Class: Devise::LdapAdapter::LdapConnect

Inherits:
Object
  • Object
show all
Defined in:
lib/devise_ldap_authenticatable/ldap_adapter.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(params = {}) ⇒ LdapConnect

Returns a new instance of LdapConnect.



70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
 
# File 'lib/devise_ldap_authenticatable/ldap_adapter.rb', line 70

def initialize(params = {})
  
  ldap_config = YAML.load(ERB.new(File.read(::Devise.ldap_config || "#{Rails.root}/config/ldap.yml")).result)[Rails.env]
  ldap_options = params
  ldap_options[:encryption] = :simple_tls if ldap_config["ssl"]

  @ldap = Net::LDAP.new(ldap_options)
  @ldap.host = ldap_config["host"]
  @ldap.port = ldap_config["port"]
  @ldap.base = ldap_config["base"]
  @attribute = ldap_config["attribute"]
  # Application Specific Change
  @attribute_to_be_compared = ldap_config["attribute_to_compare"]
  @attributes_to_persist = ldap_config["attributes_to_persist"]
  
  @ldap_auth_username_builder = params[:ldap_auth_username_builder]
  @group_base = ldap_config["group_base"]
  @required_groups = ldap_config["required_groups"]        
  @required_attributes = ldap_config["require_attribute"]
  
  @ldap.auth ldap_config["admin_user"], ldap_config["admin_password"] if params[:admin] 
          
  @login = params[:login]
  @password = params[:password]
  @new_password = params[:new_password]
end

Instance Attribute Details

#ldapObject (readonly)

Returns the value of attribute ldap.



68
69
70
 
# File 'lib/devise_ldap_authenticatable/ldap_adapter.rb', line 68

def ldap
  @ldap
end

#loginObject (readonly)

Returns the value of attribute login.



68
69
70
 
# File 'lib/devise_ldap_authenticatable/ldap_adapter.rb', line 68

def 
  @login
end

Instance Method Details

#attribute_to_compareObject

Application Specific Change



110
111
112
113
 
# File 'lib/devise_ldap_authenticatable/ldap_adapter.rb', line 110

def attribute_to_compare
  user_entry = find_ldap_user(ldap)
  user_entry[@attribute_to_be_compared]
end

#authenticate!Object 



127
128
129
130
 
# File 'lib/devise_ldap_authenticatable/ldap_adapter.rb', line 127

def authenticate!
  @ldap.auth(dn, @password)
  @ldap.bind
end

#authenticated?Boolean

Returns:

  • (Boolean) 


132
133
134
 
# File 'lib/devise_ldap_authenticatable/ldap_adapter.rb', line 132

def authenticated?
  authenticate!
end

#authorized?Boolean

Returns:

  • (Boolean) 


136
137
138
139
 
# File 'lib/devise_ldap_authenticatable/ldap_adapter.rb', line 136

def authorized?
  DeviseLdapAuthenticatable::Logger.send("Authorizing user #{dn}")
  authenticated? && in_required_groups? && has_required_attribute?
end

#change_password!Object 



141
142
143
 
# File 'lib/devise_ldap_authenticatable/ldap_adapter.rb', line 141

def change_password!
  update_ldap(:userpassword => Net::LDAP::Password.generate(:sha, @new_password))
end

#dnObject 



115
116
117
118
119
120
121
122
123
124
125
 
# File 'lib/devise_ldap_authenticatable/ldap_adapter.rb', line 115

def dn
  DeviseLdapAuthenticatable::Logger.send("LDAP search: #{@attribute}=#{@login}")
  filter = Net::LDAP::Filter.eq(@attribute.to_s, @login.to_s)
  ldap_entry = nil
  @ldap.search(:filter => filter) {|entry| ldap_entry = entry}
  if ldap_entry.nil?
    @ldap_auth_username_builder.call(@attribute,@login,@ldap)
  else
    ldap_entry.dn
  end
end

#has_required_attribute?Boolean

Returns:

  • (Boolean) 


174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
 
# File 'lib/devise_ldap_authenticatable/ldap_adapter.rb', line 174

def has_required_attribute?
  return true unless ::Devise.ldap_check_attributes
  
  admin_ldap = LdapConnect.admin
  
  user = find_ldap_user(admin_ldap)
          
  @required_attributes.each do |key,val|
    unless user[key].include? val
      DeviseLdapAuthenticatable::Logger.send("User #{dn} did not match attribute #{key}:#{val}")
      return false 
    end
  end
  
  return true
end

#in_required_groups?Boolean

Returns:

  • (Boolean) 


145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
 
# File 'lib/devise_ldap_authenticatable/ldap_adapter.rb', line 145

def in_required_groups?     
  return true unless ::Devise.ldap_check_group_membership
  
  ## FIXME set errors here, the ldap.yml isn't set properly.
  DeviseLdapAuthenticatable::Logger.send("Required Groups are #{@required_groups}")
  return false if @required_groups.nil?   
     
  # admin_ldap = LdapConnect.admin 
  # Admin bind is not really needed, but might depend on sepecific LDAP configuration.Knome Specific
  admin_ldap = @ldap
  
  for group in @required_groups
    if group.is_a?(Array)
      group_attribute, group_name = group
    else
      group_attribute = "uniqueMember"
      group_name = group
    end
    admin_ldap.search(:base => group_name, :scope => Net::LDAP::SearchScope_BaseObject) do |entry|
      unless entry[group_attribute].include? dn
        DeviseLdapAuthenticatable::Logger.send("User #{dn} is not in group: #{group_name }")
        return false
      end
    end
  end
  
  return true
end

#persistant_attributesObject

Application Specific Change



98
99
100
101
102
103
104
105
106
107
 
# File 'lib/devise_ldap_authenticatable/ldap_adapter.rb', line 98

def persistant_attributes
  
  user_entry = find_ldap_user(ldap)
  attribute_hash = {}
 
  @attributes_to_persist.each do |attr|
    attribute_hash[attr[1]] = user_entry[attr[0]] 
  end
  attribute_hash
end

#user_groupsObject 



191
192
193
194
195
196
197
 
# File 'lib/devise_ldap_authenticatable/ldap_adapter.rb', line 191

def user_groups
  admin_ldap = LdapConnect.admin

  DeviseLdapAuthenticatable::Logger.send("Getting groups for #{dn}")
  filter = Net::LDAP::Filter.eq("uniqueMember", dn)
  admin_ldap.search(:filter => filter, :base => @group_base).collect(&:dn)
end