ldap_auth_binddn.patch - Redmine

[PATCH] LDAP Auth source with BindDN support. » ldap_auth_binddn.patch

Di Wu, 2011-02-18 08:45

       def authenticate(login, password)
         return nil if login.blank? || password.blank?
         attrs = get_user_dn(login)
         attrs = get_user_dn(login, password)
         if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password)
         if attrs && attrs[:dn]
           logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
           return attrs.except(:dn)
         end
-...
         end
       end
       # Check if a DN (user record) authenticates with the password
       def authenticate_dn(dn, password)
         if dn.present? && password.present?
           initialize_ldap_con(dn, password).bind
         end
       end
       # Get the user's dn and any attributes for them, given their login
       def get_user_dn(login)
         ldap_con = initialize_ldap_con(self.account, self.account_password)
         login_filter = Net::LDAP::Filter.eq( self.attr_login, login )
         object_filter = Net::LDAP::Filter.eq( "objectClass", "*" )
       def get_user_dn(login, password)
         ldap = Net::LDAP.new
         ldap.host = self.host
         ldap.port = self.port
         ldap.auth self.account, self.account_password
         result = ldap.bind_as(
     	  :base => "o=neusoft.com",
     	  :filter => '(uid='+login+')',
     	  :password => password
+        )
         attrs = {}
         if result
           login_filter = Net::LDAP::Filter.eq( self.attr_login, login )
           object_filter = Net::LDAP::Filter.eq( "objectClass", "*" )
         ldap_con.search( :base => self.base_dn,
           ldap.search( :base => self.base_dn,
                          :filter => object_filter & login_filter,
                          :attributes=> search_attributes) do |entry|
           if onthefly_register?
             attrs = get_user_attributes_from_ldap_entry(entry)
           else
             attrs = {:dn => entry.dn}
             if onthefly_register?
               attrs = get_user_attributes_from_ldap_entry(entry)
             else
               attrs = {:dn => entry.dn}
             end
             logger.debug "DN found for #{login}: #{attrs[:dn]}" if logger && logger.debug?
           end
           logger.debug "DN found for #{login}: #{attrs[:dn]}" if logger && logger.debug?
         end
         attrs
       end

         # Make sure no one can sign in with an empty password
         return nil if password.to_s.empty?
         user = find_by_login(login)
         attrs = AuthSource.authenticate(login, password)
         if user
           # user is already in local database
           return nil if !user.active?
           if user.auth_source
             # user has an external authentication method
             return nil unless user.auth_source.authenticate(login, password)
           if attrs
             user.reload
             logger.info("User '#{user.login}' created from external auth source: #{user.auth_source.type} - #{user.auth_source.name}") if logger && user.auth_source
           else
             # authentication with local password
             return nil unless User.hash_password(password) == user.hashed_password
           end
     		if user.auth_source
     		  # user has an external authentication method
     		  return nil unless user.auth_source.authenticate(login, password)
     		else
     		  # authentication with local password
     		  return nil unless User.hash_password(password) == user.hashed_password
     		end
     	  end
         else
           # user is not yet registered, try to authenticate with available sources
           attrs = AuthSource.authenticate(login, password)
           if attrs
             user = new(attrs)
             user.login = login

(1-1/1)

Project

General

Profile

Redmine

[PATCH] LDAP Auth source with BindDN support. » ldap_auth_binddn.patch