lita-activedirectory
A Lita handler plugin for basic interactions with Active Directory.
Installation
Add lita-activedirectory to your Lita instance's Gemfile:
gem "lita-activedirectory"
Configuration
-
config.handlers.activedirectory.host
- LDAP host to query -
config.handlers.activedirectory.port
- LDAP port used to connect to the host -
config.handlers.activedirectory.basedn
- The basedn for the LDAP search -
config.handlers.activedirectory.user_basedn
- the basedn for LDAP user searches -
config.handlers.activedirectory.username
- User for connecting to LDAP -
config.handlers.activedirectory.password
- Password for connecting to LDAP
Usage
username expects the samaccount name
Check if a user account is locked out
is <username> locked?
Unlock a user account
unlock <username>
Requires membership in ad_admins
authorization group.
The user account specified in config.handlers.activedirectory.username
must have permission to write the lockouttime
attribute for unlocking to succeed. We leave it up to you to secure this account accordingly.
List a User's Group Memberships
<username> groups>
List a Group's Members
group <groupname> members
Add a User to a Group
add <username> to <groupname>
Requires membership in ad_admins
authorization group.
The user account specified in config.handlers.activedirectory.username
must have permission to write the member
attribute on groups for the membership change to succeed. We leave it up to you to secure this account accordingly.
Remove a User from a Group
remove <username> from <groupname>
Requires membership in ad_admins
authorization group.
The user account specified in config.handlers.activedirectory.username
must have permission to write the member
attribute on groups for the membership change to succeed. We leave it up to you to secure this account accordingly.
Disable a User
disable user <username>
Requires membership in ad_admins
authorization group.
The user account specified in config.handlers.activedirectory.username
must have permission to write the userAccountControl
attribute on groups for the change to succeed. We leave it up to you to secure this account accordingly.
Enable a User
enable user <username>
Requires membership in ad_admins
authorization group.
The user account specified in config.handlers.activedirectory.username
must have permission to write the userAccountControl
attribute on groups for the change to succeed. We leave it up to you to secure this account accordingly.