Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add simple_ldap_authenticator plugin
- Loading branch information
0 parents
commit 08354a6
Showing
7 changed files
with
109 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
SimpleLdapAuthenticator | ||
======================= | ||
|
||
Allows for simple authentication to an LDAP server with a minimum of | ||
configuration. See the RDoc for details. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
require 'rake' | ||
require 'rake/testtask' | ||
require 'rake/rdoctask' | ||
|
||
desc 'Default: run unit tests.' | ||
task :default => :test | ||
|
||
desc 'Test the simple_ldap_authenticator plugin.' | ||
Rake::TestTask.new(:test) do |t| | ||
t.libs << 'lib' | ||
t.pattern = 'test/**/*_test.rb' | ||
t.verbose = true | ||
end | ||
|
||
desc 'Generate documentation for the simple_ldap_authenticator plugin.' | ||
Rake::RDocTask.new(:rdoc) do |rdoc| | ||
rdoc.rdoc_dir = 'rdoc' | ||
rdoc.title = 'SimpleLdapAuthenticator' | ||
rdoc.options << '--line-numbers' << '--inline-source' | ||
rdoc.rdoc_files.include('README') | ||
rdoc.rdoc_files.include('lib/**/*.rb') | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
# Include hook code here | ||
#require 'simple_ldap_authenticator' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
# Install hook code here |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
# SimpleLdapAuthenticator | ||
require 'ldap' | ||
require 'ldap/control' | ||
|
||
# Allows for easily authenticated users via LDAP (or LDAPS). If authenticated | ||
# via LDAP to a server running on localhost, you should only have to configure | ||
# the login_format. | ||
# | ||
# Can be configured using the following accessors (with examples): | ||
# * login_format = '%s@domain.com' # Active Directory, OR | ||
# * login_format = 'cn=%s,cn=users,o=organization,c=us' # Other LDAP servers | ||
# * servers = ['dc1.domain.com', 'dc2.domain.com'] # names/addresses of LDAP servers to use | ||
# * use_ssl = true # for logging in via LDAPS | ||
# * port = 3289 # instead of 389 for LDAP or 636 for LDAPS | ||
# * logger = RAILS_DEFAULT_LOGGER # for logging authentication successes/failures | ||
# | ||
# The class is used as a global variable, you are not supposed to create an | ||
# instance of it. For example: | ||
# | ||
# require 'simple_ldap_authenticator' | ||
# SimpleLdapAuthenticator.servers = %w'dc1.domain.com dc2.domain.com' | ||
# SimpleLdapAuthenticator.use_ssl = true | ||
# SimpleLdapAuthenticator.login_format = '%s@domain.com' | ||
# SimpleLdapAuthenticator.logger = RAILS_DEFAULT_LOGGER | ||
# class LoginController < ApplicationController | ||
# def login | ||
# return redirect_to(:action=>'try_again') unless SimpleLdapAuthenticator.valid?(params[:username], params[:password]) | ||
# session[:username] = params[:username] | ||
# end | ||
# end | ||
class SimpleLdapAuthenticator | ||
class << self | ||
@servers = ['127.0.0.1'] | ||
@use_ssl = false | ||
@login_format = '%s' | ||
attr_accessor :servers, :use_ssl, :port, :login_format, :logger, :connection | ||
|
||
# The next LDAP server to which to connect | ||
def server | ||
servers[0] | ||
end | ||
|
||
# Disconnect from current LDAP server and use a different LDAP server on the | ||
# next authentication attempt | ||
def switch_server | ||
self.connection = nil | ||
servers << servers.shift | ||
end | ||
|
||
# Check the validity of a login/password combination | ||
def valid?(login, password) | ||
self.connection ||= use_ssl ? LDAP::SSLConn.new(server, port || 636) : LDAP::Conn.new(server, port || 389) | ||
connection.unbind if connection.bound? | ||
begin | ||
connection.bind(login_format % login.to_s, password.to_s) | ||
connection.unbind | ||
logger.info("Authenticated #{login.to_s} by #{server}") if logger | ||
true | ||
rescue LDAP::ResultError => error | ||
connection.unbind if connection.bound? | ||
logger.info("Error attempting to authenticate #{login.to_s} by #{server}: #{error.message}") if logger | ||
switch_server unless error.message == 'Invalid credentials' | ||
false | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
# desc "Explaining what the task does" | ||
# task :simple_ldap_authenticator do | ||
# # Task goes here | ||
# end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
require 'test/unit' | ||
|
||
class SimpleLdapAuthenticatorTest < Test::Unit::TestCase | ||
# Replace this with your real tests. | ||
def test_this_plugin | ||
flunk | ||
end | ||
end |