Class: Devise::LdapAdapter::LdapConnect
- Inherits:
-
Object
- Object
- Devise::LdapAdapter::LdapConnect
- Defined in:
- lib/devise_ldap_authenticatable/ldap_adapter.rb
Instance Attribute Summary collapse
-
#ldap ⇒ Object
readonly
, :base, :attribute, :required_groups, :login, :password, :new_password.
-
#login ⇒ Object
readonly
, :base, :attribute, :required_groups, :login, :password, :new_password.
Instance Method Summary collapse
- #authenticate! ⇒ Object
- #authenticated? ⇒ Boolean
- #authorized? ⇒ Boolean
- #change_password! ⇒ Object
- #dn ⇒ Object
- #has_required_attribute? ⇒ Boolean
- #in_required_groups? ⇒ Boolean
-
#initialize(params = {}) ⇒ LdapConnect
constructor
A new instance of LdapConnect.
- #user_groups ⇒ Object
Constructor Details
#initialize(params = {}) ⇒ LdapConnect
Returns a new instance of LdapConnect.
26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
# File 'lib/devise_ldap_authenticatable/ldap_adapter.rb', line 26 def initialize(params = {}) ldap_config = YAML.load_file(::Devise.ldap_config || "#{Rails.root}/config/ldap.yml")[Rails.env] [:encryption] = :simple_tls if ldap_config["ssl"] @ldap = Net::LDAP.new # (ldap_options) @ldap.host = ldap_config["host"] @ldap.port = ldap_config["port"] @ldap.base = ldap_config["base"] @attribute = ldap_config["attribute"] @group_base = ldap_config["group_base"] @required_groups = ldap_config["required_groups"] @required_attributes = ldap_config["require_attribute"] @ldap.auth ldap_config["admin_user"], ldap_config["admin_password"] if params[:admin] @login = params[:login] @password = params[:password] @new_password = params[:new_password] end |
Instance Attribute Details
#ldap ⇒ Object (readonly)
, :base, :attribute, :required_groups, :login, :password, :new_password
24 25 26 |
# File 'lib/devise_ldap_authenticatable/ldap_adapter.rb', line 24 def ldap @ldap end |
#login ⇒ Object (readonly)
, :base, :attribute, :required_groups, :login, :password, :new_password
24 25 26 |
# File 'lib/devise_ldap_authenticatable/ldap_adapter.rb', line 24 def login @login end |
Instance Method Details
#authenticate! ⇒ Object
51 52 53 54 |
# File 'lib/devise_ldap_authenticatable/ldap_adapter.rb', line 51 def authenticate! @ldap.auth(dn, @password) @ldap.bind end |
#authenticated? ⇒ Boolean
56 57 58 |
# File 'lib/devise_ldap_authenticatable/ldap_adapter.rb', line 56 def authenticated? authenticate! end |
#authorized? ⇒ Boolean
60 61 62 63 |
# File 'lib/devise_ldap_authenticatable/ldap_adapter.rb', line 60 def DeviseLdapAuthenticatable::Logger.send("Authorizing user #{dn}") authenticated? && in_required_groups? && has_required_attribute? end |
#change_password! ⇒ Object
65 66 67 |
# File 'lib/devise_ldap_authenticatable/ldap_adapter.rb', line 65 def change_password! update_ldap(:userpassword => Net::LDAP::Password.generate(:sha, @new_password)) end |
#dn ⇒ Object
47 48 49 |
# File 'lib/devise_ldap_authenticatable/ldap_adapter.rb', line 47 def dn "#{@attribute}=#{@login},#{@ldap.base}" end |
#has_required_attribute? ⇒ Boolean
89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 |
# File 'lib/devise_ldap_authenticatable/ldap_adapter.rb', line 89 def has_required_attribute? return true unless ::Devise.ldap_check_attributes admin_ldap = LdapConnect.admin user = find_ldap_user(admin_ldap) @required_attributes.each do |key,val| unless user[key].include? val DeviseLdapAuthenticatable::Logger.send("User #{dn} did not match attribute #{key}:#{val}") return false end end return true end |
#in_required_groups? ⇒ Boolean
69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 |
# File 'lib/devise_ldap_authenticatable/ldap_adapter.rb', line 69 def in_required_groups? return true unless ::Devise.ldap_check_group_membership ## FIXME set errors here, the ldap.yml isn't set properly. return false if @required_groups.nil? admin_ldap = LdapConnect.admin for group in @required_groups admin_ldap.search(:base => group, :scope => Net::LDAP::SearchScope_BaseObject) do |entry| unless entry.uniqueMember.include? dn DeviseLdapAuthenticatable::Logger.send("User #{dn} is not in group: #{group}") return false end end end return true end |
#user_groups ⇒ Object
106 107 108 109 110 111 112 |
# File 'lib/devise_ldap_authenticatable/ldap_adapter.rb', line 106 def user_groups admin_ldap = LdapConnect.admin DeviseLdapAuthenticatable::Logger.send("Getting groups for #{dn}") filter = Net::LDAP::Filter.eq("uniqueMember", dn) admin_ldap.search(:filter => filter, :base => @group_base).collect(&:dn) end |