Class: RIMS::Password::LDAPSource
- Inherits:
-
Source
- Object
- Source
- RIMS::Password::LDAPSource
- Defined in:
- lib/rims/passwd/ldap.rb
Overview
to enable LDAP pass-source plug-in, add the entry of rims/passwd/ldap
to load_libraries
list.
ex.
load_libraries:
- rims/passwd/ldap
Class Method Summary collapse
-
.build_from_conf(config) ⇒ Object
configuration entries: *
"ldap_uri"
*"base_dn"
*"attribute"
*"scope"
*"filter"
*"search_bind_auth"
*"method"
*"username"
*"password"
*"search_bind_verification_skip"
. - .parse_uri(uri_string) ⇒ Object
- .uri_decode(string) ⇒ Object
Instance Method Summary collapse
- #compare_password(username, password) ⇒ Object
-
#initialize(host, port, base_dn, attr, scope: 'sub', filter: nil, search_bind_auth: { :method => :anonymous }, search_bind_verification_skip: false, encryption: false) ⇒ LDAPSource
constructor
A new instance of LDAPSource.
- #raw_password? ⇒ Boolean
- #start ⇒ Object
- #user?(username) ⇒ Boolean
Constructor Details
#initialize(host, port, base_dn, attr, scope: 'sub', filter: nil, search_bind_auth: { :method => :anonymous }, search_bind_verification_skip: false, encryption: false) ⇒ LDAPSource
Returns a new instance of LDAPSource.
16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
# File 'lib/rims/passwd/ldap.rb', line 16 def initialize(host, port, base_dn, attr, scope: 'sub', filter: nil, search_bind_auth: { :method => :anonymous }, search_bind_verification_skip: false, encryption: false) @host = host @port = port @base_dn = base_dn @attr = attr @scope_src = scope @filter_src = filter @search_bind_auth = search_bind_auth @search_bind_verification_skip = search_bind_verification_skip @encryption = encryption end |
Class Method Details
.build_from_conf(config) ⇒ Object
configuration entries:
-
"ldap_uri"
-
"base_dn"
-
"attribute"
-
"scope"
-
"filter"
-
"search_bind_auth"
* <tt>"method"</tt> * <tt>"username"</tt> * <tt>"password"</tt>
-
"search_bind_verification_skip"
170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 |
# File 'lib/rims/passwd/ldap.rb', line 170 def build_from_conf(config) unless (config.key? 'ldap_uri') then raise 'required ldap_uri parameter at LDAP pass-source configuration.' end ldap_params = parse_uri(config['ldap_uri']) ldap_args = [] for name in [ :host, :port ] value = ldap_params.delete(name) or raise "internal error: #{name}" ldap_args << value end for name in [ :base_dn, :attribute ] value = ldap_params.delete(name) if (config.key? name.to_s) then value = config[name.to_s] end unless (value) then raise "required #{name} parameter at LDAP pass-source configuration." end ldap_args << value end for name in [ :scope, :filter, :search_bind_verification_skip ] if (config.key? name.to_s) then ldap_params[name] = config[name.to_s] end end if (config.key? 'search_bind_auth') then case (config['search_bind_auth']['method']) when 'anonymous' auth = { method: :anonymous } when 'simple' auth = { method: :simple } auth[:username] = config['search_bind_auth']['username'] or raise 'required serach bind username at LDAP pass-source configuration.' auth[:password] = config['search_bind_auth']['password'] or raise 'required search bind password at LDAP pass-source configuration.' else raise "unknown or unsupported bind method type: #{config['search_bind_auth'].inspect}" end ldap_params[:search_bind_auth] = auth end self.new(*ldap_args, **ldap_params) end |
.parse_uri(uri_string) ⇒ Object
135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 |
# File 'lib/rims/passwd/ldap.rb', line 135 def parse_uri(uri_string) ldap_params = {} ldap_uri = URI.parse(uri_string) case (ldap_uri) when URI::LDAPS ldap_params[:encryption] = true when URI::LDAP # OK else raise "not a LDAP URI: #{uri_string}" end ldap_params[:host] = ldap_uri.host || 'localhost' ldap_params[:port] = ldap_uri.port or raise "required LDAP port: #{uri_string}" ldap_params[:base_dn] = uri_decode(ldap_uri.dn) if (ldap_uri.dn && ! ldap_uri.dn.empty?) ldap_params[:attribute] = uri_decode(ldap_uri.attributes) if ldap_uri.attributes ldap_params[:scope] = uri_decode(ldap_uri.scope) if ldap_uri.scope ldap_params[:filter] = uri_decode(ldap_uri.filter) if ldap_uri.filter ldap_params end |
.uri_decode(string) ⇒ Object
131 132 133 |
# File 'lib/rims/passwd/ldap.rb', line 131 def uri_decode(string) string.gsub(/%(\h)(\h)/) { [$&[1, 2].hex].pack('C') }.force_encoding(string.encoding) end |
Instance Method Details
#compare_password(username, password) ⇒ Object
118 119 120 121 122 123 124 125 126 127 128 |
# File 'lib/rims/passwd/ldap.rb', line 118 def compare_password(username, password) ldap_open{|ldap| if (user_dn = search(ldap, username)) then if (ldap.bind(method: :simple, username: user_dn, password: password)) then true else false end end } end |
#raw_password? ⇒ Boolean
58 59 60 |
# File 'lib/rims/passwd/ldap.rb', line 58 def raw_password? false end |
#start ⇒ Object
31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 |
# File 'lib/rims/passwd/ldap.rb', line 31 def start scheme = @encryption ? 'ldaps' : 'ldap' @logger.info("LDAP pass-source: #{scheme}://#{@host}:#{@port}/#{@base_dn}?#{@attr}?#{@scope_src}?#{@filter_src}") case (@scope_src) when 'base' @scope = Net::LDAP::SearchScope_BaseObject when 'one' @scope = Net::LDAP::SearchScope_SingleLevel when 'sub' @scope = Net::LDAP::SearchScope_WholeSubtree else raise "unknown ldap search scope: #{@scope_src}" end if (@filter_src) then filter = Net::LDAP::Filter.construct(@filter_src) @filter_factory = proc{|username| Net::LDAP::Filter.eq(@attr, username) & filter } else @filter_factory = proc{|username| Net::LDAP::Filter.eq(@attr, username) } end end |
#user?(username) ⇒ Boolean
108 109 110 111 112 113 114 115 116 |
# File 'lib/rims/passwd/ldap.rb', line 108 def user?(username) ldap_open{|ldap| if (search(ldap, username)) then true else false end } end |