Class: OmniAuth::Strategies::LDAP

Inherits:
Object
  • Object
show all
Includes:
OmniAuth::Strategy
Defined in:
lib/omniauth/strategies/ldap.rb

Constant Summary collapse

InvalidCredentialsError = 
Class.new(StandardError)
@@config = 
{
  'name' => 'cn',
  'first_name' => 'givenName',
  'last_name' => 'sn',
  'email' => ['mail', "email", 'userPrincipalName'],
  'phone' => ['telephoneNumber', 'homePhone', 'facsimileTelephoneNumber'],
  'mobile' => ['mobile', 'mobileTelephoneNumber'],
  'nickname' => ['uid', 'userid', 'sAMAccountName'],
  'title' => 'title',
  'location' => {"%0, %1, %2, %3 %4" => [['address', 'postalAddress', 'homePostalAddress', 'street', 'streetAddress'], ['l'], ['st'],['co'],['postOfficeBox']]},
  'uid' => 'dn',
  'url' => ['wwwhomepage'],
  'image' => 'jpegPhoto',
  'description' => 'description'
}

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.map_user(mapper, object) ⇒ Object 



81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
 
# File 'lib/omniauth/strategies/ldap.rb', line 81

def self.map_user(mapper, object)
  user = {}
  mapper.each do |key, value|
    case value
    when String
      user[key] = object[value.downcase.to_sym].first if object.respond_to? value.downcase.to_sym
    when Array
      value.each {|v| (user[key] = object[v.downcase.to_sym].first; break;) if object.respond_to? v.downcase.to_sym}
    when Hash
      value.map do |key1, value1|
        pattern = key1.dup
        value1.each_with_index do |v,i|
          part = ''; v.collect(&:downcase).collect(&:to_sym).each {|v1| (part = object[v1].first; break;) if object.respond_to? v1}
          pattern.gsub!("%#{i}",part||'')
        end
        user[key] = pattern
      end
    end
  end
  user
end

Instance Method Details

#callback_phaseObject 



43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
 
# File 'lib/omniauth/strategies/ldap.rb', line 43

def callback_phase
  @adaptor = OmniAuth::LDAP::Adaptor.new @options

  return fail!(:invalid_request_method) unless valid_request_method?
  return fail!(:missing_credentials) if missing_credentials?
  begin
    @ldap_user_info = @adaptor.bind_as(:filter => filter(@adaptor), :size => 1, :password => request['password'])

    unless @ldap_user_info
      return fail!(:invalid_credentials, InvalidCredentialsError.new("Invalid credentials for #{request['username']}"))
    end

    @user_info = self.class.map_user(@@config, @ldap_user_info)
    super
  rescue Exception => e
    return fail!(:ldap_error, e)
  end
end

#filter(adaptor) ⇒ Object 



62
63
64
65
66
67
68
69
 
# File 'lib/omniauth/strategies/ldap.rb', line 62

def filter(adaptor)
  if adaptor.filter and !adaptor.filter.empty?
    username = Net::LDAP::Filter.escape(@options[:name_proc].call(request['username']))
    Net::LDAP::Filter.construct(adaptor.filter % { username: username })
  else
    Net::LDAP::Filter.equals(adaptor.uid, @options[:name_proc].call(request['username']))
  end
end

#request_phaseObject 



34
35
36
37
38
39
40
41
 
# File 'lib/omniauth/strategies/ldap.rb', line 34

def request_phase
  OmniAuth::LDAP::Adaptor.validate @options
  f = OmniAuth::Form.new(:title => (options[:title] || "LDAP Authentication"), :url => callback_path)
  f.text_field 'Login', 'username'
  f.password_field 'Password', 'password'
  f.button "Sign In"
  f.to_response
end