
798: @modified = true
799: end
Set the UNIXUser UNIX NIS domain. This corresponds to the LDAP msSFU30NisDomain attribute. This needs to be set even if NIS services are not being used. This defaults to "radum" when a UNIXUser is created using UNIXUser.new, but it is set to the correct value when the UNIXUser is loaded by AD#load from the AD object the Container belongs to.
# File lib/radum/user.rb, line 815
815: def nis_domain=(nis_domain)
816: @nis_domain = nis_domain
817: @modified = true
818: end
Remove the UNIXUser membership in the Group or UNIXGroup. This automatically removes the UNIXUser from the Group or UNIXGroup object‘s list of users. This method returns a RuntimeError if the group is a UNIXGroup and the UNIXUser object‘s UNIX main group unless it is also the User UNIXUser object‘s primary Windows group as well (due to implicit membership handling, but nothing happens in that case with respect to UNIX membership). UNIXGroup membership cannot be removed for the UNIXUser object‘s UNIX main group because RADUM enforces Windows group membership in the UNIX main group, unless the group is also the UNIXUser object‘s primary Windows group. In that case UNIX group membership is kept because a UNIXUser is implicitly a member of their primary Windows group anyway.
# File lib/radum/user.rb, line 1035
1035: def remove_group(group)
1036: if !@removed && group.instance_of?(UNIXGroup) &&
1037: group == @unix_main_group && group != @primary_group
1038: raise "A UNIXUser cannot be removed from their unix_main_group."
1039: end
1040:
1041: super group
1042: end
Set the UNIXUser UNIX shadow file expire field. This is the 8th field of the /etc/shadow file. This defaults to nil when a UNIXUser is created using UNIXUser.new, but it is set to the correct value when the UNIXUser is loaded by AD#load from the AD object the Container belongs to. This only needs to be set if the shadow file information is really needed. It would not be needed most of the time. This corresponds to the LDAP shadowExpire attribute.
# File lib/radum/user.rb, line 882
882: def shadow_expire=(shadow_expire)
883: @shadow_expire = shadow_expire
884: @modified = true
885: end
Set the UNIXUser UNIX shadow file reserved field. This is the 9th field of the /etc/shadow file. This defaults to nil when a UNIXUser is created using UNIXUser.new, but it is set to the correct value when the UNIXUser is loaded by AD#load from the AD object the Container belongs to. This only needs to be set if the shadow file information is really needed. It would not be needed most of the time. This corresponds to the LDAP shadowFlag attribute.
# File lib/radum/user.rb, line 904
904: def shadow_flag=(shadow_flag)
905: @shadow_flag = shadow_flag
906: @modified = true
907: end
Set the UNIXUser UNIX shadow file inactive field. This is the 7th field of the /etc/shadow file. This defaults to nil when a UNIXUser is created using UNIXUser.new, but it is set to the correct value when the UNIXUser is loaded by AD#load from the AD object the Container belongs to. This only needs to be set if the shadow file information is really needed. It would not be needed most of the time. This corresponds to the LDAP shadowInactive attribute.
# File lib/radum/user.rb, line 926
926: def shadow_inactive=(shadow_inactive)
927: @shadow_inactive = shadow_inactive
928: @modified = true
929: end
Set the UNIXUser UNIX shadow file last change field. This is the 3rd field of the /etc/shadow file. This defaults to nil when a UNIXUser is created using UNIXUser.new, but it is set to the correct value when the UNIXUser is loaded by AD#load from the AD object the Container belongs to. This only needs to be set if the shadow file information is really needed. It would not be needed most of the time. This corresponds to the LDAP shadowLastChange attribute.
# File lib/radum/user.rb, line 948
948: def shadow_last_change=(shadow_last_change)
949: @shadow_last_change = shadow_last_change
950: @modified = true
951: end
Set the UNIXUser UNIX shadow file max field. This is the 5th field of the /etc/shadow file. This defaults to nil when a UNIXUser is created using UNIXUser.new, but it is set to the correct value when the UNIXUser is loaded by AD#load from the AD object the Container belongs to. This only needs to be set if the shadow file information is really needed. It would not be needed most of the time. This corresponds to the LDAP shadowMax attribute.
# File lib/radum/user.rb, line 970
970: def shadow_max=(shadow_max)
971: @shadow_max = shadow_max
972: @modified = true
973: end
Set the UNIXUser UNIX shadow file min field. This is the 4th field of the /etc/shadow file. This defaults to nil when a UNIXUser is created using UNIXUser.new, but it is set to the correct value when the UNIXUser is loaded by AD#load from the AD object the Container belongs to. This only needs to be set if the shadow file information is really needed. It would not be needed most of the time. This corresponds to the LDAP shadowMin attribute.
# File lib/radum/user.rb, line 992
992: def shadow_min=(shadow_min)
993: @shadow_min = shadow_min
994: @modified = true
995: end
Set the UNIXUser UNIX shadow file warning field. This is the 6th field of the /etc/shadow file. This defaults to nil when a UNIXUser is created using UNIXUser.new, but it is set to the correct value when the UNIXUser is loaded by AD#load from the AD object the Container belongs to. This only needs to be set if the shadow file information is really needed. It would not be needed most of the time. This corresponds to the LDAP shadowWarning attribute.
# File lib/radum/user.rb, line 1014
1014: def shadow_warning=(shadow_warning)
1015: @shadow_warning = shadow_warning
1016: @modified = true
1017: end
The String representation of the UNIXUser object.
# File lib/radum/user.rb, line 1081
1081: def to_s
1082: "UNIXUser [(" + (@disabled ? "USER_DISABLED" : "USER_ENABLED") +
1083: ", RID #{@rid}, UID #{@uid}, GID #{@unix_main_group.gid})" +
1084: " <#{@username}> #{@distinguished_name}]"
1085: end
Set the UNIXUser UNIX main group. This also sets the UNIXUser gid attribute. The group must be of the type UNIXGroup and in the same AD object or a RuntimeError is raised. A RuntimeError is raised if the UNIXGroup has been removed. This method does not automatically remove membership in the previous unix_main_group UNIXGroup.
# File lib/radum/user.rb, line 1059
1059: def unix_main_group=(group)
1060: if group.removed?
1061: raise "Cannot set unix_main_group to a removed group."
1062: end
1063:
1064: if group.instance_of?(UNIXGroup)
1065: if @container.directory == group.container.directory
1066: @unix_main_group = group
1067: @gid = group.gid
1068: # The UNIXUser is already a member of their primary Windows group
1069: # implicitly.
1070: add_group group unless group == @primary_group
1071: @modified = true
1072: else
1073: raise "UNIXUser unix_main_group must be in the same directory."
1074: end
1075: else
1076: raise "UNIXUser unix_main_group must be a UNIXGroup."
1077: end
1078: end
Set the UNIXUser UNIX password field. This can be a crypt or MD5 value (or whatever your system supports potentially - Windows works with crypt and MD5 in Microsoft Identity Management for UNIX). This corresponds to the LDAP unixUserPassword attribute. The unix_password value defaults to "*" when a UNIXUser is created using UNIXUser.new, but it is set to the correct value when the UNIXUser is loaded by AD#load from the AD object the Container belongs to.
It is not necessary to set the LDAP unixUserPassword attribute if you are using Kerberos for authentication, but you might need it if using LDAP (or NIS by way of LDAP in Active Directory) for user information. In cases where it is not needed, it is best to set this field to "*", which is why that is the default.
# File lib/radum/user.rb, line 860
860: def unix_password=(unix_password)
861: @unix_password = unix_password
862: @modified = true
863: end