Class: AuthSourceLdap

Inherits:
AuthSource show all
Defined in:
app/models/auth_source_ldap.rb

Constant Summary collapse

NETWORK_EXCEPTIONS =
[
  Net::LDAP::Error,
  Errno::ECONNABORTED, Errno::ECONNREFUSED, Errno::ECONNRESET,
  Errno::EHOSTDOWN, Errno::EHOSTUNREACH,
  SocketError
]
LDAP_MODES =
[
  :ldap,
  :ldaps_verify_none,
  :ldaps_verify_peer
]

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from AuthSource

#account_password, #account_password=, #allow_password_changes?, allow_password_changes?, authenticate, search, #visible?

Methods included from Redmine::Ciphering

cipher_key, decrypt_text, encrypt_text, included, logger

Methods included from Redmine::SubclassFactory

included

Methods included from Redmine::SafeAttributes

#delete_unsafe_attributes, included, #safe_attribute?, #safe_attribute_names, #safe_attributes=

Methods inherited from ApplicationRecord

human_attribute_name

Constructor Details

#initialize(attributes = nil, *args) ⇒ AuthSourceLdap

Returns a new instance of AuthSourceLdap.



50
51
52
53
# File 'app/models/auth_source_ldap.rb', line 50

def initialize(attributes=nil, *args)
  super
  self.port = 389 if self.port == 0
end

Class Method Details

.get_attr(entry, attr_name) ⇒ Object



247
248
249
250
251
252
# File 'app/models/auth_source_ldap.rb', line 247

def get_attr(entry, attr_name)
  if attr_name.present?
    value = entry[attr_name].is_a?(Array) ? entry[attr_name].first : entry[attr_name]
    (+value.to_s).force_encoding('UTF-8')
  end
end

Instance Method Details

#auth_method_nameObject



83
84
85
# File 'app/models/auth_source_ldap.rb', line 83

def auth_method_name
  "LDAP"
end

#authenticate(login, password) ⇒ Object



55
56
57
58
59
60
61
62
63
64
65
66
67
# File 'app/models/auth_source_ldap.rb', line 55

def authenticate(, password)
  return nil if .blank? || password.blank?

  with_timeout do
    attrs = get_user_dn(, password)
    if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password)
      logger.debug "Authentication successful for '#{}'" if logger && logger.debug?
      return attrs.except(:dn)
    end
  end
rescue *NETWORK_EXCEPTIONS => e
  raise AuthSourceException.new("#{auth_method_name}: #{e.message}")
end

#ldap_modeObject



113
114
115
116
117
118
119
120
121
122
# File 'app/models/auth_source_ldap.rb', line 113

def ldap_mode
  case
  when tls && verify_peer
    :ldaps_verify_peer
  when tls && !verify_peer
    :ldaps_verify_none
  else
    :ldap
  end
end

#ldap_mode=(ldap_mode) ⇒ Object



124
125
126
127
128
129
130
131
132
133
134
135
136
# File 'app/models/auth_source_ldap.rb', line 124

def ldap_mode=(ldap_mode)
  case ldap_mode.try(:to_sym)
  when :ldaps_verify_peer
    self.tls = true
    self.verify_peer = true
  when :ldaps_verify_none
    self.tls = true
    self.verify_peer = false
  else
    self.tls = false
    self.verify_peer = false
  end
end

#search(q) ⇒ Object

Searches the source for users and returns an array of results



93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
# File 'app/models/auth_source_ldap.rb', line 93

def search(q)
  q = q.to_s.strip
  return [] unless searchable? && q.present?

  results = []
  search_filter = base_filter & Net::LDAP::Filter.begins(self., q)
  ldap_con = initialize_ldap_con(self., self.)
  ldap_con.search(:base => self.base_dn,
                  :filter => search_filter,
                  :attributes => ['dn', self., self.attr_firstname, self.attr_lastname, self.attr_mail],
                  :size => 10) do |entry|
    attrs = get_user_attributes_from_ldap_entry(entry)
    attrs[:login] = AuthSourceLdap.get_attr(entry, self.)
    results << attrs
  end
  results
rescue *NETWORK_EXCEPTIONS => e
  raise AuthSourceException.new("#{auth_method_name}: #{e.message}")
end

#searchable?Boolean

Returns true if this source can be searched for users

Returns:

  • (Boolean)


88
89
90
# File 'app/models/auth_source_ldap.rb', line 88

def searchable?
  !.to_s.include?("$login") && %w(login firstname lastname mail).all? {|a| send(:"attr_#{a}?")}
end

#test_connectionObject

Test the connection to the LDAP



70
71
72
73
74
75
76
77
78
79
80
81
# File 'app/models/auth_source_ldap.rb', line 70

def test_connection
  with_timeout do
    ldap_con = initialize_ldap_con(self., self.)
    ldap_con.open {}
    if self..present? && !self..include?("$login") && self..present?
      ldap_auth = authenticate_dn(self., self.)
      raise AuthSourceException.new(l(:error_ldap_bind_credentials)) unless ldap_auth
    end
  end
rescue *NETWORK_EXCEPTIONS => e
  raise AuthSourceException.new("#{auth_method_name}: #{e.message}")
end