Module: Devise::LDAP::Adapter

Defined in:

lib/devise_ldap_multiple/ldap/adapter.rb

Overview

Establishes connections and interacts with LDAP. Uses Connection objects to do this.

Can interact with these methods in rails

Class Method Summary

• .default_scope ⇒ Object

  The default scope to use if none is specified.

• .delete_ldap_param(login, param, password = nil, scope = default_scope) ⇒ Object

  Deletes the LDAP attribute for an account.

• .expired_valid_credentials?(login, password_plaintext, scope = default_scope) ⇒ Boolean

  Returns true or false depending on if the users credentials have expired or not.

• .get_dn(login, scope = default_scope) ⇒ Object

  Returns the DistinguishedName of an account (regardless of if it exists or not).

• .get_groups(login, scope = default_scope) ⇒ Object

  Returns a list of group memberships for a user.

• .get_ldap_entry(login, scope = default_scope) ⇒ Object

  Returns all attributes for an account from LDAP.

• .get_ldap_param(login, param, scope = default_scope) ⇒ Object

  Get the value of an attribute for an account from LDAP.

• .in_ldap_group?(login, group_name, group_attribute = nil, scope = default_scope) ⇒ Boolean

  Checks if a user is a member of a specific group.

• .ldap_connect(login, scope = default_scope) ⇒ Object

  Creates a new connection to an LDAP database and returns the connection object to run methods against.

• .password_updatable?(login, scope = default_scope) ⇒ Boolean
• .set_ldap_param(login, param, new_value, password = nil, scope = default_scope) ⇒ Object

  Sets an LDAP attribute for an account to a new value.

• .update_own_password(login, new_password, current_password) ⇒ Object

  Also updates the password.

• .update_password(login, new_password, scope = default_scope) ⇒ Object

  Updates a users password in LDAP.

• .user_creatable?(login, scope = default_scope) ⇒ Boolean
• .valid_credentials?(login, password_plaintext, scope = default_scope) ⇒ Boolean

  Tries to authenticate credentails to LDAP.

• .valid_login?(login, scope = default_scope) ⇒ Boolean

  Boolean returned for if an account in the LDAP exists (doesn’t check authentication / authorization): false if a valid match can’t be obtained from ldap.

Class Method Details

.default_scope ⇒ Object

The default scope to use if none is specified

# File 'lib/devise_ldap_multiple/ldap/adapter.rb', line 103

def self.default_scope
  ::Devise.ldap_default_scope
end

.delete_ldap_param(login, param, password = nil, scope = default_scope) ⇒ Object

Deletes the LDAP attribute for an account

# File 'lib/devise_ldap_multiple/ldap/adapter.rb', line 90

def self.delete_ldap_param(login, param, password = nil, scope = default_scope)
  options = { login: login, password: password, scope: scope }
  resource = Devise::LDAP::Connection.new(options)
  resource.delete_param(param)
end

.expired_valid_credentials?(login, password_plaintext, scope = default_scope) ⇒ Boolean

Returns true or false depending on if the users credentials have expired or not

Returns:

• (Boolean)

# File 'lib/devise_ldap_multiple/ldap/adapter.rb', line 54

def self.expired_valid_credentials?(login, password_plaintext, scope = default_scope)
  options = { login: login, password: password_plaintext, scope: scope }
  resource = Devise::LDAP::Connection.new(options)
  resource.expired_valid_credentials?
end

.get_dn(login, scope = default_scope) ⇒ Object

Returns the DistinguishedName of an account (regardless of if it exists or not)

# File 'lib/devise_ldap_multiple/ldap/adapter.rb', line 25

def self.get_dn(login, scope = default_scope)
  self.ldap_connect(login, scope).dn
end

.get_groups(login, scope = default_scope) ⇒ Object

Returns a list of group memberships for a user

# File 'lib/devise_ldap_multiple/ldap/adapter.rb', line 73

def self.get_groups(login, scope = default_scope)
  self.ldap_connect(login, scope).user_groups
end

.get_ldap_entry(login, scope = default_scope) ⇒ Object

Returns all attributes for an account from LDAP

# File 'lib/devise_ldap_multiple/ldap/adapter.rb', line 14

def self.get_ldap_entry(login, scope = default_scope)
  self.ldap_connect(login, scope).search_for_login
end

.get_ldap_param(login, param, scope = default_scope) ⇒ Object

Get the value of an attribute for an account from LDAP

# File 'lib/devise_ldap_multiple/ldap/adapter.rb', line 19

def self.get_ldap_param(login, param, scope = default_scope)
  resource = self.ldap_connect(login, scope)
  resource.ldap_param_value(param)
end

.in_ldap_group?(login, group_name, group_attribute = nil, scope = default_scope) ⇒ Boolean

Checks if a user is a member of a specific group

Returns:

• (Boolean)

# File 'lib/devise_ldap_multiple/ldap/adapter.rb', line 78

def self.in_ldap_group?(login, group_name, group_attribute = nil, scope = default_scope)
  self.ldap_connect(login, scope).in_group?(group_name, group_attribute)
end

.ldap_connect(login, scope = default_scope) ⇒ Object

Creates a new connection to an LDAP database and returns the connection object to run methods against

# File 'lib/devise_ldap_multiple/ldap/adapter.rb', line 97

def self.ldap_connect(login, scope = default_scope)
  options = { login: login, scope: scope }
  Devise::LDAP::Connection.new(options)
end

.password_updatable?(login, scope = default_scope) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/devise_ldap_multiple/ldap/adapter.rb', line 29

def self.password_updatable? (login, scope = default_scope)
  options = { login: login, scope: scope }
  resource = Devise::LDAP::Connection.new(options)
  resource.password_updatable?
end

.set_ldap_param(login, param, new_value, password = nil, scope = default_scope) ⇒ Object

Sets an LDAP attribute for an account to a new value

# File 'lib/devise_ldap_multiple/ldap/adapter.rb', line 83

def self.set_ldap_param(login, param, new_value, password = nil, scope = default_scope)
  options = { login: login, password: password, scope: scope }
  resource = Devise::LDAP::Connection.new(options)
  resource.set_param(param, new_value)
end

.update_own_password(login, new_password, current_password) ⇒ Object

Also updates the password. Unsure what differentiates this from update_password currently.

# File 'lib/devise_ldap_multiple/ldap/adapter.rb', line 68

def self.update_own_password(login, new_password, current_password)
  set_ldap_param(login, :userPassword, new_password, current_password, true)
end

.update_password(login, new_password, scope = default_scope) ⇒ Object

Updates a users password in LDAP

# File 'lib/devise_ldap_multiple/ldap/adapter.rb', line 61

def self.update_password(login, new_password, scope = default_scope)
  options = { login: login, new_password: new_password, scope: scope }
  resource = Devise::LDAP::Connection.new(options)
  resource.change_password! if new_password.present?
end

.user_creatable?(login, scope = default_scope) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/devise_ldap_multiple/ldap/adapter.rb', line 35

def self.user_creatable? (login, scope = default_scope)
  options = { login: login, scope: scope }
  resource = Devise::LDAP::Connection.new(options)
  resource.user_creatable?
end

.valid_credentials?(login, password_plaintext, scope = default_scope) ⇒ Boolean

Tries to authenticate credentails to LDAP. Returns true or false appropriately.

Returns:

• (Boolean)

# File 'lib/devise_ldap_multiple/ldap/adapter.rb', line 47

def self.valid_credentials?(login, password_plaintext, scope = default_scope)
  options = { login: login, password: password_plaintext, scope: scope }
  resource = Devise::LDAP::Connection.new(options)
  resource.authorized?
end

.valid_login?(login, scope = default_scope) ⇒ Boolean

Boolean returned for if an account in the LDAP exists (doesn’t check authentication / authorization): false if a valid match can’t be obtained from ldap.

Returns:

• (Boolean)

# File 'lib/devise_ldap_multiple/ldap/adapter.rb', line 42

def self.valid_login?(login, scope = default_scope)
  self.ldap_connect(login, scope).valid_login?
end