Project

General

Profile

Feature #1913 » 1913_redmine_bind_as_user.diff

"bind as user" feature for head - Antoine Beaupré, 2010-02-21 22:46

View differences:

app/models/auth_source_ldap.rb
33 33
  
34 34
  def authenticate(login, password)
35 35
    return nil if login.blank? || password.blank?
36
    attrs = get_user_dn(login)
37
    
38
    if attrs.first && attrs.first[:dn] && authenticate_dn(attrs.first[:dn], password)
39
      logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
40
      return attrs
36
    if self.account.include? "$login" then
37
      logger.debug "LDAP-Auth with User login"
38
      self.ldap_con = initialize_ldap_con(self.account.sub("$login", login), password)
39
      if self.ldap_con.bind then
40
        return get_user_dn(login)
41
      end
42
    else
43
      logger.debug "LDAP-Auth with Admin User"
44
      self.ldap_con = initialize_ldap_con(self.account, self.account_password)
45
      attrs = get_user_dn(login)
46
      if attrs.first && attrs.first[:dn] && authenticate_dn(attrs.first[:dn], password) then
47
        logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
48
        return attrs
49
      end
41 50
    end
42 51
  rescue  Net::LDAP::LdapError => text
43 52
    raise "LdapError: " + text
......
101 110

  
102 111
  # Get the user's dn and any attributes for them, given their login
103 112
  def get_user_dn(login)
104
    ldap_con = initialize_ldap_con(self.account, self.account_password)
105 113
    login_filter = Net::LDAP::Filter.eq( self.attr_login, login ) 
106 114
    object_filter = Net::LDAP::Filter.eq( "objectClass", "*" ) 
107 115
    attrs = []
108 116
    
109
    ldap_con.search( :base => self.base_dn, 
117
    self.ldap_con.search( :base => self.base_dn, 
110 118
                     :filter => object_filter & login_filter, 
111 119
                     :attributes=> search_attributes) do |entry|
112 120

  
(4-4/6)