Class: OpenNebula::LdapAuth

Inherits:
Object
  • Object
show all
Defined in:
lib/opennebula/ldap_auth.rb

Instance Method Summary collapse

Constructor Details

#initialize(options) ⇒ LdapAuth

Returns a new instance of LdapAuth.



23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
 
# File 'lib/opennebula/ldap_auth.rb', line 23

def initialize(options)
    @options={
        :host => 'localhost',
        :port => 389,
        :user => nil,
        :password => nil,
        :base => nil,
        :auth_method => :simple,
        :user_field => 'cn',
        :user_group_field => 'dn',
        :group_field => 'member'
    }.merge(options)

    ops={}

    if @options[:user]
        ops[:auth] = {
            :method => @options[:auth_method],
            :username => @options[:user],
            :password => @options[:password]
        }
    end

    ops[:host]=@options[:host] if @options[:host]
    ops[:port]=@options[:port].to_i if @options[:port]
    ops[:encryption]=@options[:encryption] if @options[:encryption]

    @ldap=Net::LDAP.new(ops)
end

Instance Method Details

#authenticate(user, password) ⇒ Object 



87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
 
# File 'lib/opennebula/ldap_auth.rb', line 87

def authenticate(user, password)
    ldap=@ldap.clone

    auth={
        :method => @options[:auth_method],
        :username => user,
        :password => password
    }

    if ldap.bind(auth)
        true
    else
        false
    end
end

#find_user(name) ⇒ Object 



53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
 
# File 'lib/opennebula/ldap_auth.rb', line 53

def find_user(name)
    begin
        result=@ldap.search(
            :base => @options[:base],
            :filter => "#{@options[:user_field]}=#{name}")

        if result && result.first
            [result.first.dn, result.first[@options[:user_group_field]]]
        else
            result=@ldap.search(:base => name)

            if result && result.first
                [name, result.first[@options[:user_group_field]]]
            else
                [nil, nil]
            end
        end
    rescue
        [nil, nil]
    end
end

#is_in_group?(user, group) ⇒ Boolean

Returns:

  • (Boolean) 


75
76
77
78
79
80
81
82
83
84
85
 
# File 'lib/opennebula/ldap_auth.rb', line 75

def is_in_group?(user, group)
    result=@ldap.search(
                :base   => group,
                :filter => "(#{@options[:group_field]}=#{user.first})")

    if result && result.first
        true
    else
        false
    end
end