Class: AuthSourceLdap
- Inherits:
-
AuthSource
- Object
- ActiveRecord::Base
- ApplicationRecord
- AuthSource
- AuthSourceLdap
- Defined in:
- app/models/auth_source_ldap.rb
Constant Summary collapse
- NETWORK_EXCEPTIONS =
[ Net::LDAP::Error, Errno::ECONNABORTED, Errno::ECONNREFUSED, Errno::ECONNRESET, Errno::EHOSTDOWN, Errno::EHOSTUNREACH, SocketError ]
- LDAP_MODES =
[ :ldap, :ldaps_verify_none, :ldaps_verify_peer ]
Class Method Summary collapse
Instance Method Summary collapse
- #auth_method_name ⇒ Object
- #authenticate(login, password) ⇒ Object
-
#initialize(attributes = nil, *args) ⇒ AuthSourceLdap
constructor
A new instance of AuthSourceLdap.
- #ldap_mode ⇒ Object
- #ldap_mode=(ldap_mode) ⇒ Object
-
#search(q) ⇒ Object
Searches the source for users and returns an array of results.
-
#searchable? ⇒ Boolean
Returns true if this source can be searched for users.
-
#test_connection ⇒ Object
Test the connection to the LDAP.
Methods inherited from AuthSource
#account_password, #account_password=, #allow_password_changes?, allow_password_changes?, authenticate, search, #visible?
Methods included from Redmine::Ciphering
cipher_key, decrypt_text, encrypt_text, included, logger
Methods included from Redmine::SubclassFactory
Methods included from Redmine::SafeAttributes
#delete_unsafe_attributes, included, #safe_attribute?, #safe_attribute_names, #safe_attributes=
Methods inherited from ApplicationRecord
Constructor Details
#initialize(attributes = nil, *args) ⇒ AuthSourceLdap
Returns a new instance of AuthSourceLdap.
50 51 52 53 |
# File 'app/models/auth_source_ldap.rb', line 50 def initialize(attributes=nil, *args) super self.port = 389 if self.port == 0 end |
Class Method Details
.get_attr(entry, attr_name) ⇒ Object
247 248 249 250 251 252 |
# File 'app/models/auth_source_ldap.rb', line 247 def get_attr(entry, attr_name) if attr_name.present? value = entry[attr_name].is_a?(Array) ? entry[attr_name].first : entry[attr_name] (+value.to_s).force_encoding('UTF-8') end end |
Instance Method Details
#auth_method_name ⇒ Object
83 84 85 |
# File 'app/models/auth_source_ldap.rb', line 83 def auth_method_name "LDAP" end |
#authenticate(login, password) ⇒ Object
55 56 57 58 59 60 61 62 63 64 65 66 67 |
# File 'app/models/auth_source_ldap.rb', line 55 def authenticate(login, password) return nil if login.blank? || password.blank? with_timeout do attrs = get_user_dn(login, password) if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password) logger.debug "Authentication successful for '#{login}'" if logger && logger.debug? return attrs.except(:dn) end end rescue *NETWORK_EXCEPTIONS => e raise AuthSourceException.new("#{auth_method_name}: #{e.}") end |
#ldap_mode ⇒ Object
113 114 115 116 117 118 119 120 121 122 |
# File 'app/models/auth_source_ldap.rb', line 113 def ldap_mode case when tls && verify_peer :ldaps_verify_peer when tls && !verify_peer :ldaps_verify_none else :ldap end end |
#ldap_mode=(ldap_mode) ⇒ Object
124 125 126 127 128 129 130 131 132 133 134 135 136 |
# File 'app/models/auth_source_ldap.rb', line 124 def ldap_mode=(ldap_mode) case ldap_mode.try(:to_sym) when :ldaps_verify_peer self.tls = true self.verify_peer = true when :ldaps_verify_none self.tls = true self.verify_peer = false else self.tls = false self.verify_peer = false end end |
#search(q) ⇒ Object
Searches the source for users and returns an array of results
93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 |
# File 'app/models/auth_source_ldap.rb', line 93 def search(q) q = q.to_s.strip return [] unless searchable? && q.present? results = [] search_filter = base_filter & Net::LDAP::Filter.begins(self.attr_login, q) ldap_con = initialize_ldap_con(self.account, self.account_password) ldap_con.search(:base => self.base_dn, :filter => search_filter, :attributes => ['dn', self.attr_login, self.attr_firstname, self.attr_lastname, self.attr_mail], :size => 10) do |entry| attrs = get_user_attributes_from_ldap_entry(entry) attrs[:login] = AuthSourceLdap.get_attr(entry, self.attr_login) results << attrs end results rescue *NETWORK_EXCEPTIONS => e raise AuthSourceException.new("#{auth_method_name}: #{e.}") end |
#searchable? ⇒ Boolean
Returns true if this source can be searched for users
88 89 90 |
# File 'app/models/auth_source_ldap.rb', line 88 def searchable? !account.to_s.include?("$login") && %w(login firstname lastname mail).all? {|a| send(:"attr_#{a}?")} end |
#test_connection ⇒ Object
Test the connection to the LDAP
70 71 72 73 74 75 76 77 78 79 80 81 |
# File 'app/models/auth_source_ldap.rb', line 70 def test_connection with_timeout do ldap_con = initialize_ldap_con(self.account, self.account_password) ldap_con.open {} if self.account.present? && !self.account.include?("$login") && self.account_password.present? ldap_auth = authenticate_dn(self.account, self.account_password) raise AuthSourceException.new(l(:error_ldap_bind_credentials)) unless ldap_auth end end rescue *NETWORK_EXCEPTIONS => e raise AuthSourceException.new("#{auth_method_name}: #{e.}") end |