Module: ADMapper::User::ClassMethods

Defined in:

lib/admapper/user.rb

Instance Attribute Summary

• #group_class ⇒ Object

  Returns the value of attribute group_class.

Instance Method Summary

• #ad_query_by_username(username) ⇒ Object

  find a user in AD by the given userame.

• #authenticate_with_active_directory(username, password) ⇒ Object

  Authenticating users: Don’t do this.

• #find_in_ad_by_username(username) ⇒ Object

  Find a user in AD by the given username Calls #map_user_from_ad on the returned results so you can manage it yourself.

• #set_group_class(group_class) ⇒ Object

Instance Attribute Details

#group_class ⇒ Object

Returns the value of attribute group_class.

# File 'lib/admapper/user.rb', line 110

def group_class
  @group_class
end

Instance Method Details

#ad_query_by_username(username) ⇒ Object

find a user in AD by the given userame. Connects if not connected Returns an AD object

# File 'lib/admapper/user.rb', line 150

def ad_query_by_username(username)

  user = nil
  search_filter = Net::LDAP::Filter.eq( "sAMAccountName", username ) 
     ad_connection = ADMapper::Connection.current_connection
     ad_connection.search(:base => ADMapper::Connection.treebase,
                            :filter => search_filter, 
                            :attributes => ['dn','sAMAccountName','displayname','SN','givenName']) do |ad_user|      
      user = ad_user
  end
  user
end

#authenticate_with_active_directory(username, password) ⇒ Object

Authenticating users: Don’t do this. Taking someone’s password and passing it on to Active Directory is just stupid. Use CAS, Shibboleth, or something else that prevents your app from ever seeing a user’s password. If you insist on doing this, use SSL, filter the password out of your logs, and pray. This will let you do what you want

User.authenticate_with_active_directory("homer", "1234")

It’ll return true or false. It won’t return a user. I assume you’ll be wrapping this call in something else that will fetch the user object from your local DB.

# File 'lib/admapper/user.rb', line 126

def authenticate_with_active_directory(username, password)
  auth_ldap = ADMapper::Connection.current_connection.dup.bind_as(
   :filter => Net::LDAP::Filter.eq( "sAMAccountName", username ),
   :base => ADMapper::Connection.treebase,
   :password => password
  )

end

#find_in_ad_by_username(username) ⇒ Object

Find a user in AD by the given username Calls #map_user_from_ad on the returned results so you can manage it yourself.

# File 'lib/admapper/user.rb', line 138

def find_in_ad_by_username(username)
  ad_user = ad_query_by_username(username)
  return nil if ad_user.nil?
  
  user = self.new
  user.map_user_from_ad(ad_user)
  user
end

#set_group_class(group_class) ⇒ Object

# File 'lib/admapper/user.rb', line 112

def set_group_class(group_class)
  self.group_class = group_class
end