Class: Devise::LdapAdapter::LdapConnect

Inherits:

Object

• Object
• Devise::LdapAdapter::LdapConnect

Defined in:

lib/devise_ldap_authenticatable/ldap_adapter.rb

Instance Attribute Summary

• #ldap ⇒ Object readonly

  , :base, :attribute, :required_groups, :login, :password, :new_password.

• #login ⇒ Object readonly

  , :base, :attribute, :required_groups, :login, :password, :new_password.

Instance Method Summary

• #authenticate! ⇒ Object
• #authenticated? ⇒ Boolean
• #authorized? ⇒ Boolean
• #change_password! ⇒ Object
• #dn ⇒ Object
• #has_required_attribute? ⇒ Boolean
• #in_required_groups? ⇒ Boolean
• #initialize(params = {}) ⇒ LdapConnect constructor

  A new instance of LdapConnect.

• #user_groups ⇒ Object

Constructor Details

#initialize(params = {}) ⇒ LdapConnect

Returns a new instance of LdapConnect.

# File 'lib/devise_ldap_authenticatable/ldap_adapter.rb', line 26

def initialize(params = {})
  ldap_config = YAML.load_file(::Devise.ldap_config || "#{Rails.root}/config/ldap.yml")[Rails.env]
  ldap_options[:encryption] = :simple_tls if ldap_config["ssl"]

  @ldap = Net::LDAP.new # (ldap_options)
  @ldap.host = ldap_config["host"]
  @ldap.port = ldap_config["port"]
  @ldap.base = ldap_config["base"]
  @attribute = ldap_config["attribute"]
  
  @group_base = ldap_config["group_base"]
  @required_groups = ldap_config["required_groups"]        
  @required_attributes = ldap_config["require_attribute"]
  
  @ldap.auth ldap_config["admin_user"], ldap_config["admin_password"] if params[:admin] 
  
  @login = params[:login]
  @password = params[:password]
  @new_password = params[:new_password]
end

Instance Attribute Details

#ldap ⇒ Object (readonly)

, :base, :attribute, :required_groups, :login, :password, :new_password

# File 'lib/devise_ldap_authenticatable/ldap_adapter.rb', line 24

def ldap
  @ldap
end

#login ⇒ Object (readonly)

, :base, :attribute, :required_groups, :login, :password, :new_password

# File 'lib/devise_ldap_authenticatable/ldap_adapter.rb', line 24

def login
  @login
end

Instance Method Details

#authenticate! ⇒ Object

# File 'lib/devise_ldap_authenticatable/ldap_adapter.rb', line 51

def authenticate!
  @ldap.auth(dn, @password)
  @ldap.bind
end

#authenticated? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/devise_ldap_authenticatable/ldap_adapter.rb', line 56

def authenticated?
  authenticate!
end

#authorized? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/devise_ldap_authenticatable/ldap_adapter.rb', line 60

def authorized?
  DeviseLdapAuthenticatable::Logger.send("Authorizing user #{dn}")
  authenticated? && in_required_groups? && has_required_attribute?
end

#change_password! ⇒ Object

# File 'lib/devise_ldap_authenticatable/ldap_adapter.rb', line 65

def change_password!
  update_ldap(:userpassword => Net::LDAP::Password.generate(:sha, @new_password))
end

#dn ⇒ Object

# File 'lib/devise_ldap_authenticatable/ldap_adapter.rb', line 47

def dn
  "#{@attribute}=#{@login},#{@ldap.base}"
end

#has_required_attribute? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/devise_ldap_authenticatable/ldap_adapter.rb', line 89

def has_required_attribute?
  return true unless ::Devise.ldap_check_attributes
  
  admin_ldap = LdapConnect.admin
  
  user = find_ldap_user(admin_ldap)
          
  @required_attributes.each do |key,val|
    unless user[key].include? val
      DeviseLdapAuthenticatable::Logger.send("User #{dn} did not match attribute #{key}:#{val}")
      return false 
    end
  end
  
  return true
end

#in_required_groups? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/devise_ldap_authenticatable/ldap_adapter.rb', line 69

def in_required_groups?     
  return true unless ::Devise.ldap_check_group_membership
  
  ## FIXME set errors here, the ldap.yml isn't set properly.
  return false if @required_groups.nil?   
     
  admin_ldap = LdapConnect.admin
          
  for group in @required_groups
    admin_ldap.search(:base => group, :scope => Net::LDAP::SearchScope_BaseObject) do |entry|
      unless entry.uniqueMember.include? dn
        DeviseLdapAuthenticatable::Logger.send("User #{dn} is not in group: #{group}")
        return false
      end
    end
  end
  
  return true
end

#user_groups ⇒ Object

# File 'lib/devise_ldap_authenticatable/ldap_adapter.rb', line 106

def user_groups
  admin_ldap = LdapConnect.admin
  
  DeviseLdapAuthenticatable::Logger.send("Getting groups for #{dn}")
  filter = Net::LDAP::Filter.eq("uniqueMember", dn)
  admin_ldap.search(:filter => filter, :base => @group_base).collect(&:dn)
end