Class: ZuoraConnect::LDAP::Connection
- Inherits:
-
Object
- Object
- ZuoraConnect::LDAP::Connection
- Defined in:
- app/helpers/zuora_connect/LDAP/connection.rb
Instance Attribute Summary collapse
-
#ldap ⇒ Object
readonly
Returns the value of attribute ldap.
-
#login ⇒ Object
readonly
Returns the value of attribute login.
Instance Method Summary collapse
- #authenticate! ⇒ Object
- #authenticated? ⇒ Boolean
- #authorized? ⇒ Boolean
- #dn ⇒ Object
- #in_required_groups? ⇒ Boolean
-
#initialize(params = {}) ⇒ Connection
constructor
A new instance of Connection.
- #last_message_bad_credentials? ⇒ Boolean
- #last_message_expired_credentials? ⇒ Boolean
- #search_for_login ⇒ Object
Constructor Details
#initialize(params = {}) ⇒ Connection
Returns a new instance of Connection.
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
# File 'app/helpers/zuora_connect/LDAP/connection.rb', line 8 def initialize(params = {}) ldap_config = YAML.load(ERB.new(File.read("#{Rails.root}/config/ldap.yml")).result)[Rails.env] = params # Allow `ssl: true` shorthand in YAML, but enable more control with `encryption` ldap_config['ssl'] = :simple_tls if ldap_config['ssl'] === true [:encryption] = ldap_config['ssl'].to_sym if ldap_config['ssl'] [:encryption] = ldap_config['encryption'] if ldap_config['encryption'] @ldap = Net::LDAP.new() @ldap.host = ldap_config['host'] @ldap.port = ldap_config['port'] @ldap.base = ldap_config['base'] @attribute = ldap_config['attribute'] @allow_unauthenticated_bind = ldap_config['allow_unauthenticated_bind'] @ldap_auth_username_builder = params[:ldap_auth_username_builder] @group_base = ldap_config['group_base'] @check_group_membership = ldap_config.key?('check_group_membership') ? ldap_config['check_group_membership'] : false @check_group_membership_without_admin = ldap_config.key?('check_group_membership_without_admin') ? ldap_config['check_group_membership_without_admin'] : false @required_groups = ldap_config['required_groups'] @group_membership_attribute = ldap_config.key?('group_membership_attribute') ? ldap_config['group_membership_attribute'] : 'uniqueMember' @required_attributes = ldap_config['require_attribute'] @required_attributes_presence = ldap_config['require_attribute_presence'] @ldap.auth ldap_config['admin_user'], ldap_config['admin_password'] if params[:admin] @login = params[:login] @password = params[:password] @new_password = params[:new_password] end |
Instance Attribute Details
#ldap ⇒ Object (readonly)
Returns the value of attribute ldap.
6 7 8 |
# File 'app/helpers/zuora_connect/LDAP/connection.rb', line 6 def ldap @ldap end |
#login ⇒ Object (readonly)
Returns the value of attribute login.
6 7 8 |
# File 'app/helpers/zuora_connect/LDAP/connection.rb', line 6 def login @login end |
Instance Method Details
#authenticate! ⇒ Object
69 70 71 72 73 |
# File 'app/helpers/zuora_connect/LDAP/connection.rb', line 69 def authenticate! return false unless @password.present? || @allow_unauthenticated_bind @ldap.auth(dn, @password) @ldap.bind end |
#authenticated? ⇒ Boolean
75 76 77 |
# File 'app/helpers/zuora_connect/LDAP/connection.rb', line 75 def authenticated? authenticate! end |
#authorized? ⇒ Boolean
87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 |
# File 'app/helpers/zuora_connect/LDAP/connection.rb', line 87 def ZuoraConnect::logger.debug("Authorizing user #{dn}") if !authenticated? if ZuoraConnect::logger.debug('Not authorized because of invalid credentials.') elsif ZuoraConnect::logger.debug('Not authorized because of expired credentials.') else ZuoraConnect::logger.debug('Not authorized because not authenticated.') end false elsif !in_required_groups? ZuoraConnect::logger.debug('Not authorized because not in required groups.') false else true end end |
#dn ⇒ Object
41 42 43 44 45 46 47 48 49 50 51 |
# File 'app/helpers/zuora_connect/LDAP/connection.rb', line 41 def dn @dn ||= begin ZuoraConnect::logger.debug("LDAP dn lookup: #{@attribute}=#{@login}") ldap_entry = search_for_login if ldap_entry.nil? @ldap_auth_username_builder.call(@attribute,@login,@ldap) else ldap_entry.dn end end end |
#in_required_groups? ⇒ Boolean
107 108 109 110 111 112 113 114 115 116 117 118 119 120 |
# File 'app/helpers/zuora_connect/LDAP/connection.rb', line 107 def in_required_groups? return true unless @check_group_membership || @check_group_membership_without_admin return false if @required_groups.nil? @required_groups.each do |group| if group.is_a?(Array) return false unless in_group?(group[1], group[0]) else return false unless in_group?(group) end end true end |
#last_message_bad_credentials? ⇒ Boolean
79 80 81 |
# File 'app/helpers/zuora_connect/LDAP/connection.rb', line 79 def @ldap.get_operation_result..to_s.include? 'AcceptSecurityContext error, data 52e' end |
#last_message_expired_credentials? ⇒ Boolean
83 84 85 |
# File 'app/helpers/zuora_connect/LDAP/connection.rb', line 83 def @ldap.get_operation_result..to_s.include? 'AcceptSecurityContext error, data 773' end |
#search_for_login ⇒ Object
53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 |
# File 'app/helpers/zuora_connect/LDAP/connection.rb', line 53 def search_for_login @login_ldap_entry ||= begin ZuoraConnect::logger.debug("LDAP search for login: #{@attribute}=#{@login}") filter = Net::LDAP::Filter.eq(@attribute.to_s, @login.to_s) ldap_entry = nil match_count = 0 @ldap.search(:filter => filter) {|entry| ldap_entry = entry; match_count+=1} op_result= @ldap.get_operation_result if op_result.code!=0 ZuoraConnect::logger.debug("LDAP Error #{op_result.code}: #{op_result.}") end ZuoraConnect::logger.debug("LDAP search yielded #{match_count} matches") ldap_entry end end |