commit 32af651d5e3f67910394700a2c5dcd09751c518a Author: anarcat Date: Sun Feb 21 16:42:55 2010 -0500 port #1913 patch to head: do not initialize the LDAP connection in DN lookup so we can bind with the user credentials diff --git a/app/models/auth_source_ldap.rb b/app/models/auth_source_ldap.rb index 1378d00..086f6d7 100644 --- a/app/models/auth_source_ldap.rb +++ b/app/models/auth_source_ldap.rb @@ -33,11 +33,20 @@ class AuthSourceLdap < AuthSource def authenticate(login, password) return nil if login.blank? || password.blank? - attrs = get_user_dn(login) - - if attrs.first && attrs.first[:dn] && authenticate_dn(attrs.first[:dn], password) - logger.debug "Authentication successful for '#{login}'" if logger && logger.debug? - return attrs + if self.account.include? "$login" then + logger.debug "LDAP-Auth with User login" + self.ldap_con = initialize_ldap_con(self.account.sub("$login", login), password) + if self.ldap_con.bind then + return get_user_dn(login) + end + else + logger.debug "LDAP-Auth with Admin User" + self.ldap_con = initialize_ldap_con(self.account, self.account_password) + attrs = get_user_dn(login) + if attrs.first && attrs.first[:dn] && authenticate_dn(attrs.first[:dn], password) then + logger.debug "Authentication successful for '#{login}'" if logger && logger.debug? + return attrs + end end rescue Net::LDAP::LdapError => text raise "LdapError: " + text @@ -101,12 +110,11 @@ class AuthSourceLdap < AuthSource # Get the user's dn and any attributes for them, given their login def get_user_dn(login) - ldap_con = initialize_ldap_con(self.account, self.account_password) login_filter = Net::LDAP::Filter.eq( self.attr_login, login ) object_filter = Net::LDAP::Filter.eq( "objectClass", "*" ) attrs = [] - ldap_con.search( :base => self.base_dn, + self.ldap_con.search( :base => self.base_dn, :filter => object_filter & login_filter, :attributes=> search_attributes) do |entry|