Mercurial > hg > soundsoftware-site
comparison app/models/auth_source_ldap.rb @ 1295:622f24f53b42 redmine-2.3
Update to Redmine SVN revision 11972 on 2.3-stable branch
| author | Chris Cannam |
|---|---|
| date | Fri, 14 Jun 2013 09:02:21 +0100 |
| parents | 433d4f72a19b |
| children | e248c7af89ec |
comparison
equal
deleted
inserted
replaced
| 1294:3e4c3460b6ca | 1295:622f24f53b42 |
|---|---|
| 1 # Redmine - project management software | 1 # Redmine - project management software |
| 2 # Copyright (C) 2006-2012 Jean-Philippe Lang | 2 # Copyright (C) 2006-2013 Jean-Philippe Lang |
| 3 # | 3 # |
| 4 # This program is free software; you can redistribute it and/or | 4 # This program is free software; you can redistribute it and/or |
| 5 # modify it under the terms of the GNU General Public License | 5 # modify it under the terms of the GNU General Public License |
| 6 # as published by the Free Software Foundation; either version 2 | 6 # as published by the Free Software Foundation; either version 2 |
| 7 # of the License, or (at your option) any later version. | 7 # of the License, or (at your option) any later version. |
| 13 # | 13 # |
| 14 # You should have received a copy of the GNU General Public License | 14 # You should have received a copy of the GNU General Public License |
| 15 # along with this program; if not, write to the Free Software | 15 # along with this program; if not, write to the Free Software |
| 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
| 17 | 17 |
| 18 require 'iconv' | |
| 19 require 'net/ldap' | 18 require 'net/ldap' |
| 20 require 'net/ldap/dn' | 19 require 'net/ldap/dn' |
| 21 require 'timeout' | 20 require 'timeout' |
| 22 | 21 |
| 23 class AuthSourceLdap < AuthSource | 22 class AuthSourceLdap < AuthSource |
| 62 | 61 |
| 63 def auth_method_name | 62 def auth_method_name |
| 64 "LDAP" | 63 "LDAP" |
| 65 end | 64 end |
| 66 | 65 |
| 66 # Returns true if this source can be searched for users | |
| 67 def searchable? | |
| 68 !account.to_s.include?("$login") && %w(login firstname lastname mail).all? {|a| send("attr_#{a}?")} | |
| 69 end | |
| 70 | |
| 71 # Searches the source for users and returns an array of results | |
| 72 def search(q) | |
| 73 q = q.to_s.strip | |
| 74 return [] unless searchable? && q.present? | |
| 75 | |
| 76 results = [] | |
| 77 search_filter = base_filter & Net::LDAP::Filter.begins(self.attr_login, q) | |
| 78 ldap_con = initialize_ldap_con(self.account, self.account_password) | |
| 79 ldap_con.search(:base => self.base_dn, | |
| 80 :filter => search_filter, | |
| 81 :attributes => ['dn', self.attr_login, self.attr_firstname, self.attr_lastname, self.attr_mail], | |
| 82 :size => 10) do |entry| | |
| 83 attrs = get_user_attributes_from_ldap_entry(entry) | |
| 84 attrs[:login] = AuthSourceLdap.get_attr(entry, self.attr_login) | |
| 85 results << attrs | |
| 86 end | |
| 87 results | |
| 88 rescue Net::LDAP::LdapError => e | |
| 89 raise AuthSourceException.new(e.message) | |
| 90 end | |
| 91 | |
| 67 private | 92 private |
| 68 | 93 |
| 69 def with_timeout(&block) | 94 def with_timeout(&block) |
| 70 timeout = self.timeout | 95 timeout = self.timeout |
| 71 timeout = 20 unless timeout && timeout > 0 | 96 timeout = 20 unless timeout && timeout > 0 |
| 80 if filter.present? | 105 if filter.present? |
| 81 Net::LDAP::Filter.construct(filter) | 106 Net::LDAP::Filter.construct(filter) |
| 82 end | 107 end |
| 83 rescue Net::LDAP::LdapError | 108 rescue Net::LDAP::LdapError |
| 84 nil | 109 nil |
| 110 end | |
| 111 | |
| 112 def base_filter | |
| 113 filter = Net::LDAP::Filter.eq("objectClass", "*") | |
| 114 if f = ldap_filter | |
| 115 filter = filter & f | |
| 116 end | |
| 117 filter | |
| 85 end | 118 end |
| 86 | 119 |
| 87 def validate_filter | 120 def validate_filter |
| 88 if filter.present? && ldap_filter.nil? | 121 if filter.present? && ldap_filter.nil? |
| 89 errors.add(:filter, :invalid) | 122 errors.add(:filter, :invalid) |
| 138 if self.account && self.account.include?("$login") | 171 if self.account && self.account.include?("$login") |
| 139 ldap_con = initialize_ldap_con(self.account.sub("$login", Net::LDAP::DN.escape(login)), password) | 172 ldap_con = initialize_ldap_con(self.account.sub("$login", Net::LDAP::DN.escape(login)), password) |
| 140 else | 173 else |
| 141 ldap_con = initialize_ldap_con(self.account, self.account_password) | 174 ldap_con = initialize_ldap_con(self.account, self.account_password) |
| 142 end | 175 end |
| 143 login_filter = Net::LDAP::Filter.eq( self.attr_login, login ) | |
| 144 object_filter = Net::LDAP::Filter.eq( "objectClass", "*" ) | |
| 145 attrs = {} | 176 attrs = {} |
| 146 | 177 search_filter = base_filter & Net::LDAP::Filter.eq(self.attr_login, login) |
| 147 search_filter = object_filter & login_filter | |
| 148 if f = ldap_filter | |
| 149 search_filter = search_filter & f | |
| 150 end | |
| 151 | 178 |
| 152 ldap_con.search( :base => self.base_dn, | 179 ldap_con.search( :base => self.base_dn, |
| 153 :filter => search_filter, | 180 :filter => search_filter, |
| 154 :attributes=> search_attributes) do |entry| | 181 :attributes=> search_attributes) do |entry| |
| 155 | 182 |