jro_apps/redmine Files · app/models/auth_source_ldap.rb

Fixed: Atom feeds leak email address (#3408)....

Fixed: Atom feeds leak email address (#3408). git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2763 e93f8b46-1217-0410-a6f0-8f06a7374b81

Jean-Philippe Lang - - Load All Authors

File last commit:

r2054:c54f15e35f37


                r2664:9c630cc2b723

Download file

             auth_source_ldap.rb
        
                    98 lines
            
             | 3.8 KiB
            
                | text/x-ruby
            
             |
                RubyLexer
            
             / app / models / auth_source_ldap.rb
          
                    History
                
                 |
                  Source
                 | Raw
                 |Copy content
                 |Copy permalink

        Jean-Philippe Lang
    
added svn:eol-style native property on /app files...

              r330
            
      # redMine - project management software

      # Copyright (C) 2006  Jean-Philippe Lang

      #

      # This program is free software; you can redistribute it and/or

      # modify it under the terms of the GNU General Public License

      # as published by the Free Software Foundation; either version 2

      # of the License, or (at your option) any later version.

      # 

      # This program is distributed in the hope that it will be useful,

      # but WITHOUT ANY WARRANTY; without even the implied warranty of

      # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

      # GNU General Public License for more details.

      # 

      # You should have received a copy of the GNU General Public License

      # along with this program; if not, write to the Free Software

      # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

      require 'net/ldap'

      require 'iconv'

      class AuthSourceLdap < AuthSource 

        validates_presence_of :host, :port, :attr_login

        Jean-Philippe Lang
    
Improved on-the-fly account creation. If some attributes are missing (eg. not present in the LDAP) or are invalid, the registration form is displayed so that the user is able to fill or fix these attributes....

              r1661
            
        validates_length_of :name, :host, :account_password, :maximum => 60, :allow_nil => true

        validates_length_of :account, :base_dn, :maximum => 255, :allow_nil => true

        validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :maximum => 30, :allow_nil => true

        validates_numericality_of :port, :only_integer => true

        Jean-Philippe Lang
    
Firstname, lastname and email LDAP attributes are now required if "on-the-fly register" is checked....

              r628
            
        Jean-Philippe Lang
    
Strip LDAP attribute names before saving (#1890)....

              r1892
            
        before_validation :strip_ldap_attributes

        Jean-Philippe Lang
    
added svn:eol-style native property on /app files...

              r330
            
        def after_initialize

          self.port = 389 if self.port == 0

        end

        def authenticate(login, password)

        Jean-Philippe Lang
    
Fixed: LDAP authentication without password may be possible (#714)....

              r1155
            
          return nil if login.blank? || password.blank?

        Jean-Philippe Lang
    
added svn:eol-style native property on /app files...

              r330
            
          attrs = []

          # get user's DN

          ldap_con = initialize_ldap_con(self.account, self.account_password)

          login_filter = Net::LDAP::Filter.eq( self.attr_login, login ) 

          object_filter = Net::LDAP::Filter.eq( "objectClass", "*" ) 

          dn = String.new

          ldap_con.search( :base => self.base_dn, 

                           :filter => object_filter & login_filter, 

        Jean-Philippe Lang
    
LDAP authentication: only ask for the user's DN if on-the-fly registration is disabled...

              r869
            
                           # only ask for the DN if on-the-fly registration is disabled

                           :attributes=> (onthefly_register? ? ['dn', self.attr_firstname, self.attr_lastname, self.attr_mail] : ['dn'])) do |entry|

        Jean-Philippe Lang
    
added svn:eol-style native property on /app files...

              r330
            
            dn = entry.dn

            attrs = [:firstname => AuthSourceLdap.get_attr(entry, self.attr_firstname),

                     :lastname => AuthSourceLdap.get_attr(entry, self.attr_lastname),

                     :mail => AuthSourceLdap.get_attr(entry, self.attr_mail),

        Jean-Philippe Lang
    
Fixed: LDAP authentication crashes if one of the LDAP attributes name is left blank on the LDAP setup screen....

              r841
            
                     :auth_source_id => self.id ] if onthefly_register?

        Jean-Philippe Lang
    
added svn:eol-style native property on /app files...

              r330
            
          end

          return nil if dn.empty?

          logger.debug "DN found for #{login}: #{dn}" if logger && logger.debug?

          # authenticate user

          ldap_con = initialize_ldap_con(dn, password)

          return nil unless ldap_con.bind

          # return user's attributes

          logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?

          attrs    

        rescue  Net::LDAP::LdapError => text

          raise "LdapError: " + text

        end

        # test the connection to the LDAP

        def test_connection

          ldap_con = initialize_ldap_con(self.account, self.account_password)

          ldap_con.open { }

        rescue  Net::LDAP::LdapError => text

          raise "LdapError: " + text

        end

        def auth_method_name

          "LDAP"

        end

        Jean-Philippe Lang
    
Strip LDAP attribute names before saving (#1890)....

              r1892
            
        private

        def strip_ldap_attributes

          [:attr_login, :attr_firstname, :attr_lastname, :attr_mail].each do |attr|

            write_attribute(attr, read_attribute(attr).strip) unless read_attribute(attr).nil?

          end

        end

        Jean-Philippe Lang
    
added svn:eol-style native property on /app files...

              r330
            
        def initialize_ldap_con(ldap_user, ldap_password)

        Jean-Philippe Lang
    
Fixed "LdapError: invalid binding information" when no username/password are set on the LDAP account (#764)....

              r1180
            
          options = { :host => self.host,

                      :port => self.port,

                      :encryption => (self.tls ? :simple_tls : nil)

                    }

        Jean-Philippe Lang
    
Fix LDAP authentication (#714, broken by r1194)....

              r1185
            
          options.merge!(:auth => { :method => :simple, :username => ldap_user, :password => ldap_password }) unless ldap_user.blank? && ldap_password.blank?

        Jean-Philippe Lang
    
Fixed "LdapError: invalid binding information" when no username/password are set on the LDAP account (#764)....

              r1180
            
          Net::LDAP.new options

        Jean-Philippe Lang
    
added svn:eol-style native property on /app files...

              r330
            
        end

        def self.get_attr(entry, attr_name)

        Jean-Philippe Lang
    
Do not request blank LDAP attributes....

              r2054
            
          if !attr_name.blank?

            entry[attr_name].is_a?(Array) ? entry[attr_name].first : entry[attr_name]

          end

        Jean-Philippe Lang
    
0.3 unstable...

              r10
            
        end

      end

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

Jean-Philippe Lang added svn:eol-style native property on /app files...	r330	# redMine - project management software
		# Copyright (C) 2006 Jean-Philippe Lang
		#
		# This program is free software; you can redistribute it and/or
		# modify it under the terms of the GNU General Public License
		# as published by the Free Software Foundation; either version 2
		# of the License, or (at your option) any later version.
		#
		# This program is distributed in the hope that it will be useful,
		# but WITHOUT ANY WARRANTY; without even the implied warranty of
		# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
		# GNU General Public License for more details.
		#
		# You should have received a copy of the GNU General Public License
		# along with this program; if not, write to the Free Software
		# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

		require 'net/ldap'
		require 'iconv'

		class AuthSourceLdap < AuthSource
		validates_presence_of :host, :port, :attr_login
Jean-Philippe Lang Improved on-the-fly account creation. If some attributes are missing (eg. not present in the LDAP) or are invalid, the registration form is displayed so that the user is able to fill or fix these attributes....	r1661	validates_length_of :name, :host, :account_password, :maximum => 60, :allow_nil => true
		validates_length_of :account, :base_dn, :maximum => 255, :allow_nil => true
		validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :maximum => 30, :allow_nil => true
		validates_numericality_of :port, :only_integer => true
Jean-Philippe Lang Firstname, lastname and email LDAP attributes are now required if "on-the-fly register" is checked....	r628
Jean-Philippe Lang Strip LDAP attribute names before saving (#1890)....	r1892	before_validation :strip_ldap_attributes

Jean-Philippe Lang added svn:eol-style native property on /app files...	r330	def after_initialize
		self.port = 389 if self.port == 0
		end

		def authenticate(login, password)
Jean-Philippe Lang Fixed: LDAP authentication without password may be possible (#714)....	r1155	return nil if login.blank? \|\| password.blank?
Jean-Philippe Lang added svn:eol-style native property on /app files...	r330	attrs = []
		# get user's DN
		ldap_con = initialize_ldap_con(self.account, self.account_password)
		login_filter = Net::LDAP::Filter.eq( self.attr_login, login )
		object_filter = Net::LDAP::Filter.eq( "objectClass", "*" )
		dn = String.new
		ldap_con.search( :base => self.base_dn,
		:filter => object_filter & login_filter,
Jean-Philippe Lang LDAP authentication: only ask for the user's DN if on-the-fly registration is disabled...	r869	# only ask for the DN if on-the-fly registration is disabled
		:attributes=> (onthefly_register? ? ['dn', self.attr_firstname, self.attr_lastname, self.attr_mail] : ['dn'])) do \|entry\|
Jean-Philippe Lang added svn:eol-style native property on /app files...	r330	dn = entry.dn
		attrs = [:firstname => AuthSourceLdap.get_attr(entry, self.attr_firstname),
		:lastname => AuthSourceLdap.get_attr(entry, self.attr_lastname),
		:mail => AuthSourceLdap.get_attr(entry, self.attr_mail),
Jean-Philippe Lang Fixed: LDAP authentication crashes if one of the LDAP attributes name is left blank on the LDAP setup screen....	r841	:auth_source_id => self.id ] if onthefly_register?
Jean-Philippe Lang added svn:eol-style native property on /app files...	r330	end
		return nil if dn.empty?
		logger.debug "DN found for #{login}: #{dn}" if logger && logger.debug?
		# authenticate user
		ldap_con = initialize_ldap_con(dn, password)
		return nil unless ldap_con.bind
		# return user's attributes
		logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
		attrs
		rescue Net::LDAP::LdapError => text
		raise "LdapError: " + text
		end

		# test the connection to the LDAP
		def test_connection
		ldap_con = initialize_ldap_con(self.account, self.account_password)
		ldap_con.open { }
		rescue Net::LDAP::LdapError => text
		raise "LdapError: " + text
		end

		def auth_method_name
		"LDAP"
		end

Jean-Philippe Lang Strip LDAP attribute names before saving (#1890)....	r1892	private

		def strip_ldap_attributes
		[:attr_login, :attr_firstname, :attr_lastname, :attr_mail].each do \|attr\|
		write_attribute(attr, read_attribute(attr).strip) unless read_attribute(attr).nil?
		end
		end

Jean-Philippe Lang added svn:eol-style native property on /app files...	r330	def initialize_ldap_con(ldap_user, ldap_password)
Jean-Philippe Lang Fixed "LdapError: invalid binding information" when no username/password are set on the LDAP account (#764)....	r1180	options = { :host => self.host,
		:port => self.port,
		:encryption => (self.tls ? :simple_tls : nil)
		}
Jean-Philippe Lang Fix LDAP authentication (#714, broken by r1194)....	r1185	options.merge!(:auth => { :method => :simple, :username => ldap_user, :password => ldap_password }) unless ldap_user.blank? && ldap_password.blank?
Jean-Philippe Lang Fixed "LdapError: invalid binding information" when no username/password are set on the LDAP account (#764)....	r1180	Net::LDAP.new options
Jean-Philippe Lang added svn:eol-style native property on /app files...	r330	end

		def self.get_attr(entry, attr_name)
Jean-Philippe Lang Do not request blank LDAP attributes....	r2054	if !attr_name.blank?
		entry[attr_name].is_a?(Array) ? entry[attr_name].first : entry[attr_name]
		end
Jean-Philippe Lang 0.3 unstable...	r10	end
		end