##// END OF EJS Templates
jro_apps » redmine
RSS
Fix LDAP authentication (#714, broken by r1194)....
Jean-Philippe Lang -
r1185:482d9a4e82ef
parent child
Show More
Side by Side Unified
Context file:
r1185:482d9a4e82ef Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,84 +1,84
1 1 # redMine - project management software
2 2 # Copyright (C) 2006 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 require 'net/ldap'
19 19 require 'iconv'
20 20
21 21 class AuthSourceLdap < AuthSource
22 22 validates_presence_of :host, :port, :attr_login
23 23 validates_presence_of :attr_firstname, :attr_lastname, :attr_mail, :if => Proc.new { |a| a.onthefly_register? }
24 24
25 25 def after_initialize
26 26 self.port = 389 if self.port == 0
27 27 end
28 28
29 29 def authenticate(login, password)
30 30 return nil if login.blank? || password.blank?
31 31 attrs = []
32 32 # get user's DN
33 33 ldap_con = initialize_ldap_con(self.account, self.account_password)
34 34 login_filter = Net::LDAP::Filter.eq( self.attr_login, login )
35 35 object_filter = Net::LDAP::Filter.eq( "objectClass", "*" )
36 36 dn = String.new
37 37 ldap_con.search( :base => self.base_dn,
38 38 :filter => object_filter & login_filter,
39 39 # only ask for the DN if on-the-fly registration is disabled
40 40 :attributes=> (onthefly_register? ? ['dn', self.attr_firstname, self.attr_lastname, self.attr_mail] : ['dn'])) do |entry|
41 41 dn = entry.dn
42 42 attrs = [:firstname => AuthSourceLdap.get_attr(entry, self.attr_firstname),
43 43 :lastname => AuthSourceLdap.get_attr(entry, self.attr_lastname),
44 44 :mail => AuthSourceLdap.get_attr(entry, self.attr_mail),
45 45 :auth_source_id => self.id ] if onthefly_register?
46 46 end
47 47 return nil if dn.empty?
48 48 logger.debug "DN found for #{login}: #{dn}" if logger && logger.debug?
49 49 # authenticate user
50 50 ldap_con = initialize_ldap_con(dn, password)
51 51 return nil unless ldap_con.bind
52 52 # return user's attributes
53 53 logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
54 54 attrs
55 55 rescue Net::LDAP::LdapError => text
56 56 raise "LdapError: " + text
57 57 end
58 58
59 59 # test the connection to the LDAP
60 60 def test_connection
61 61 ldap_con = initialize_ldap_con(self.account, self.account_password)
62 62 ldap_con.open { }
63 63 rescue Net::LDAP::LdapError => text
64 64 raise "LdapError: " + text
65 65 end
66 66
67 67 def auth_method_name
68 68 "LDAP"
69 69 end
70 70
71 71 private
72 72 def initialize_ldap_con(ldap_user, ldap_password)
73 73 options = { :host => self.host,
74 74 :port => self.port,
75 75 :encryption => (self.tls ? :simple_tls : nil)
76 76 }
77 options.merge(:auth => { :method => :simple, :username => ldap_user, :password => ldap_password }) unless ldap_user.blank? && ldap_password.blank?
77 options.merge!(:auth => { :method => :simple, :username => ldap_user, :password => ldap_password }) unless ldap_user.blank? && ldap_password.blank?
78 78 Net::LDAP.new options
79 79 end
80 80
81 81 def self.get_attr(entry, attr_name)
82 82 entry[attr_name].is_a?(Array) ? entry[attr_name].first : entry[attr_name]
83 83 end
84 84 end
General Comments 0
You need to be logged in to leave comments. Login now