Class: AuthSourceLdap

Inherits:
AuthSource
  • Object
show all
Defined in:
app/models/auth_source_ldap.rb

Overview

Since:

  • 0.4.0

Constant Summary collapse

NETWORK_EXCEPTIONS =
[
  Net::LDAP::LdapError,
  Errno::ECONNABORTED, Errno::ECONNREFUSED, Errno::ECONNRESET,
  Errno::EHOSTDOWN, Errno::EHOSTUNREACH,
  SocketError
]

Instance Method Summary collapse

Methods inherited from AuthSource

#account_password, #account_password=, #allow_password_changes?, allow_password_changes?, authenticate, search

Methods included from Redmine::Ciphering

cipher_key, decrypt_text, encrypt_text, logger

Constructor Details

#initialize(attributes = nil, *args) ⇒ AuthSourceLdap

Returns a new instance of AuthSourceLdap

Since:

  • 1.4.0



40
41
42
43
# File 'app/models/auth_source_ldap.rb', line 40

def initialize(attributes=nil, *args)
  super
  self.port = 389 if self.port == 0
end

Instance Method Details

#auth_method_nameObject



74
75
76
# File 'app/models/auth_source_ldap.rb', line 74

def auth_method_name
  "LDAP"
end

#authenticate(login, password) ⇒ Object



45
46
47
48
49
50
51
52
53
54
55
56
57
# File 'app/models/auth_source_ldap.rb', line 45

def authenticate(, password)
  return nil if .blank? || password.blank?

  with_timeout do
    attrs = get_user_dn(, password)
    if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password)
      logger.debug "Authentication successful for '#{}'" if logger && logger.debug?
      return attrs.except(:dn)
    end
  end
rescue *NETWORK_EXCEPTIONS => e
  raise AuthSourceException.new(e.message)
end

#search(q) ⇒ Object

Searches the source for users and returns an array of results

Since:

  • 2.3.0



84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
# File 'app/models/auth_source_ldap.rb', line 84

def search(q)
  q = q.to_s.strip
  return [] unless searchable? && q.present?

  results = []
  search_filter = base_filter & Net::LDAP::Filter.begins(self., q)
  ldap_con = initialize_ldap_con(self., self.)
  ldap_con.search(:base => self.base_dn,
                  :filter => search_filter,
                  :attributes => ['dn', self., self.attr_firstname, self.attr_lastname, self.attr_mail],
                  :size => 10) do |entry|
    attrs = get_user_attributes_from_ldap_entry(entry)
    attrs[:login] = AuthSourceLdap.get_attr(entry, self.)
    results << attrs
  end
  results
rescue *NETWORK_EXCEPTIONS => e
  raise AuthSourceException.new(e.message)
end

#searchable?Boolean

Returns true if this source can be searched for users

Returns:

  • (Boolean)

Since:

  • 2.3.0



79
80
81
# File 'app/models/auth_source_ldap.rb', line 79

def searchable?
  !.to_s.include?("$login") && %w(login firstname lastname mail).all? {|a| send("attr_#{a}?")}
end

#test_connectionObject

Test the connection to the LDAP



60
61
62
63
64
65
66
67
68
69
70
71
72
# File 'app/models/auth_source_ldap.rb', line 60

def test_connection
  with_timeout do
    ldap_con = initialize_ldap_con(self., self.)
    ldap_con.open { }

    if self..present? && !self..include?("$login") && self..present?
      ldap_auth = authenticate_dn(self., self.)
      raise AuthSourceException.new(l(:error_ldap_bind_credentials)) if !ldap_auth
    end
  end
rescue *NETWORK_EXCEPTIONS => e
  raise AuthSourceException.new(e.message)
end