Class: Net::LDAP::AuthAdapers::GSS_SPNEGO

Inherits:

Net::LDAP::AuthAdapter

Object
Net::LDAP::AuthAdapter
Net::LDAP::AuthAdapers::GSS_SPNEGO

Defined in:: lib/net/ldap/auth_adapter/gss_spnego.rb

Overview

– PROVISIONAL, only for testing SASL implementations. DON’T USE THIS YET. Uses Kohei Kajimoto’s Ruby/NTLM. We have to find a clean way to integrate it without introducing an external dependency.

This authentication method is accessed by calling #bind with a :method parameter of :gss_spnego. It requires :username and :password attributes, just like the :simple authentication method. It performs a GSS-SPNEGO authentication with the server, which is presumed to be a Microsoft Active Directory. ++

Instance Method Summary collapse

#bind(auth) ⇒ Object

Methods inherited from Net::LDAP::AuthAdapter

[], #initialize, register

Constructor Details

This class inherits a constructor from Net::LDAP::AuthAdapter

Instance Method Details

#bind(auth) ⇒ `Object`

Raises:

(Net::LDAP::BindingInformationInvalidError)

# File 'lib/net/ldap/auth_adapter/gss_spnego.rb', line 19

def bind(auth)
  require 'ntlm'

  user, psw = [auth[:username] || auth[:dn], auth[:password]]
  raise Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless (user && psw)

  nego = proc do |challenge|
    t2_msg = NTLM::Message.parse(challenge)
    t3_msg = t2_msg.response({ :user => user, :password => psw },
                             { :ntlmv2 => true })
    t3_msg.serialize
  end

  Net::LDAP::AuthAdapter::Sasl.new(@connection).bind \
    :method             => :sasl,
    :mechanism          => "GSS-SPNEGO",
    :initial_credential => NTLM::Message::Type1.new.serialize,
    :challenge_response => nego
end