Class: AuthSourceLdap

Inherits:
AuthSource
  • Object
show all
Defined in:
app/models/auth_source_ldap.rb

Overview

Since:

  • 0.4.0

Constant Summary collapse

NETWORK_EXCEPTIONS = 
[
  Net::LDAP::Error,
  Errno::ECONNABORTED, Errno::ECONNREFUSED, Errno::ECONNRESET,
  Errno::EHOSTDOWN, Errno::EHOSTUNREACH,
  SocketError
]
LDAP_MODES = 
[
  :ldap,
  :ldaps_verify_none,
  :ldaps_verify_peer
]

Instance Method Summary collapse

Methods inherited from AuthSource

#account_password, #account_password=, #allow_password_changes?, allow_password_changes?, authenticate, search

Methods included from Redmine::Ciphering

cipher_key, decrypt_text, encrypt_text, logger

Methods included from Redmine::SafeAttributes

#delete_unsafe_attributes, #safe_attribute?, #safe_attribute_names, #safe_attributes=

Constructor Details

#initialize(attributes = nil, *args) ⇒ AuthSourceLdap

Returns a new instance of AuthSourceLdap

Since:

  • 1.4.0



48
49
50
51
 
# File 'app/models/auth_source_ldap.rb', line 48

def initialize(attributes=nil, *args)
  super
  self.port = 389 if self.port == 0
end

Instance Method Details

#auth_method_nameObject 



82
83
84
 
# File 'app/models/auth_source_ldap.rb', line 82

def auth_method_name
  "LDAP"
end

#authenticate(login, password) ⇒ Object 



53
54
55
56
57
58
59
60
61
62
63
64
65
 
# File 'app/models/auth_source_ldap.rb', line 53

def authenticate(, password)
  return nil if .blank? || password.blank?

  with_timeout do
    attrs = get_user_dn(, password)
    if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password)
      logger.debug "Authentication successful for '#{}'" if logger && logger.debug?
      return attrs.except(:dn)
    end
  end
rescue *NETWORK_EXCEPTIONS => e
  raise AuthSourceException.new(e.message)
end

#ldap_modeObject

Since:

  • 4.0.0



112
113
114
115
116
117
118
119
120
121
 
# File 'app/models/auth_source_ldap.rb', line 112

def ldap_mode
  case
  when tls && verify_peer
    :ldaps_verify_peer
  when tls && !verify_peer
    :ldaps_verify_none
  else
    :ldap
  end
end

#ldap_mode=(ldap_mode) ⇒ Object

Since:

  • 4.0.0



123
124
125
126
127
128
129
130
131
132
133
134
135
 
# File 'app/models/auth_source_ldap.rb', line 123

def ldap_mode=(ldap_mode)
  case ldap_mode.try(:to_sym)
  when :ldaps_verify_peer
    self.tls = true
    self.verify_peer = true
  when :ldaps_verify_none
    self.tls = true
    self.verify_peer = false
  else
    self.tls = false
    self.verify_peer = false
  end
end

#search(q) ⇒ Object

Searches the source for users and returns an array of results

Since:

  • 2.3.0



92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
 
# File 'app/models/auth_source_ldap.rb', line 92

def search(q)
  q = q.to_s.strip
  return [] unless searchable? && q.present?

  results = []
  search_filter = base_filter & Net::LDAP::Filter.begins(self., q)
  ldap_con = initialize_ldap_con(self., self.)
  ldap_con.search(:base => self.base_dn,
                  :filter => search_filter,
                  :attributes => ['dn', self., self.attr_firstname, self.attr_lastname, self.attr_mail],
                  :size => 10) do |entry|
    attrs = get_user_attributes_from_ldap_entry(entry)
    attrs[:login] = AuthSourceLdap.get_attr(entry, self.)
    results << attrs
  end
  results
rescue *NETWORK_EXCEPTIONS => e
  raise AuthSourceException.new(e.message)
end

#searchable?Boolean

Returns true if this source can be searched for users

Returns:

  • (Boolean)

Since:

  • 2.3.0



87
88
89
 
# File 'app/models/auth_source_ldap.rb', line 87

def searchable?
  !.to_s.include?("$login") && %w(login firstname lastname mail).all? {|a| send("attr_#{a}?")}
end

#test_connectionObject

Test the connection to the LDAP



68
69
70
71
72
73
74
75
76
77
78
79
80
 
# File 'app/models/auth_source_ldap.rb', line 68

def test_connection
  with_timeout do
    ldap_con = initialize_ldap_con(self., self.)
    ldap_con.open { }

    if self..present? && !self..include?("$login") && self..present?
      ldap_auth = authenticate_dn(self., self.)
      raise AuthSourceException.new(l(:error_ldap_bind_credentials)) if !ldap_auth
    end
  end
rescue *NETWORK_EXCEPTIONS => e
  raise AuthSourceException.new(e.message)
end