Class: OmniAuth::Strategies::LDAP::Adaptor

Inherits:

Object

• Object
• OmniAuth::Strategies::LDAP::Adaptor

Defined in:

lib/omniauth/strategies/ldap/adaptor.rb

Defined Under Namespace

Classes: AuthenticationError, ConfigurationError, ConnectionError, LdapError

Constant Summary

VALID_ADAPTER_CONFIGURATION_KEYS =

[:host, :port, :method, :bind_dn, :password, :try_sasl, :sasl_mechanisms, :uid, :base, :allow_anonymous]

MUST_HAVE_KEYS =

[:host, :port, :method, :uid, :base]

METHOD =

{
  :ssl => :simple_tls,
  :tls => :start_tls,
  :plain => nil,
}

Instance Attribute Summary

• #base ⇒ Object readonly

  Returns the value of attribute base.

• #bind_dn ⇒ Object

  Returns the value of attribute bind_dn.

• #connection ⇒ Object readonly

  Returns the value of attribute connection.

• #password ⇒ Object

  Returns the value of attribute password.

• #uid ⇒ Object readonly

  Returns the value of attribute uid.

Instance Method Summary

• #bind(options = {}) ⇒ Object
• #bound? ⇒ Boolean
• #connect(options = {}) ⇒ Object
• #connecting? ⇒ Boolean
• #disconnect!(options = {}) ⇒ Object
• #initialize(configuration = {}) ⇒ Adaptor constructor

  A new instance of Adaptor.

• #rebind(options = {}) ⇒ Object
• #search(options = {}, &block) ⇒ Object
• #unbind(options = {}) ⇒ Object

Constructor Details

#initialize(configuration = {}) ⇒ Adaptor

Returns a new instance of Adaptor.

Raises:

• (ArgumentError)

# File 'lib/omniauth/strategies/ldap/adaptor.rb', line 30

def initialize(configuration={})
  @connection = nil
  @disconnected = false
  @bound = false
  @configuration = configuration.dup
  @configuration[:allow_anonymous] ||= false
  @logger = @configuration.delete(:logger)
  message = []
  MUST_HAVE_KEYS.each do |name|
      message << name if configuration[name].nil?
  end
  raise ArgumentError.new(message.join(",") +" MUST be provided") unless message.empty?
  VALID_ADAPTER_CONFIGURATION_KEYS.each do |name|
    instance_variable_set("@#{name}", configuration[name])
  end
end

Instance Attribute Details

#base ⇒ Object (readonly)

Returns the value of attribute base.

# File 'lib/omniauth/strategies/ldap/adaptor.rb', line 28

def base
  @base
end

#bind_dn ⇒ Object

Returns the value of attribute bind_dn.

# File 'lib/omniauth/strategies/ldap/adaptor.rb', line 27

def bind_dn
  @bind_dn
end

#connection ⇒ Object (readonly)

Returns the value of attribute connection.

# File 'lib/omniauth/strategies/ldap/adaptor.rb', line 28

def connection
  @connection
end

#password ⇒ Object

Returns the value of attribute password.

# File 'lib/omniauth/strategies/ldap/adaptor.rb', line 27

def password
  @password
end

#uid ⇒ Object (readonly)

Returns the value of attribute uid.

# File 'lib/omniauth/strategies/ldap/adaptor.rb', line 28

def uid
  @uid
end

Instance Method Details

#bind(options = {}) ⇒ Object

# File 'lib/omniauth/strategies/ldap/adaptor.rb', line 75

def bind(options={})
  connect(options) unless connecting?
  begin
  @bind_tried = true

  bind_dn = (options[:bind_dn] || @bind_dn).to_s
  try_sasl = options.has_key?(:try_sasl) ? options[:try_sasl] : @try_sasl
  if options.has_key?(:allow_anonymous)
    allow_anonymous = options[:allow_anonymous]
  else
    allow_anonymous = @allow_anonymous
  end
  # Rough bind loop:
  # Attempt 1: SASL if available
  # Attempt 2: SIMPLE with credentials if password block
  # Attempt 3: SIMPLE ANONYMOUS if 1 and 2 fail and allow anonymous is set to true
  if try_sasl and sasl_bind(bind_dn, options)
    puts "bound with sasl"
  elsif simple_bind(bind_dn, options)
    puts "bound with simple"
  elsif allow_anonymous and bind_as_anonymous(options)
    puts "bound as anonymous"
  else
    message = yield if block_given?
    message ||= ('All authentication methods for %s exhausted.') % target
    raise AuthenticationError, message
  end
  @bound = true
  rescue Net::LDAP::LdapError
    raise AuthenticationError, $!.message
  end
end

#bound? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/omniauth/strategies/ldap/adaptor.rb', line 123

def bound?
  connecting? and @bound
end

#connect(options = {}) ⇒ Object

# File 'lib/omniauth/strategies/ldap/adaptor.rb', line 47

def connect(options={})
  host = options[:host] || @host
  method = ensure_method(options[:method] || @method || :plain)
  port = options[:port] || @port || ensure_port(method)
  @disconnected = false
  @bound = false
  @bind_tried = false

  config = {
    :host => host,
    :port => port,
  }

  config[:encryption] = {:method => method} if method

  @connection, @uri, @with_start_tls = begin
    uri = construct_uri(host, port, method == :simple_tls)
    with_start_tls = method == :start_tls
    [Net::LDAP::Connection.new(config), uri, with_start_tls]
  rescue Net::LDAP::LdapError
    raise ConnectionError, $!.message
  end
end

#connecting? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/omniauth/strategies/ldap/adaptor.rb', line 119

def connecting?
  !@connection.nil? and !@disconnected
end

#disconnect!(options = {}) ⇒ Object

# File 'lib/omniauth/strategies/ldap/adaptor.rb', line 108

def disconnect!(options={})
  unbind(options)
  @connection = @uri = @with_start_tls = nil
  @disconnected = true
end

#rebind(options = {}) ⇒ Object

# File 'lib/omniauth/strategies/ldap/adaptor.rb', line 114

def rebind(options={})
  unbind(options) if bound?
  connect(options)
end

#search(options = {}, &block) ⇒ Object

# File 'lib/omniauth/strategies/ldap/adaptor.rb', line 127

def search(options={}, &block)
  base = options[:base] || @base
  filter = options[:filter]
  limit = options[:limit]

  args = {
    :base => base,
    :filter => filter,
    :size => limit
  }

  attributes = {}
  execute(:search, args) do |entry|
    entry.attribute_names.each do |name|
      attributes[name] = entry[name]
    end
  end
  attributes
end

#unbind(options = {}) ⇒ Object

# File 'lib/omniauth/strategies/ldap/adaptor.rb', line 71

def unbind(options={})
  @connection.close # Net::LDAP doesn't implement unbind.
end