Class: CASServer::Authenticators::LDAP
- Defined in:
- lib/casserver/authenticators/ldap.rb
Overview
Basic LDAP authenticator. Should be compatible with OpenLDAP and other similar LDAP servers, although it hasn’t been officially tested. See example config file for details on how to configure it.
Direct Known Subclasses
Instance Attribute Summary
Attributes inherited from Base
Instance Method Summary collapse
Methods inherited from Base
Instance Method Details
#validate(credentials) ⇒ Object
25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 |
# File 'lib/casserver/authenticators/ldap.rb', line 25 def validate(credentials) read_standard_credentials(credentials) return false if @password.blank? raise CASServer::AuthenticatorError, "Cannot validate credentials because the authenticator hasn't yet been configured" unless @options raise CASServer::AuthenticatorError, "Invalid LDAP authenticator configuration!" unless @options[:ldap] raise CASServer::AuthenticatorError, "You must specify a server host in the LDAP configuration!" unless @options[:ldap][:host] || @options[:ldap][:server] raise CASServer::AuthenticatorError, "The username '#{@username}' contains invalid characters." if (@username =~ /[*\(\)\0\/]/) preprocess_username @ldap = Net::LDAP.new @options[:ldap][:host] ||= @options[:ldap][:server] @ldap.host = @options[:ldap][:host] @ldap.port = @options[:ldap][:port] if @options[:ldap][:port] @ldap.encryption(@options[:ldap][:encryption].intern) if @options[:ldap][:encryption] begin if @options[:ldap][:auth_user] bind_success = bind_by_username_with_preauthentication else bind_success = bind_by_username end return false unless bind_success entry = find_user extract_extra_attributes(entry) return true rescue Net::LDAP::LdapError => e raise CASServer::AuthenticatorError, "LDAP authentication failed with '#{e}'. Check your authenticator configuration." end end |