Class: AuthSourceLdap

Inherits:
AuthSource
  • Object
show all
Defined in:
app/models/auth_source_ldap.rb

Instance Method Summary collapse

Methods inherited from AuthSource

authenticate, #can_set_password?, #to_label

Methods included from Authorization

#enforce_create_permissions, #enforce_destroy_permissions, #enforce_edit_permissions, #enforce_permissions, included, #permission_failed?

Instance Method Details

#auth_method_nameObject


76
77
78
# File 'app/models/auth_source_ldap.rb', line 76

def auth_method_name
  "LDAP"
end

#authenticate(login, password) ⇒ Object

Loads the LDAP info for a user and authenticates the user with their password Returns : Array of Strings.

Either the users's DN or the user's full details OR nil

34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
# File 'app/models/auth_source_ldap.rb', line 34

def authenticate(, password)
  return nil if .blank? || password.blank?

  logger.debug "LDAP-Auth with User #{effective_user(login)}"
  # first, search for User Entries in LDAP
  entry = search_for_user_entries(, password)
  return nil unless entry.is_a?(Net::LDAP::Entry)

  # extract required attributes
  attrs = required_attributes_values(entry)

  # not sure if there is a case were search result without a DN
  # but just to be on the safe side.
  if (dn=attrs.delete(:dn)).empty?
    logger.warn "no DN"
    return nil
  end

  logger.debug "DN found for #{login}: #{dn}"

  # finally, authenticate user
  ldap_con = initialize_ldap_con(dn, password)
  unless ldap_con.bind
    logger.warn "Result: #{ldap_con.get_operation_result.code}"
    logger.warn "Message: #{ldap_con.get_operation_result.message}"
    logger.warn "Failed to authenticate #{login}"
    return nil
  end
  # return user's attributes
  attrs
rescue Net::LDAP::LdapError => text
  raise "LdapError: %s" % text
end

#test_connectionObject

test the connection to the LDAP


69
70
71
72
73
74
# File 'app/models/auth_source_ldap.rb', line 69

def test_connection
  ldap_con = initialize_ldap_con(self., self.)
  ldap_con.open { }
rescue Net::LDAP::LdapError => text
  raise "LdapError: %s" % text
end