Class: Vines::Storage::Ldap
- Inherits:
-
Object
- Object
- Vines::Storage::Ldap
- Defined in:
- lib/vines/storage/ldap.rb
Overview
Authenticates usernames and passwords against an LDAP directory. This can provide authentication logic for the other, full-featured Storage implementations while they store and retrieve the rest of the user information.
Constant Summary collapse
- @@required =
[:host, :port]
Instance Method Summary collapse
-
#authenticate(username, password) ⇒ Object
Validates a username and password by binding to the LDAP instance with those credentials.
-
#initialize(host = 'localhost', port = 636, &block) ⇒ Ldap
constructor
A new instance of Ldap.
Constructor Details
#initialize(host = 'localhost', port = 636, &block) ⇒ Ldap
Returns a new instance of Ldap.
19 20 21 22 23 |
# File 'lib/vines/storage/ldap.rb', line 19 def initialize(host='localhost', port=636, &block) @config = {:host => host, :port => port} instance_eval(&block) @@required.each {|key| raise "Must provide #{key}" if @config[key].nil? } end |
Instance Method Details
#authenticate(username, password) ⇒ Object
Validates a username and password by binding to the LDAP instance with those credentials. If the bind succeeds, the user’s attributes are retrieved.
28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
# File 'lib/vines/storage/ldap.rb', line 28 def authenticate(username, password) return if [username, password].any? {|arg| (arg || '').strip.empty? } clas = Net::LDAP::Filter.eq('objectClass', @config[:object_class]) uid = Net::LDAP::Filter.eq(@config[:user_attr], username) filter = clas & uid attrs = [@config[:name_attr], 'mail'] ldap = connect(@config[:dn], @config[:password]) entries = ldap.search(:attributes => attrs, :filter => filter) return unless entries && entries.size == 1 user = if connect(entries.first.dn, password).bind name = entries.first[@config[:name_attr]].first User.new(:jid => username, :name => name.to_s, :roster => []) end user end |