Class: AuthSourceLdap
- Inherits:
-
AuthSource
- Object
- ActiveRecord::Base
- AuthSource
- AuthSourceLdap
- Defined in:
- app/models/auth_source_ldap.rb
Overview
Constant Summary collapse
- NETWORK_EXCEPTIONS =
[ Net::LDAP::LdapError, Errno::ECONNABORTED, Errno::ECONNREFUSED, Errno::ECONNRESET, Errno::EHOSTDOWN, Errno::EHOSTUNREACH, SocketError ]
Instance Method Summary collapse
- #auth_method_name ⇒ Object
- #authenticate(login, password) ⇒ Object
-
#initialize(attributes = nil, *args) ⇒ AuthSourceLdap
constructor
A new instance of AuthSourceLdap.
-
#search(q) ⇒ Object
Searches the source for users and returns an array of results.
-
#searchable? ⇒ Boolean
Returns true if this source can be searched for users.
-
#test_connection ⇒ Object
Test the connection to the LDAP.
Methods inherited from AuthSource
#account_password, #account_password=, #allow_password_changes?, allow_password_changes?, authenticate, search
Methods included from Redmine::Ciphering
cipher_key, decrypt_text, encrypt_text, logger
Methods included from Redmine::SafeAttributes
#delete_unsafe_attributes, #safe_attribute?, #safe_attribute_names, #safe_attributes=
Constructor Details
#initialize(attributes = nil, *args) ⇒ AuthSourceLdap
Returns a new instance of AuthSourceLdap
40 41 42 43 |
# File 'app/models/auth_source_ldap.rb', line 40 def initialize(attributes=nil, *args) super self.port = 389 if self.port == 0 end |
Instance Method Details
#auth_method_name ⇒ Object
74 75 76 |
# File 'app/models/auth_source_ldap.rb', line 74 def auth_method_name "LDAP" end |
#authenticate(login, password) ⇒ Object
45 46 47 48 49 50 51 52 53 54 55 56 57 |
# File 'app/models/auth_source_ldap.rb', line 45 def authenticate(login, password) return nil if login.blank? || password.blank? with_timeout do attrs = get_user_dn(login, password) if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password) logger.debug "Authentication successful for '#{login}'" if logger && logger.debug? return attrs.except(:dn) end end rescue *NETWORK_EXCEPTIONS => e raise AuthSourceException.new(e.) end |
#search(q) ⇒ Object
Searches the source for users and returns an array of results
84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 |
# File 'app/models/auth_source_ldap.rb', line 84 def search(q) q = q.to_s.strip return [] unless searchable? && q.present? results = [] search_filter = base_filter & Net::LDAP::Filter.begins(self.attr_login, q) ldap_con = initialize_ldap_con(self.account, self.account_password) ldap_con.search(:base => self.base_dn, :filter => search_filter, :attributes => ['dn', self.attr_login, self.attr_firstname, self.attr_lastname, self.attr_mail], :size => 10) do |entry| attrs = get_user_attributes_from_ldap_entry(entry) attrs[:login] = AuthSourceLdap.get_attr(entry, self.attr_login) results << attrs end results rescue *NETWORK_EXCEPTIONS => e raise AuthSourceException.new(e.) end |
#searchable? ⇒ Boolean
Returns true if this source can be searched for users
79 80 81 |
# File 'app/models/auth_source_ldap.rb', line 79 def searchable? !account.to_s.include?("$login") && %w(login firstname lastname mail).all? {|a| send("attr_#{a}?")} end |
#test_connection ⇒ Object
Test the connection to the LDAP
60 61 62 63 64 65 66 67 68 69 70 71 72 |
# File 'app/models/auth_source_ldap.rb', line 60 def test_connection with_timeout do ldap_con = initialize_ldap_con(self.account, self.account_password) ldap_con.open { } if self.account.present? && !self.account.include?("$login") && self.account_password.present? ldap_auth = authenticate_dn(self.account, self.account_password) raise AuthSourceException.new(l(:error_ldap_bind_credentials)) if !ldap_auth end end rescue *NETWORK_EXCEPTIONS => e raise AuthSourceException.new(e.) end |