--- redmine-1.0.3.orig/app/models/auth_source_ldap.rb 2010-11-24 13:10:25.764785853 +0100 +++ redmine-1.0.3/app/models/auth_source_ldap.rb 2010-11-25 15:12:38.158905023 +0100 @@ -21,7 +21,7 @@ class AuthSourceLdap < AuthSource validates_presence_of :host, :port, :attr_login validates_length_of :name, :host, :account_password, :maximum => 60, :allow_nil => true - validates_length_of :account, :base_dn, :maximum => 255, :allow_nil => true + validates_length_of :account, :base_dn, :group_base_dn, :maximum => 255, :allow_nil => true validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :maximum => 30, :allow_nil => true validates_numericality_of :port, :only_integer => true @@ -30,19 +30,73 @@ def after_initialize self.port = 389 if self.port == 0 end - + def authenticate(login, password) return nil if login.blank? || password.blank? attrs = get_user_dn(login) if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password) logger.debug "Authentication successful for '#{login}'" if logger && logger.debug? + + # group creation fails with on the fly registration, so check if user exists + # means: you need to login twice, for now + user = User.find_by_login(login) + if user + group_create(login) + end + return attrs.except(:dn) end rescue Net::LDAP::LdapError => text raise "LdapError: " + text end + def group_create(login) + if self.group_base_dn != "" + ldap_con = initialize_ldap_con(self.account, self.account_password) + attrs = get_user_dn(login) + @userdetails = User.find(:first, :conditions => "login = '#{login}'") + + # Search for ldap groups that the user is in + ldap_con.search( :base => self.group_base_dn, + :filter => Net::LDAP::Filter.eq("member", attrs[:dn]), + :attributes => [ "cn" ]) do |entry| + + # lastname is limited to 30 chars + group_cn_full = "#{entry.cn}" + if group_cn_full.length > 30 + group_cn = group_cn_full[0, 30] + else + group_cn = "#{group_cn_full}" + end + + @matchinggroups = Group.find(:all, :conditions => "lastname = '#{group_cn}'") + + if @matchinggroups.length == 0 + @group = Group.new(:lastname => "#{group_cn}") + + unless @group.save + logger.debug "group '#{group_cn}' save didn't work" if logger && logger.debug? + end + end + + # look to see if the user is a member of the group + # and add them if they are not + @currentgroup = Group.find(:first, :conditions => "lastname = '#{group_cn}'") + + if !@currentgroup.user_ids.include?(@userdetails.id) + # add the user to the group + @currentgroup.user_ids = @currentgroup.user_ids + [@userdetails.id] + + unless @currentgroup.save + logger.debug "user NOT added to group" if logger && logger.debug? + end + end + + end + end + end + # test the connection to the LDAP def test_connection ldap_con = initialize_ldap_con(self.account, self.account_password) --- redmine-1.0.3.orig/app/views/ldap_auth_sources/_form.rhtml 2010-11-24 13:10:25.759784742 +0100 +++ redmine-1.0.3/app/views/ldap_auth_sources/_form.rhtml 2010-11-24 17:29:56.357809013 +0100 @@ -23,6 +23,9 @@

<%= text_field 'auth_source', 'base_dn', :size => 60 %>

+

+<%= text_field 'auth_source', 'group_base_dn', :size => 60 %>

+

<%= check_box 'auth_source', 'onthefly_register' %>

--- redmine-1.0.3.orig/config/locales/en.yml 2010-11-24 13:10:25.772783943 +0100 +++ redmine-1.0.3/config/locales/en.yml 2010-11-24 17:29:56.358790850 +0100 @@ -260,6 +260,7 @@ field_attr_firstname: Firstname attribute field_attr_lastname: Lastname attribute field_attr_mail: Email attribute + field_group_base_dn: Base DN for groups field_onthefly: On-the-fly user creation field_start_date: Start Date field_done_ratio: % Done --- /dev/null 2010-11-23 14:58:20.566784028 +0100 +++ redmine-1.0.3/db/migrate/20100125132612_add_group_base_dn_to_auth_sources.rb 2010-11-24 17:29:56.358790850 +0100 @@ -0,0 +1,8 @@ +class AddGroupBaseDnToAuthSources < ActiveRecord::Migration + def self.up + add_column :auth_sources, :group_base_dn, :string, :limit => 255 + end + def self.down + remove_column :auth_sources, :group_base_dn + end +end