-
Notifications
You must be signed in to change notification settings - Fork 161
/
ldap.rb
101 lines (90 loc) · 3.36 KB
/
ldap.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
require 'omniauth'
module OmniAuth
module Strategies
class LDAP
include OmniAuth::Strategy
@@config = {
'name' => 'cn',
'first_name' => 'givenName',
'last_name' => 'sn',
'email' => ['mail', "email", 'userPrincipalName'],
'phone' => ['telephoneNumber', 'homePhone', 'facsimileTelephoneNumber'],
'mobile' => ['mobile', 'mobileTelephoneNumber'],
'nickname' => ['uid', 'userid', 'sAMAccountName'],
'title' => 'title',
'location' => {"%0, %1, %2, %3 %4" => [['address', 'postalAddress', 'homePostalAddress', 'street', 'streetAddress'], ['l'], ['st'],['co'],['postOfficeBox']]},
'uid' => 'dn',
'url' => ['wwwhomepage'],
'image' => 'jpegPhoto',
'description' => 'description'
}
option :title, "LDAP Authentication" #default title for authentication form
option :port, 389
option :method, :plain
option :uid, 'sAMAccountName'
option :name_proc, lambda {|n| n}
def request_phase
OmniAuth::LDAP::Adaptor.validate @options
f = OmniAuth::Form.new(:title => (options[:title] || "LDAP Authentication"), :url => callback_path)
f.text_field 'Login', 'username'
f.password_field 'Password', 'password'
f.button "Sign In"
f.to_response
end
def callback_phase
@adaptor = OmniAuth::LDAP::Adaptor.new @options
return fail!(:missing_credentials) if missing_credentials?
begin
@ldap_user_info = @adaptor.bind_as(:filter => filter(@adaptor), :size => 1, :password => request['password'])
return fail!(:invalid_credentials) if !@ldap_user_info
@user_info = self.class.map_user(@@config, @ldap_user_info)
super
rescue Exception => e
return fail!(:ldap_error, e)
end
end
def filter adaptor
if adaptor.filter and !adaptor.filter.empty?
Net::LDAP::Filter.construct(adaptor.filter % {username: @options[:name_proc].call(request['username'])})
else
Net::LDAP::Filter.eq(adaptor.uid, @options[:name_proc].call(request['username']))
end
end
uid {
@user_info["uid"]
}
info {
@user_info
}
extra {
{ :raw_info => @ldap_user_info }
}
def self.map_user(mapper, object)
user = {}
mapper.each do |key, value|
case value
when String
user[key] = object[value.downcase.to_sym].first if object.respond_to? value.downcase.to_sym
when Array
value.each {|v| (user[key] = object[v.downcase.to_sym].first; break;) if object.respond_to? v.downcase.to_sym}
when Hash
value.map do |key1, value1|
pattern = key1.dup
value1.each_with_index do |v,i|
part = ''; v.collect(&:downcase).collect(&:to_sym).each {|v1| (part = object[v1].first; break;) if object.respond_to? v1}
pattern.gsub!("%#{i}",part||'')
end
user[key] = pattern
end
end
end
user
end
protected
def missing_credentials?
request['username'].nil? or request['username'].empty? or request['password'].nil? or request['password'].empty?
end # missing_credentials?
end
end
end
OmniAuth.config.add_camelization 'ldap', 'LDAP'