Method: Net::LDAP#bind_as

Defined in:
lib/net/ldap.rb

#bind_as(args = {}) ⇒ Object

#bind_as is for testing authentication credentials.

As described under #bind, most LDAP servers require that you supply a complete DN as a binding-credential, along with an authenticator such as a password. But for many applications (such as authenticating users to a Rails application), you often don’t have a full DN to identify the user. You usually get a simple identifier like a username or an email address, along with a password. #bind_as allows you to authenticate these user-identifiers.

#bind_as is a combination of a search and an LDAP binding. First, it connects and binds to the directory as normal. Then it searches the directory for an entry corresponding to the email address, username, or other string that you supply. If the entry exists, then #bind_as will re-bind as that user with the password (or other authenticator) that you supply.

#bind_as takes the same parameters as #search, with the addition of an authenticator. Currently, this authenticator must be :password. Its value may be either a String, or a proc that returns a String. #bind_as returns false on failure. On success, it returns a result set, just as #search does. This result set is an Array of objects of type Net::LDAP::Entry. It contains the directory attributes corresponding to the user. (Just test whether the return value is logically true, if you don’t need this additional information.)

Here’s how you would use #bind_as to authenticate an email address and password:

require 'net/ldap'

user, psw = "joe_user@yourcompany.com", "joes_psw"

ldap = Net::LDAP.new
ldap.host = "192.168.0.100"
ldap.port = 389
ldap.auth "cn=manager, dc=yourcompany, dc=com", "topsecret"

result = ldap.bind_as(:base => "dc=yourcompany, dc=com",
                      :filter => "(mail=#{user})",
                      :password => psw)
if result
  puts "Authenticated #{result.first.dn}"
else
  puts "Authentication FAILED."
end
[View source]

926
927
928
929
930
931
932
933
934
935
936
937
938
 
# File 'lib/net/ldap.rb', line 926

def bind_as(args = {})
  result = false
  open do |me|
    rs = search args
    if rs and rs.first and dn = rs.first.dn
      password = args[:password]
      password = password.call if password.respond_to?(:call)
      result = rs if bind(:method => :simple, :username => dn,
                          :password => password)
    end
  end
  result
end