| 21 |
21 |
class AuthSourceLdap < AuthSource
|
| 22 |
22 |
validates_presence_of :host, :port, :attr_login
|
| 23 |
23 |
validates_length_of :name, :host, :account_password, :maximum => 60, :allow_nil => true
|
| 24 |
|
validates_length_of :account, :base_dn, :maximum => 255, :allow_nil => true
|
|
24 |
validates_length_of :account, :base_dn, :group_base_dn, :maximum => 255, :allow_nil => true
|
| 25 |
25 |
validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :maximum => 30, :allow_nil => true
|
| 26 |
26 |
validates_numericality_of :port, :only_integer => true
|
| 27 |
27 |
|
| ... | ... | |
| 30 |
30 |
def after_initialize
|
| 31 |
31 |
self.port = 389 if self.port == 0
|
| 32 |
32 |
end
|
| 33 |
|
|
|
33 |
|
| 34 |
34 |
def authenticate(login, password)
|
| 35 |
35 |
return nil if login.blank? || password.blank?
|
| 36 |
36 |
attrs = get_user_dn(login)
|
| 37 |
37 |
|
| 38 |
38 |
if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password)
|
| 39 |
39 |
logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
|
|
40 |
|
|
41 |
# group creation fails with on the fly registration, so check if user exists
|
|
42 |
# means: you need to login twice, for now
|
|
43 |
user = User.find_by_login(login)
|
|
44 |
if user
|
|
45 |
group_create(login)
|
|
46 |
end
|
|
47 |
|
| 40 |
48 |
return attrs.except(:dn)
|
| 41 |
49 |
end
|
| 42 |
50 |
rescue Net::LDAP::LdapError => text
|
| 43 |
51 |
raise "LdapError: " + text
|
| 44 |
52 |
end
|
| 45 |
53 |
|
|
54 |
def group_create(login)
|
|
55 |
if self.group_base_dn != ""
|
|
56 |
ldap_con = initialize_ldap_con(self.account, self.account_password)
|
|
57 |
attrs = get_user_dn(login)
|
|
58 |
@userdetails = User.find(:first, :conditions => "login = '#{login}'")
|
|
59 |
|
|
60 |
# Search for ldap groups that the user is in
|
|
61 |
ldap_con.search( :base => self.group_base_dn,
|
|
62 |
:filter => Net::LDAP::Filter.eq("member", attrs[:dn]),
|
|
63 |
:attributes => [ "cn" ]) do |entry|
|
|
64 |
|
|
65 |
# lastname is limited to 30 chars
|
|
66 |
group_cn_full = "#{entry.cn}"
|
|
67 |
if group_cn_full.length > 30
|
|
68 |
group_cn = group_cn_full[0, 30]
|
|
69 |
else
|
|
70 |
group_cn = "#{group_cn_full}"
|
|
71 |
end
|
|
72 |
|
|
73 |
@matchinggroups = Group.find(:all, :conditions => "lastname = '#{group_cn}'")
|
|
74 |
|
|
75 |
if @matchinggroups.length == 0
|
|
76 |
@group = Group.new(:lastname => "#{group_cn}")
|
|
77 |
|
|
78 |
unless @group.save
|
|
79 |
logger.debug "group '#{group_cn}' save didn't work" if logger && logger.debug?
|
|
80 |
end
|
|
81 |
end
|
|
82 |
|
|
83 |
# look to see if the user is a member of the group
|
|
84 |
# and add them if they are not
|
|
85 |
@currentgroup = Group.find(:first, :conditions => "lastname = '#{group_cn}'")
|
|
86 |
|
|
87 |
if !@currentgroup.user_ids.include?(@userdetails.id)
|
|
88 |
# add the user to the group
|
|
89 |
@currentgroup.user_ids = @currentgroup.user_ids + [@userdetails.id]
|
|
90 |
|
|
91 |
unless @currentgroup.save
|
|
92 |
logger.debug "user NOT added to group" if logger && logger.debug?
|
|
93 |
end
|
|
94 |
end
|
|
95 |
|
|
96 |
end
|
|
97 |
end
|
|
98 |
end
|
|
99 |
|
| 46 |
100 |
# test the connection to the LDAP
|
| 47 |
101 |
def test_connection
|
| 48 |
102 |
ldap_con = initialize_ldap_con(self.account, self.account_password)
|
| 49 |
|
-- redmine-1.0.3.orig/app/views/ldap_auth_sources/_form.rhtml 2010-11-24 13:10:25.759784742 +0100
|
|
103 |
++ redmine-1.0.3/app/views/ldap_auth_sources/_form.rhtml 2010-11-24 17:29:56.357809013 +0100
|
| ... | ... | |
| 23 |
23 |
<p><label for="auth_source_base_dn"><%=l(:field_base_dn)%> <span class="required">*</span></label>
|
| 24 |
24 |
<%= text_field 'auth_source', 'base_dn', :size => 60 %></p>
|
| 25 |
25 |
|
|
26 |
<p><label for="auth_source_group_base_dn"><%=l(:field_group_base_dn)%></label>
|
|
27 |
<%= text_field 'auth_source', 'group_base_dn', :size => 60 %></p>
|
|
28 |
|
| 26 |
29 |
<p><label for="auth_source_onthefly_register"><%=l(:field_onthefly)%></label>
|
| 27 |
30 |
<%= check_box 'auth_source', 'onthefly_register' %></p>
|
| 28 |
31 |
</div>
|
| 29 |
|
-- redmine-1.0.3.orig/config/locales/en.yml 2010-11-24 13:10:25.772783943 +0100
|
|
32 |
++ redmine-1.0.3/config/locales/en.yml 2010-11-24 17:29:56.358790850 +0100
|
| ... | ... | |
| 260 |
260 |
field_attr_firstname: Firstname attribute
|
| 261 |
261 |
field_attr_lastname: Lastname attribute
|
| 262 |
262 |
field_attr_mail: Email attribute
|
|
263 |
field_group_base_dn: Base DN for groups
|
| 263 |
264 |
field_onthefly: On-the-fly user creation
|
| 264 |
265 |
field_start_date: Start Date
|
| 265 |
266 |
field_done_ratio: % Done
|
| 266 |
|
-- /dev/null 2010-11-23 14:58:20.566784028 +0100
|
|
267 |
++ redmine-1.0.3/db/migrate/20100125132612_add_group_base_dn_to_auth_sources.rb 2010-11-24 17:29:56.358790850 +0100
|
| ... | ... | |
|
1 |
class AddGroupBaseDnToAuthSources < ActiveRecord::Migration
|
|
2 |
def self.up
|
|
3 |
add_column :auth_sources, :group_base_dn, :string, :limit => 255
|
|
4 |
end
|
|
5 |
def self.down
|
|
6 |
remove_column :auth_sources, :group_base_dn
|
|
7 |
end
|
|
8 |
end
|