Class: AuthSourceLdap

Inherits:

AuthSource

• Object
• ActiveRecord::Base
• AuthSource
• AuthSourceLdap

Defined in:

app/models/auth_source_ldap.rb

Constant Summary

NETWORK_EXCEPTIONS =

[
  Net::LDAP::Error,
  Errno::ECONNABORTED, Errno::ECONNREFUSED, Errno::ECONNRESET,
  Errno::EHOSTDOWN, Errno::EHOSTUNREACH,
  SocketError
]

LDAP_MODES =

[
  :ldap,
  :ldaps_verify_none,
  :ldaps_verify_peer
]

Class Method Summary

• .get_attr(entry, attr_name) ⇒ Object

Instance Method Summary

• #auth_method_name ⇒ Object
• #authenticate(login, password) ⇒ Object
• #initialize(attributes = nil, *args) ⇒ AuthSourceLdap constructor

  A new instance of AuthSourceLdap.

• #ldap_mode ⇒ Object
• #ldap_mode=(ldap_mode) ⇒ Object
• #search(q) ⇒ Object

  Searches the source for users and returns an array of results.

• #searchable? ⇒ Boolean

  Returns true if this source can be searched for users.

• #test_connection ⇒ Object

  Test the connection to the LDAP.

Methods inherited from AuthSource

#account_password, #account_password=, allow_password_changes?, #allow_password_changes?, authenticate, search

Methods included from Redmine::Ciphering

cipher_key, decrypt_text, encrypt_text, included, logger

Methods included from Redmine::SubclassFactory

included

Methods included from Redmine::SafeAttributes

#delete_unsafe_attributes, included, #safe_attribute?, #safe_attribute_names, #safe_attributes=

Constructor Details

#initialize(attributes = nil, *args) ⇒ AuthSourceLdap

Returns a new instance of AuthSourceLdap.

# File 'app/models/auth_source_ldap.rb', line 50

def initialize(attributes=nil, *args)
  super
  self.port = 389 if self.port == 0
end

Class Method Details

.get_attr(entry, attr_name) ⇒ Object

# File 'app/models/auth_source_ldap.rb', line 247

def get_attr(entry, attr_name)
  if !attr_name.blank?
    value = entry[attr_name].is_a?(Array) ? entry[attr_name].first : entry[attr_name]
    (+value.to_s).force_encoding('UTF-8')
  end
end

Instance Method Details

#auth_method_name ⇒ Object

# File 'app/models/auth_source_ldap.rb', line 83

def auth_method_name
  "LDAP"
end

#authenticate(login, password) ⇒ Object

# File 'app/models/auth_source_ldap.rb', line 55

def authenticate(login, password)
  return nil if login.blank? || password.blank?

  with_timeout do
    attrs = get_user_dn(login, password)
    if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password)
      logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
      return attrs.except(:dn)
    end
  end
rescue *NETWORK_EXCEPTIONS => e
  raise AuthSourceException.new("#{auth_method_name}: #{e.message}")
end

#ldap_mode ⇒ Object

# File 'app/models/auth_source_ldap.rb', line 113

def ldap_mode
  case
  when tls && verify_peer
    :ldaps_verify_peer
  when tls && !verify_peer
    :ldaps_verify_none
  else
    :ldap
  end
end

#ldap_mode=(ldap_mode) ⇒ Object

# File 'app/models/auth_source_ldap.rb', line 124

def ldap_mode=(ldap_mode)
  case ldap_mode.try(:to_sym)
  when :ldaps_verify_peer
    self.tls = true
    self.verify_peer = true
  when :ldaps_verify_none
    self.tls = true
    self.verify_peer = false
  else
    self.tls = false
    self.verify_peer = false
  end
end

#search(q) ⇒ Object

Searches the source for users and returns an array of results

# File 'app/models/auth_source_ldap.rb', line 93

def search(q)
  q = q.to_s.strip
  return [] unless searchable? && q.present?

  results = []
  search_filter = base_filter & Net::LDAP::Filter.begins(self.attr_login, q)
  ldap_con = initialize_ldap_con(self.account, self.account_password)
  ldap_con.search(:base => self.base_dn,
                  :filter => search_filter,
                  :attributes => ['dn', self.attr_login, self.attr_firstname, self.attr_lastname, self.attr_mail],
                  :size => 10) do |entry|
    attrs = get_user_attributes_from_ldap_entry(entry)
    attrs[:login] = AuthSourceLdap.get_attr(entry, self.attr_login)
    results << attrs
  end
  results
rescue *NETWORK_EXCEPTIONS => e
  raise AuthSourceException.new("#{auth_method_name}: #{e.message}")
end

#searchable? ⇒ Boolean

Returns true if this source can be searched for users

Returns:

• (Boolean)

# File 'app/models/auth_source_ldap.rb', line 88

def searchable?
  !account.to_s.include?("$login") && %w(login firstname lastname mail).all? {|a| send("attr_#{a}?")}
end

#test_connection ⇒ Object

Test the connection to the LDAP

# File 'app/models/auth_source_ldap.rb', line 70

def test_connection
  with_timeout do
    ldap_con = initialize_ldap_con(self.account, self.account_password)
    ldap_con.open {}
    if self.account.present? && !self.account.include?("$login") && self.account_password.present?
      ldap_auth = authenticate_dn(self.account, self.account_password)
      raise AuthSourceException.new(l(:error_ldap_bind_credentials)) if !ldap_auth
    end
  end
rescue *NETWORK_EXCEPTIONS => e
  raise AuthSourceException.new("#{auth_method_name}: #{e.message}")
end