Skip to content

Support querying Active Directory Global Catalog#94

Closed
davesims wants to merge 2 commits into
masterfrom
use_global_catalog_for_auth
Closed

Support querying Active Directory Global Catalog#94
davesims wants to merge 2 commits into
masterfrom
use_global_catalog_for_auth

Conversation

@davesims

@davesims davesims commented Jul 25, 2016

Copy link
Copy Markdown
Contributor

For Active Directory deployments, in some cases, like authentication or simple entry searches, it will make sense to search the Global Catalog rather than the default configured Domain Controller. This PR will initialize a Global Catalog connection object when requested, and provides an interface to directly query the catalog. GitHub::Ldap::Domain will now use the Global Catalog for user?, if the server is an Active Directory, and the configured Domain Controller is a Global Catalog, or if the user has provided global catalog settings in the initializer options.

TODO:
  • Initialize global catalog connection
  • Make interface to query the catalog
  • Have GitHub::Ldap::Domain#user? use the catalog if server is AD & catalog is present
  • Allow user to provide Global Catalog host & port, otherwise default to the given Domain Controller

This begins an alternative approach to #91. To fully replace that, we'll have to also implement referral chasing to be able to search for groups that aren't configured to be Active Directory "universal" groups. I'll do that in a separate PR.

/cc @mtodd @jch @sbryant @lildude @timmjd
/cc @github/ldap

@davesims davesims force-pushed the use_global_catalog_for_auth branch from b75644e to a00750f Compare July 25, 2016 16:38
Comment thread lib/github/ldap.rb
def active_directory_capability?
capabilities[:supportedcapabilities].include?(ACTIVE_DIRECTORY_V51_OID)
end
private :active_directory_capability?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Made this public since Domain now needs to pivot on whether the server is an AD or not.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't true anymore, is it?

@davesims davesims changed the title Adding support for querying Active Directory Global Catalog Support querying Active Directory Global Catalog Jul 25, 2016
@davesims davesims force-pushed the use_global_catalog_for_auth branch from 5b54b07 to 3af0a88 Compare July 25, 2016 18:59
Comment thread Gemfile

group :test, :development do
gem "byebug", :platforms => [:mri_20, :mri_21]
gem "mocha"

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the use case for adding mocha in development?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mainly as a convenience for cases like this.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, you mean split the group block. :bowtie:

👍

Comment thread Gemfile

group :test do
gem "mocha"
end

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants