33 |
33 |
|
34 |
34 |
def authenticate(login, password)
|
35 |
35 |
return nil if login.blank? || password.blank?
|
36 |
|
attrs = get_user_dn(login)
|
37 |
|
|
38 |
|
if attrs.first && attrs.first[:dn] && authenticate_dn(attrs.first[:dn], password)
|
39 |
|
logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
|
40 |
|
return attrs
|
|
36 |
if self.account.include? "$login" then
|
|
37 |
logger.debug "LDAP-Auth with User login"
|
|
38 |
self.ldap_con = initialize_ldap_con(self.account.sub("$login", login), password)
|
|
39 |
if self.ldap_con.bind then
|
|
40 |
return get_user_dn(login)
|
|
41 |
end
|
|
42 |
else
|
|
43 |
logger.debug "LDAP-Auth with Admin User"
|
|
44 |
self.ldap_con = initialize_ldap_con(self.account, self.account_password)
|
|
45 |
attrs = get_user_dn(login)
|
|
46 |
if attrs.first && attrs.first[:dn] && authenticate_dn(attrs.first[:dn], password) then
|
|
47 |
logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
|
|
48 |
return attrs
|
|
49 |
end
|
41 |
50 |
end
|
42 |
51 |
rescue Net::LDAP::LdapError => text
|
43 |
52 |
raise "LdapError: " + text
|
... | ... | |
101 |
110 |
|
102 |
111 |
# Get the user's dn and any attributes for them, given their login
|
103 |
112 |
def get_user_dn(login)
|
104 |
|
ldap_con = initialize_ldap_con(self.account, self.account_password)
|
105 |
113 |
login_filter = Net::LDAP::Filter.eq( self.attr_login, login )
|
106 |
114 |
object_filter = Net::LDAP::Filter.eq( "objectClass", "*" )
|
107 |
115 |
attrs = []
|
108 |
116 |
|
109 |
|
ldap_con.search( :base => self.base_dn,
|
|
117 |
self.ldap_con.search( :base => self.base_dn,
|
110 |
118 |
:filter => object_filter & login_filter,
|
111 |
119 |
:attributes=> search_attributes) do |entry|
|
112 |
120 |
|