Class: AuthSourceLdap

Inherits:

AuthSource

• Object
• ActiveRecord::Base
• AuthSource
• AuthSourceLdap

Defined in:

app/models/auth_source_ldap.rb

Overview

Since:

• 0.4.0

Constant Summary

NETWORK_EXCEPTIONS =

[
  Net::LDAP::LdapError,
  Errno::ECONNABORTED, Errno::ECONNREFUSED, Errno::ECONNRESET,
  Errno::EHOSTDOWN, Errno::EHOSTUNREACH,
  SocketError
]

Instance Method Summary

• #auth_method_name ⇒ Object
• #authenticate(login, password) ⇒ Object
• #initialize(attributes = nil, *args) ⇒ AuthSourceLdap constructor

  A new instance of AuthSourceLdap.

• #search(q) ⇒ Object

  Searches the source for users and returns an array of results.

• #searchable? ⇒ Boolean

  Returns true if this source can be searched for users.

• #test_connection ⇒ Object

  Test the connection to the LDAP.

Methods inherited from AuthSource

#account_password, #account_password=, #allow_password_changes?, allow_password_changes?, authenticate, search

Methods included from Redmine::Ciphering

cipher_key, decrypt_text, encrypt_text, logger

Constructor Details

#initialize(attributes = nil, *args) ⇒ AuthSourceLdap

Returns a new instance of AuthSourceLdap

Since:

• 1.4.0

# File 'app/models/auth_source_ldap.rb', line 40

def initialize(attributes=nil, *args)
  super
  self.port = 389 if self.port == 0
end

Instance Method Details

#auth_method_name ⇒ Object

# File 'app/models/auth_source_ldap.rb', line 74

def auth_method_name
  "LDAP"
end

#authenticate(login, password) ⇒ Object

# File 'app/models/auth_source_ldap.rb', line 45

def authenticate(login, password)
  return nil if login.blank? || password.blank?

  with_timeout do
    attrs = get_user_dn(login, password)
    if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password)
      logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
      return attrs.except(:dn)
    end
  end
rescue *NETWORK_EXCEPTIONS => e
  raise AuthSourceException.new(e.message)
end

#search(q) ⇒ Object

Searches the source for users and returns an array of results

Since:

• 2.3.0

# File 'app/models/auth_source_ldap.rb', line 84

def search(q)
  q = q.to_s.strip
  return [] unless searchable? && q.present?

  results = []
  search_filter = base_filter & Net::LDAP::Filter.begins(self.attr_login, q)
  ldap_con = initialize_ldap_con(self.account, self.account_password)
  ldap_con.search(:base => self.base_dn,
                  :filter => search_filter,
                  :attributes => ['dn', self.attr_login, self.attr_firstname, self.attr_lastname, self.attr_mail],
                  :size => 10) do |entry|
    attrs = get_user_attributes_from_ldap_entry(entry)
    attrs[:login] = AuthSourceLdap.get_attr(entry, self.attr_login)
    results << attrs
  end
  results
rescue *NETWORK_EXCEPTIONS => e
  raise AuthSourceException.new(e.message)
end

#searchable? ⇒ Boolean

Returns true if this source can be searched for users

Returns:

• (Boolean)

Since:

• 2.3.0

# File 'app/models/auth_source_ldap.rb', line 79

def searchable?
  !account.to_s.include?("$login") && %w(login firstname lastname mail).all? {|a| send("attr_#{a}?")}
end

#test_connection ⇒ Object

Test the connection to the LDAP

# File 'app/models/auth_source_ldap.rb', line 60

def test_connection
  with_timeout do
    ldap_con = initialize_ldap_con(self.account, self.account_password)
    ldap_con.open { }

    if self.account.present? && !self.account.include?("$login") && self.account_password.present?
      ldap_auth = authenticate_dn(self.account, self.account_password)
      raise AuthSourceException.new(l(:error_ldap_bind_credentials)) if !ldap_auth
    end
  end
rescue *NETWORK_EXCEPTIONS => e
  raise AuthSourceException.new(e.message)
end