Class: Vines::Storage::Ldap
- Inherits:
-
Object
- Object
- Vines::Storage::Ldap
- Defined in:
- lib/vines/storage/ldap.rb
Overview
Authenticates usernames and passwords against an LDAP directory. This can provide authentication logic for the other, full-featured Storage implementations while they store and retrieve the rest of the user information.
Constant Summary collapse
- @@required =
[:host, :port]
Instance Method Summary collapse
-
#authenticate(username, password) ⇒ Object
Validates a username and password by binding to the LDAP instance with those credentials.
-
#filter(username) ⇒ Object
Return an LDAP search filter for a user optionally belonging to the group defined by the groupdn config attribute.
-
#initialize(host = 'localhost', port = 636, &block) ⇒ Ldap
constructor
A new instance of Ldap.
Constructor Details
#initialize(host = 'localhost', port = 636, &block) ⇒ Ldap
Returns a new instance of Ldap.
19 20 21 22 23 |
# File 'lib/vines/storage/ldap.rb', line 19 def initialize(host='localhost', port=636, &block) @config = {host: host, port: port} instance_eval(&block) @@required.each {|key| raise "Must provide #{key}" if @config[key].nil? } end |
Instance Method Details
#authenticate(username, password) ⇒ Object
Validates a username and password by binding to the LDAP instance with those credentials. If the bind succeeds, the user’s attributes are retrieved.
28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 |
# File 'lib/vines/storage/ldap.rb', line 28 def authenticate(username, password) username = JID.new(username).to_s rescue nil return if [username, password].any? {|arg| (arg || '').strip.empty? } ldap = connect(@config[:dn], @config[:password]) entries = ldap.search( attributes: [@config[:name_attr], 'mail'], filter: filter(username)) return unless entries && entries.size == 1 user = if connect(entries.first.dn, password).bind name = entries.first[@config[:name_attr]].first User.new(jid: username, name: name.to_s, roster: []) end user end |
#filter(username) ⇒ Object
Return an LDAP search filter for a user optionally belonging to the group defined by the groupdn config attribute.
47 48 49 50 51 52 53 54 55 56 57 |
# File 'lib/vines/storage/ldap.rb', line 47 def filter(username) clas = Net::LDAP::Filter.eq('objectClass', @config[:object_class]) uid = Net::LDAP::Filter.eq(@config[:user_attr], username) filter = clas & uid if group = @config[:groupdn] memberOf = Net::LDAP::Filter.eq('memberOf', group) isMemberOf = Net::LDAP::Filter.eq('isMemberOf', group) filter = filter & (memberOf | isMemberOf) end filter end |