Class: LDAPConnection

Inherits:
Object
  • Object
show all
Defined in:
lib/ons-ldap/ldap_connection.rb

Class Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(host, port, base, groups, logger, encrypted = true) ⇒ LDAPConnection

Returns a new instance of LDAPConnection.



17
18
19
20
21
22
23
24
 
# File 'lib/ons-ldap/ldap_connection.rb', line 17

def initialize(host, port, base, groups, logger, encrypted = true)
  self.class.host = host
  self.class.port = port.to_i
  self.class.base = base
  self.class.groups = groups
  self.class.logger = logger
  self.class.encrypted = encrypted
end

Class Attribute Details

.baseObject

Returns the value of attribute base.



11
12
13
 
# File 'lib/ons-ldap/ldap_connection.rb', line 11

def base
  @base
end

.encryptedObject

Returns the value of attribute encrypted.



14
15
16
 
# File 'lib/ons-ldap/ldap_connection.rb', line 14

def encrypted
  @encrypted
end

.groupsObject

Returns the value of attribute groups.



12
13
14
 
# File 'lib/ons-ldap/ldap_connection.rb', line 12

def groups
  @groups
end

.hostObject

Returns the value of attribute host.



9
10
11
 
# File 'lib/ons-ldap/ldap_connection.rb', line 9

def host
  @host
end

.loggerObject

Returns the value of attribute logger.



13
14
15
 
# File 'lib/ons-ldap/ldap_connection.rb', line 13

def logger
  @logger
end

.portObject

Returns the value of attribute port.



10
11
12
 
# File 'lib/ons-ldap/ldap_connection.rb', line 10

def port
  @port
end

Instance Method Details

#authenticate(username, password) ⇒ Object 



26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
# File 'lib/ons-ldap/ldap_connection.rb', line 26

def authenticate(username, password)
  user_entry = nil

  # Have to use the username DN format below for the bind operation to succeed.
  auth = { method: :simple, username: "uid=#{username},ou=Users,#{self.class.base}", password: password }

  Net::LDAP.open(host: self.class.host, port: self.class.port, base: self.class.base, auth: auth) do |ldap|
    ldap.encryption = :simple_tls if self.class.encrypted?
    unless ldap.bind
      result = ldap.get_operation_result
      self.class.logger.error "LDAP authentication failed for '#{username}': #{result.message} (#{result.code})"
      return nil
    end

    self.class.logger.info "LDAP authentication succeeded for '#{username}'"
    user_entry = entry_for(username, ldap) || nil

    # The user must be a member of at least the "<zone>-users" group for authentication to be considered successful.
    users_group = self.class.groups['users']
    unless group_member?(users_group, username, ldap)
      self.class.logger.error "LDAP authentication failed: '#{username}' is not a member of the '#{users_group}' group"
      return nil
    end

    user_entry.groups = groups_for(username, ldap)
  end

  user_entry
end