Class: Net::LDAP::AuthAdapter::GSSAPI
- Inherits:
-
Net::LDAP::AuthAdapter
- Object
- Net::LDAP::AuthAdapter
- Net::LDAP::AuthAdapter::GSSAPI
- Defined in:
- lib/net/ldap/auth_adapter/gssapi.rb
Instance Method Summary collapse
-
#bind(auth) ⇒ Object
– Required parameters: :hostname Optional parameters: :servicename.
Instance Method Details
#bind(auth) ⇒ Object
– Required parameters: :hostname Optional parameters: :servicename
Hostname must be a fully-qualified domain name.
Service name defaults to “ldap”, which is almost certainly what you want. ++
18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
# File 'lib/net/ldap/auth_adapter/gssapi.rb', line 18 def bind(auth) host, svc = [auth[:hostname], auth[:servicename] || "ldap"] raise Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless (host && svc) gsscli = ::GSSAPI::Simple.new(host, svc) context_established = nil challenge_response = proc do |challenge| if !context_established resp = gsscli.init_context(challenge) if resp.equal?(true) context_established = true elsif !resp || resp.empty? raise Net::LDAP::GSSAPIError, "Failed to establish GSSAPI security context" end resp else # After the security context has been established, the LDAP server will # offer to negotiate the security strength factor (SSF) and maximum # output size. We request an SSF of 0, i.e. no protection (integrity # and confidentiality protections aren't implemented here, yet) and no # size limit. # # N.b. your LDAP server may reject the bind request with an error # message like "protocol violation: client requested invalid layer." # That means that it is configured to require stronger protection. gsscli.("\x01\xff\xff\xff".force_encoding("binary"), false) end end Net::LDAP::AuthAdapter::Sasl.new(@connection). bind(method: :sasl, mechanism: "GSSAPI", initial_credential: gsscli.init_context, challenge_response: challenge_response) end |