| @@ -33,22 +33,9 class AuthSourceLdap < AuthSource | |||||
| 33 |
|
33 | |||
| 34 | def authenticate(login, password) |
|
34 | def authenticate(login, password) | |
| 35 | return nil if login.blank? || password.blank? |
|
35 | return nil if login.blank? || password.blank? | |
| 36 | attrs = [] |
|
36 | attrs = get_user_dn(login) | |
| 37 | # get user's DN |
|
37 | ||
| 38 | ldap_con = initialize_ldap_con(self.account, self.account_password) |
|
38 | if attrs.first && attrs.first[:dn] && authenticate_dn(attrs.first[:dn], password) | |
| 39 | login_filter = Net::LDAP::Filter.eq( self.attr_login, login ) |
|
|||
| 40 | object_filter = Net::LDAP::Filter.eq( "objectClass", "*" ) |
|
|||
| 41 | dn = String.new |
|
|||
| 42 | ldap_con.search( :base => self.base_dn, |
|
|||
| 43 | :filter => object_filter & login_filter, |
|
|||
| 44 | :attributes=> search_attributes) do |entry| |
|
|||
| 45 | dn = entry.dn |
|
|||
| 46 | attrs = get_user_attributes_from_ldap_entry(entry) if onthefly_register? |
|
|||
| 47 | logger.debug "DN found for #{login}: #{dn}" if logger && logger.debug? |
|
|||
| 48 |
|
||||
| 49 | end |
|
|||
| 50 |
|
||||
| 51 | if authenticate_dn(dn, password) |
|
|||
| 52 | logger.debug "Authentication successful for '#{login}'" if logger && logger.debug? |
|
39 | logger.debug "Authentication successful for '#{login}'" if logger && logger.debug? | |
| 53 | return attrs |
|
40 | return attrs | |
| 54 | end |
|
41 | end | |
| @@ -87,6 +74,7 class AuthSourceLdap < AuthSource | |||||
| 87 |
|
74 | |||
| 88 | def get_user_attributes_from_ldap_entry(entry) |
|
75 | def get_user_attributes_from_ldap_entry(entry) | |
| 89 | [ |
|
76 | [ | |
|
|
77 | :dn => entry.dn, | |||
| 90 | :firstname => AuthSourceLdap.get_attr(entry, self.attr_firstname), |
|
78 | :firstname => AuthSourceLdap.get_attr(entry, self.attr_firstname), | |
| 91 | :lastname => AuthSourceLdap.get_attr(entry, self.attr_lastname), |
|
79 | :lastname => AuthSourceLdap.get_attr(entry, self.attr_lastname), | |
| 92 | :mail => AuthSourceLdap.get_attr(entry, self.attr_mail), |
|
80 | :mail => AuthSourceLdap.get_attr(entry, self.attr_mail), | |
| @@ -110,6 +98,29 class AuthSourceLdap < AuthSource | |||||
| 110 | initialize_ldap_con(dn, password).bind |
|
98 | initialize_ldap_con(dn, password).bind | |
| 111 | end |
|
99 | end | |
| 112 | end |
|
100 | end | |
|
|
101 | ||||
|
|
102 | # Get the user's dn and any attributes for them, given their login | |||
|
|
103 | def get_user_dn(login) | |||
|
|
104 | ldap_con = initialize_ldap_con(self.account, self.account_password) | |||
|
|
105 | login_filter = Net::LDAP::Filter.eq( self.attr_login, login ) | |||
|
|
106 | object_filter = Net::LDAP::Filter.eq( "objectClass", "*" ) | |||
|
|
107 | attrs = [] | |||
|
|
108 | ||||
|
|
109 | ldap_con.search( :base => self.base_dn, | |||
|
|
110 | :filter => object_filter & login_filter, | |||
|
|
111 | :attributes=> search_attributes) do |entry| | |||
|
|
112 | ||||
|
|
113 | if onthefly_register? | |||
|
|
114 | attrs = get_user_attributes_from_ldap_entry(entry) | |||
|
|
115 | else | |||
|
|
116 | attrs = [:dn => entry.dn] | |||
|
|
117 | end | |||
|
|
118 | ||||
|
|
119 | logger.debug "DN found for #{login}: #{attrs.first[:dn]}" if logger && logger.debug? | |||
|
|
120 | end | |||
|
|
121 | ||||
|
|
122 | attrs | |||
|
|
123 | end | |||
| 113 |
|
124 | |||
| 114 | def self.get_attr(entry, attr_name) |
|
125 | def self.get_attr(entry, attr_name) | |
| 115 | if !attr_name.blank? |
|
126 | if !attr_name.blank? | |
General Comments 0
You need to be logged in to leave comments.
Login now