Module: DRbService::LDAPAuthentication
- Defined in:
- lib/drbservice/ldapauth.rb
Overview
An authentication strategy for DRbService – set a password via a class method.
Defined Under Namespace
Modules: ClassMethods
Instance Attribute Summary collapse
-
#authuser ⇒ Object
readonly
the username of the authenticated user.
-
#authuser_branch ⇒ Object
readonly
the Treequel::Branch of the authenticated user.
Class Method Summary collapse
-
.included(klass) ⇒ Object
Overridden mixin callback – add the ClassMethods to the including class.
Instance Method Summary collapse
-
#authenticate(user, password) ⇒ Object
authentication succeeds.
-
#initialize(*args) ⇒ Object
Set up some instance variables used by the mixin.
Instance Attribute Details
#authuser ⇒ Object (readonly)
the username of the authenticated user
98 99 100 |
# File 'lib/drbservice/ldapauth.rb', line 98 def authuser @authuser end |
#authuser_branch ⇒ Object (readonly)
the Treequel::Branch of the authenticated user
101 102 103 |
# File 'lib/drbservice/ldapauth.rb', line 101 def authuser_branch @authuser_branch end |
Class Method Details
.included(klass) ⇒ Object
Overridden mixin callback – add the ClassMethods to the including class
82 83 84 85 |
# File 'lib/drbservice/ldapauth.rb', line 82 def self::included( klass ) super klass.extend( ClassMethods ) end |
Instance Method Details
#authenticate(user, password) ⇒ Object
authentication succeeds. Raises a SecurityError if authentication fails. If no password is set, the block is called regardless of what the password is.
107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 |
# File 'lib/drbservice/ldapauth.rb', line 107 def authenticate( user, password ) uri = self.class.ldap_uri self.log.debug "Connecting to %p for authentication" % [ uri ] directory = Treequel.directory( uri ) self.log.debug " finding LDAP record for: %p" % [ user ] user_branch = self.find_auth_user( directory, user ) or return super self.log.debug " binding as %p (%p)" % [ user, user_branch ] directory.bind_as( user_branch, password ) self.log.debug " bound successfully..." @authenticated = true if cb = self.class.ldap_authz_callback self.log.debug " calling authorization callback..." unless self.call_authz_callback( cb, user_branch, directory ) msg = " authorization failed for: %s" % [ user_branch ] self.log.debug( msg ) raise SecurityError, msg end self.log.debug " authorization succeeded." end @authuser = user @authuser_branch = user yield rescue LDAP::ResultError => err self.log.error " authentication failed for %p" % [ user_branch || user ] raise SecurityError, "authentication failure" ensure @authuser = nil @authuser_branch = nil @authenticated = false end |
#initialize(*args) ⇒ Object
Set up some instance variables used by the mixin.
89 90 91 92 93 94 |
# File 'lib/drbservice/ldapauth.rb', line 89 def initialize( *args ) super @authenticated = false @authuser = nil @authuser_branch = nil end |