Class: OmniAuth::LDAP::Adaptor

Inherits:

Object

• Object
• OmniAuth::LDAP::Adaptor

Defined in:

lib/omniauth-ldap/adaptor.rb

Defined Under Namespace

Classes: AuthenticationError, ConfigurationError, ConnectionError, LdapError

Constant Summary

VALID_ADAPTER_CONFIGURATION_KEYS =

[:host, :port, :method, :bind_dn, :password, :try_sasl, :sasl_mechanisms, :uid, :base, :allow_anonymous, :filter]

MUST_HAVE_KEYS =

A list of needed keys. Possible alternatives are specified using sub-lists.

[:host, :port, :method, [:uid, :filter], :base]

METHOD =

{
  :ssl => :simple_tls,
  :tls => :start_tls,
  :plain => nil,
}

Instance Attribute Summary

• #auth ⇒ Object readonly

  Returns the value of attribute auth.

• #base ⇒ Object readonly

  Returns the value of attribute base.

• #bind_dn ⇒ Object

  Returns the value of attribute bind_dn.

• #connection ⇒ Object readonly

  Returns the value of attribute connection.

• #filter ⇒ Object readonly

  Returns the value of attribute filter.

• #password ⇒ Object

  Returns the value of attribute password.

• #uid ⇒ Object readonly

  Returns the value of attribute uid.

Class Method Summary

• .validate(configuration = {}) ⇒ Object

Instance Method Summary

• #bind_as(args = {}) ⇒ Object

  :base => “dc=yourcompany, dc=com”, :filter => “(mail=#user)”, :password => psw.

• #initialize(configuration = {}) ⇒ Adaptor constructor

  A new instance of Adaptor.

Constructor Details

#initialize(configuration = {}) ⇒ Adaptor

Returns a new instance of Adaptor.

# File 'lib/omniauth-ldap/adaptor.rb', line 40

def initialize(configuration={})
  Adaptor.validate(configuration)
  @configuration = configuration.dup
  @configuration[:allow_anonymous] ||= false
  @logger = @configuration.delete(:logger)
  VALID_ADAPTER_CONFIGURATION_KEYS.each do |name|
    instance_variable_set("@#{name}", @configuration[name])
  end
  method = ensure_method(@method)
  config = {
    :host => @host,
    :port => @port,
    :base => @base
  }
  @bind_method = @try_sasl ? :sasl : (@allow_anonymous||!@bind_dn||!@password ? :anonymous : :simple)


  @auth = sasl_auths({:username => @bind_dn, :password => @password}).first if @bind_method == :sasl
  @auth ||= { :method => @bind_method,
              :username => @bind_dn,
              :password => @password
            }
  config[:auth] = @auth
  @connection = Net::LDAP.new(config)
  @connection.encryption(method)
end

Instance Attribute Details

#auth ⇒ Object (readonly)

Returns the value of attribute auth.

# File 'lib/omniauth-ldap/adaptor.rb', line 28

def auth
  @auth
end

#base ⇒ Object (readonly)

Returns the value of attribute base.

# File 'lib/omniauth-ldap/adaptor.rb', line 28

def base
  @base
end

#bind_dn ⇒ Object

Returns the value of attribute bind_dn.

# File 'lib/omniauth-ldap/adaptor.rb', line 27

def bind_dn
  @bind_dn
end

#connection ⇒ Object (readonly)

Returns the value of attribute connection.

# File 'lib/omniauth-ldap/adaptor.rb', line 28

def connection
  @connection
end

#filter ⇒ Object (readonly)

Returns the value of attribute filter.

# File 'lib/omniauth-ldap/adaptor.rb', line 28

def filter
  @filter
end

#password ⇒ Object

Returns the value of attribute password.

# File 'lib/omniauth-ldap/adaptor.rb', line 27

def password
  @password
end

#uid ⇒ Object (readonly)

Returns the value of attribute uid.

# File 'lib/omniauth-ldap/adaptor.rb', line 28

def uid
  @uid
end

Class Method Details

.validate(configuration = {}) ⇒ Object

Raises:

• (ArgumentError)

# File 'lib/omniauth-ldap/adaptor.rb', line 29

def self.validate(configuration={})
  message = []
  MUST_HAVE_KEYS.each do |names|
    names = [names].flatten
    missing_keys = names.select{|name| configuration[name].nil?}
    if missing_keys == names
      message << names.join(' or ')
    end
  end
  raise ArgumentError.new(message.join(",") +" MUST be provided") unless message.empty?
end

Instance Method Details

#bind_as(args = {}) ⇒ Object

:base => “dc=yourcompany, dc=com”, :filter => “(mail=#user)”, :password => psw

# File 'lib/omniauth-ldap/adaptor.rb', line 70

def bind_as(args = {})
  result = false
  @connection.open do |me|
    rs = me.search args
    if rs and rs.first and dn = rs.first.dn
      password = args[:password]
      method = args[:method] || @method
      password = password.call if password.respond_to?(:call)
      if method == 'sasl'
      result = rs.first if me.bind(sasl_auths({:username => dn, :password => password}).first)
      else
      result = rs.first if me.bind(:method => :simple, :username => dn,
                          :password => password)
      end
    end
  end
  result
end