defect_1420_adriano_crestani_rev_2482.patch - Redmine

Defect #1420 » defect_1420_adriano_crestani_rev_2482.patch

Patch for revision 2482 - Adriano Crestani Campos, 2009-02-20 22:21

     # along with this program; if not, write to the Free Software
     # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
     require 'net/ldap'
     require 'ldap'
     require 'iconv'
     # Contributed by mathew <meta@pobox.com>
     # Alternative AuthSourceLdap which uses Ruby's interface to native OpenLDAP.
     # I found this more reliable than net/ldap (pure Ruby LDAP).
     # OpenLDAP doesn't appear to support authentication in order to connect to
     # the LDAP server, or if it does I can't find any documentation about it.
     # Since the LDAP server I care about doesn't require auth, that's fine with me;
     # I just note it here as an FYI.
     # There's also a start_tls parameter to LDAP::SSLConn which I don't know what
     # to do with. For me, both options fail, so I tunnel my LDAP instead of
     # using SSLConn.
     class AuthSourceLdap < AuthSource
       validates_presence_of :host, :port, :attr_login
       validates_length_of :name, :host, :account_password, :maximum => 60, :allow_nil => true
       validates_length_of :account, :base_dn, :maximum => 255, :allow_nil => true
       validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :maximum => 30, :allow_nil => true
       validates_numericality_of :port, :only_integer => true
       before_validation :strip_ldap_attributes
       def after_initialize
-...
       end
       def authenticate(login, password)
         login.downcase!
         logger.debug "replacement LDAP auth called" if logger && logger.debug?
         return nil if login.blank? || password.blank?
         attrs = []
         # get user's DN
         ldap_con = initialize_ldap_con(self.account, self.account_password)
         login_filter = Net::LDAP::Filter.eq( self.attr_login, login )
         object_filter = Net::LDAP::Filter.eq( "objectClass", "*" )
         # Get user's DN
         ldap_con = initialize_ldap_con()
         filter = "(&(objectClass=person)(#{self.attr_login}=#{login}))"
         logger.debug "filter = #{filter}" if logger && logger.debug?
         logger.debug "base dn = #{self.base_dn}" if logger && logger.debug?
         dn = String.new
         ldap_con.search( :base => self.base_dn,
                          :filter => object_filter & login_filter,
                          # only ask for the DN if on-the-fly registration is disabled
                          :attributes=> (onthefly_register? ? ['dn', self.attr_firstname, self.attr_lastname, self.attr_mail] : ['dn'])) do |entry|
           dn = entry.dn
         # ruby-ldap appears to give you the dn whether you ask for it or not,
         # but via a special get_dn method rather than as an attribute.
         attrlist = [self.attr_firstname,self.attr_lastname,self.attr_mail]
         logger.debug "SEARCH" if logger && logger.debug?
         ldap_con.search(self.base_dn, LDAP::LDAP_SCOPE_SUBTREE, filter, attrlist) do |entry|
           logger.debug "search_ext returned >= 1 result" if logger && logger.debug?
           dn = entry.get_dn
           attrs = [:firstname => AuthSourceLdap.get_attr(entry, self.attr_firstname),
                    :lastname => AuthSourceLdap.get_attr(entry, self.attr_lastname),
                    :mail => AuthSourceLdap.get_attr(entry, self.attr_mail),
                    :auth_source_id => self.id ] if onthefly_register?
         end
         logger.debug "Passed search_ext block" if logger && logger.debug?
         return nil if dn.empty?
         logger.debug "DN found for #{login}: #{dn}" if logger && logger.debug?
         # authenticate user
         ldap_con = initialize_ldap_con(dn, password)
         return nil unless ldap_con.bind
         # return user's attributes
         # Found user, so try to authenticate
         ldap_con.unbind
         if ldap_con.bind(dn,password)
         # Return user's attributes
         logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
         attrs
       rescue  Net::LDAP::LdapError => text
         raise "LdapError: " + text
           return attrs
         end
       rescue LDAP::ResultError => text
         logger.info "Authentication failure: #{text}" if logger && logger.info?
         return nil
       end
       # test the connection to the LDAP
       def test_connection
         ldap_con = initialize_ldap_con(self.account, self.account_password)
         ldap_con.open { }
       rescue  Net::LDAP::LdapError => text
         ldap_con = initialize_ldap_con
       rescue Net::LDAP::LdapError => text
         raise "LdapError: " + text
       end
-...
         "LDAP"
       end
       private
     private
       def strip_ldap_attributes
         [:attr_login, :attr_firstname, :attr_lastname, :attr_mail].each do |attr|
           write_attribute(attr, read_attribute(attr).strip) unless read_attribute(attr).nil?
         end
       end
       def initialize_ldap_con(ldap_user, ldap_password)
         options = { :host => self.host,
                     :port => self.port,
                     :encryption => (self.tls ? :simple_tls : nil)
+                  }
         options.merge!(:auth => { :method => :simple, :username => ldap_user, :password => ldap_password }) unless ldap_user.blank? && ldap_password.blank?
         Net::LDAP.new options
       def initialize_ldap_con
         logger.debug "Setting up LDAP connection to #{self.host}:#{self.port}"
         if self.tls
           # Last parameter determines if START_TLS is used for the SSL connection.
           return LDAP::SSLConn.new(self.host, self.port, true)
         else
           return LDAP::Conn.new(self.host, self.port)
         end
       end
       def self.get_attr(entry, attr_name)

« Previous
1
2
Next »

(2-2/2)

Project

General

Profile

Redmine

Defect #1420 » defect_1420_adriano_crestani_rev_2482.patch