Class: OmniAuth::LDAP::Adaptor

Inherits:

Object

• Object
• OmniAuth::LDAP::Adaptor

Defined in:

lib/omniauth-ldap/adaptor.rb

Defined Under Namespace

Classes: AuthenticationError, ConfigurationError, ConnectionError, LdapError

Constant Summary

VALID_ADAPTER_CONFIGURATION_KEYS =

[
  :hosts, :host, :port, :encryption, :disable_verify_certificates, :bind_dn, :password, :try_sasl,
  :sasl_mechanisms, :uid, :base, :allow_anonymous, :filter, :ca_file, :ssl_version,

  # Deprecated
  :method
]

MUST_HAVE_KEYS =

A list of needed keys. Possible alternatives are specified using sub-lists.

[
  :base,
  [:encryption, :method], # :method is deprecated
  [:hosts, :host],
  [:hosts, :port],
  [:uid, :filter]
]

ENCRYPTION_METHOD =

{
  :simple_tls => :simple_tls,
  :start_tls => :start_tls,
  :plain => nil,

  # Deprecated. This mapping aimed to be user-friendly, but only caused
  # confusion. Better to pass-through the actual `Net::LDAP` encryption type.
  :ssl => :simple_tls,
  :tls => :start_tls,
}

Instance Attribute Summary

• #auth ⇒ Object readonly

  Returns the value of attribute auth.

• #base ⇒ Object readonly

  Returns the value of attribute base.

• #bind_dn ⇒ Object

  Returns the value of attribute bind_dn.

• #connection ⇒ Object readonly

  Returns the value of attribute connection.

• #filter ⇒ Object readonly

  Returns the value of attribute filter.

• #password ⇒ Object

  Returns the value of attribute password.

• #uid ⇒ Object readonly

  Returns the value of attribute uid.

Class Method Summary

• .validate(configuration = {}) ⇒ Object

Instance Method Summary

• #bind_as(args = {}) ⇒ Object

  :base => “dc=yourcompany, dc=com”, :filter => “(mail=#user)”, :password => psw.

• #initialize(configuration = {}) ⇒ Adaptor constructor

  A new instance of Adaptor.

Constructor Details

#initialize(configuration = {}) ⇒ Adaptor

Returns a new instance of Adaptor.

# File 'lib/omniauth-ldap/adaptor.rb', line 59

def initialize(configuration={})
  Adaptor.validate(configuration)
  @configuration = configuration.dup
  @configuration[:allow_anonymous] ||= false
  @logger = @configuration.delete(:logger)
  VALID_ADAPTER_CONFIGURATION_KEYS.each do |name|
    instance_variable_set("@#{name}", @configuration[name])
  end
  config = {
    base: @base,
    hosts: @hosts,
    host: @host,
    port: @port,
    encryption: encryption_options
  }
  @bind_method = @try_sasl ? :sasl : (@allow_anonymous||!@bind_dn||!@password ? :anonymous : :simple)


  @auth = sasl_auths({:username => @bind_dn, :password => @password}).first if @bind_method == :sasl
  @auth ||= { :method => @bind_method,
              :username => @bind_dn,
              :password => @password
            }
  config[:auth] = @auth
  @connection = Net::LDAP.new(config)
end

Instance Attribute Details

#auth ⇒ Object (readonly)

Returns the value of attribute auth.

# File 'lib/omniauth-ldap/adaptor.rb', line 45

def auth
  @auth
end

#base ⇒ Object (readonly)

Returns the value of attribute base.

# File 'lib/omniauth-ldap/adaptor.rb', line 45

def base
  @base
end

#bind_dn ⇒ Object

Returns the value of attribute bind_dn.

# File 'lib/omniauth-ldap/adaptor.rb', line 44

def bind_dn
  @bind_dn
end

#connection ⇒ Object (readonly)

Returns the value of attribute connection.

# File 'lib/omniauth-ldap/adaptor.rb', line 45

def connection
  @connection
end

#filter ⇒ Object (readonly)

Returns the value of attribute filter.

# File 'lib/omniauth-ldap/adaptor.rb', line 45

def filter
  @filter
end

#password ⇒ Object

Returns the value of attribute password.

# File 'lib/omniauth-ldap/adaptor.rb', line 44

def password
  @password
end

#uid ⇒ Object (readonly)

Returns the value of attribute uid.

# File 'lib/omniauth-ldap/adaptor.rb', line 45

def uid
  @uid
end

Class Method Details

.validate(configuration = {}) ⇒ Object

Raises:

• (ArgumentError)

# File 'lib/omniauth-ldap/adaptor.rb', line 47

def self.validate(configuration={})
  message = []
  MUST_HAVE_KEYS.each do |names|
    names = [names].flatten
    missing_keys = names.select{|name| configuration[name].nil?}
    if missing_keys == names
      message << names.join(' or ')
    end
  end
  raise ArgumentError.new(message.join(",") +" MUST be provided") unless message.empty?
end

Instance Method Details

#bind_as(args = {}) ⇒ Object

:base => “dc=yourcompany, dc=com”, :filter => “(mail=#user)”, :password => psw

# File 'lib/omniauth-ldap/adaptor.rb', line 89

def bind_as(args = {})
  result = false
  @connection.open do |me|
    rs = me.search args
    if rs and rs.first and dn = rs.first.dn
      password = args[:password]
      method = args[:method] || @method
      password = password.call if password.respond_to?(:call)
      if method == 'sasl'
      result = rs.first if me.bind(sasl_auths({:username => dn, :password => password}).first)
      else
      result = rs.first if me.bind(:method => :simple, :username => dn,
                          :password => password)
      end
    end
  end
  result
end