Class: LDAPAuth

Inherits:
Object
  • Object
show all
Defined in:
backend/app/model/ldapauth.rb

Instance Method Summary collapse

Constructor Details

#initialize(definition) ⇒ LDAPAuth

Returns a new instance of LDAPAuth.



11
12
13
14
15
16
17
18
19
20
21
22
23
 
# File 'backend/app/model/ldapauth.rb', line 11

def initialize(definition)
  required = [:hostname, :port, :base_dn, :username_attribute, :attribute_map]
  optional = [:bind_dn, :bind_password, :encryption, :extra_filter]

  required.each do |param|
    raise "LDAPAuth: Need a value for parameter :#{param}" if !definition[param]
    instance_variable_set("@#{param}", definition[param])
  end

  optional.each do |param|
    instance_variable_set("@#{param}", definition[param])
  end
end

Instance Method Details

#authenticate(username, password) ⇒ Object 



72
73
74
75
76
77
78
79
80
81
82
83
84
 
# File 'backend/app/model/ldapauth.rb', line 72

def authenticate(username, password)
  bind

  user = find_user(username.downcase)

  if user && bind_as_dn(user.dn, password)
    attributes = Hash[@attribute_map.map {|ldap_attribute, aspace_attribute|
                        [aspace_attribute, user[ldap_attribute].first]
                      }]

    JSONModel(:user).from_hash(attributes.merge(:username => username))
  end
end

#bindObject 



31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'backend/app/model/ldapauth.rb', line 31

def bind
  conn = Net::LDAP.new.tap do |conn|
    conn.host = @hostname
    conn.port = @port

    conn.auth(@bind_dn, @bind_password) if @bind_dn
    conn.encryption(@encryption) if @encryption
  end


  if conn.bind
    @connection = conn
  else
    msg = "Failed when binding to LDAP directory:\n\n#{self.inspect}\n\n"
    msg += "Error: #{conn.get_operation_result.message} (code = #{conn.get_operation_result.code})"
    raise LDAPException.new(msg)
  end
end

#bind_as_dn(user_dn, password) ⇒ Object 



51
52
53
54
55
56
57
58
 
# File 'backend/app/model/ldapauth.rb', line 51

def bind_as_dn(user_dn, password)
  # Some LDAP servers treat a blank password as an anonymous bind.  Avoid
  # confusion by automatically rejecting auth attempts with a blank password.
  return nil if password.to_s.empty?

  @connection.auth(user_dn, password)
  @connection.bind
end

#find_user(username) ⇒ Object 



61
62
63
64
65
66
67
68
69
 
# File 'backend/app/model/ldapauth.rb', line 61

def find_user(username)
  filter = Net::LDAP::Filter.eq(@username_attribute, username)

  if @extra_filter
    filter = Net::LDAP::Filter.join(Net::LDAP::Filter.construct(@extra_filter), filter)
  end

  @connection.search(:base => @base_dn, :filter => filter).first
end

#matching_usernames(query) ⇒ Object 



87
88
89
90
91
92
93
94
95
 
# File 'backend/app/model/ldapauth.rb', line 87

def matching_usernames(query)
  bind

  filter = Net::LDAP::Filter.begins(@username_attribute, query)

  @connection.search(:base => @base_dn, :filter => filter).map {|entry|
    entry[@username_attribute].first
  }[0..AppConfig[:max_usernames_per_source].to_i]
end

#nameObject 



26
27
28
 
# File 'backend/app/model/ldapauth.rb', line 26

def name
  "LDAPAuth - #{@hostname}:#{@port}"
end