kotovalexarian-likes-github/omniauth--omniauth
1
0
Fork 0
mirror of https://github.com/omniauth/omniauth.git synced 2022-11-09 12:31:49 -05:00
Code Releases Activity

adding user lookup before the first, and use the DN from

Browse source 
the lookup result in the final binding.
This commit is contained in:
Ping Yu 2011-01-02 11:55:11 -06:00
parent 61eb50782b
commit 0ed8037344
3 changed files with 84 additions and 76 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
oa-enterprise/README.rdoc
View file

@ -36,10 +36,18 @@ Use the LDAP strategy as a middleware in your applicaiton:
:base => 'dc=intridea, dc=com', :base => 'dc=intridea, dc=com',
:uid => 'sAMAccountName', :uid => 'sAMAccountName',
:name_proc => Proc.new {|name| name.gsub(/@.*$/,'')} :name_proc => Proc.new {|name| name.gsub(/@.*$/,'')}
:bind_dn => 'default_bind_dn'
:password => 'password'
All of the listed options are required, with the exception of :name_proc. All of the listed options are required, with the exception of :name_proc, :bind_dn, and :password
Allowed values of :method are: :plain, :ssl, :tls. Allowed values of :method are: :plain, :ssl, :tls.
:bind_dn and :password are used to perform the initial binding if user lookup is
needed. If the user lookup returns result, the DN attribute from the result set is used
to perform the final binding. This is needed only when the LDAP server requires
DN to be used for binding and you may only want user to using email or username
in the login form.
:uid is the LDAP attribute name for the user name in the login form. typically :uid is the LDAP attribute name for the user name in the login form. typically
AD would be 'sAMAccountName' or 'UserPrincipalName', while OpenLDAP is 'uid'. AD would be 'sAMAccountName' or 'UserPrincipalName', while OpenLDAP is 'uid'.
You can also use 'dn', if your user choose the put in the dn in the login form You can also use 'dn', if your user choose the put in the dn in the login form

11
oa-enterprise/lib/omniauth/strategies/ldap.rb
View file

@ -52,15 +52,16 @@ module OmniAuth
def perform def perform
begin begin
bind_dn = "#{@adaptor.uid}=#{request.POST['username']}" @ldap_user_info = {}
bind_dn << ",#{@adaptor.base}" unless @adaptor.base == '' (@adaptor.bind unless @adaptor.bound?) rescue puts "failed to bind with the default credentials"
@ldap_user_info = @adaptor.search(:filter => Net::LDAP::Filter.eq(@adaptor.uid, @name_proc.call(request.POST['username'])),:limit => 1) if @adaptor.bound?
bind_dn = request.POST['username']
bind_dn = @ldap_user_info[:dn].to_a.first if @ldap_user_info[:dn]
@adaptor.bind(:bind_dn => bind_dn, :password => request.POST['password']) @adaptor.bind(:bind_dn => bind_dn, :password => request.POST['password'])
@ldap_user_info = @adaptor.search(:filter => Net::LDAP::Filter.eq(@adaptor.uid, @name_proc.call(request.POST['username'])),:limit => 1) @ldap_user_info = @adaptor.search(:filter => Net::LDAP::Filter.eq(@adaptor.uid, @name_proc.call(request.POST['username'])),:limit => 1) if @ldap_user_info.empty?
@user_info = self.class.map_user(@@config, @ldap_user_info) @user_info = self.class.map_user(@@config, @ldap_user_info)
@env['omniauth.auth'] = auth_hash @env['omniauth.auth'] = auth_hash
#@env['REQUEST_METHOD'] = 'GET'
@env['PATH_INFO'] = "#{OmniAuth.config.path_prefix}/#{name}/callback" @env['PATH_INFO'] = "#{OmniAuth.config.path_prefix}/#{name}/callback"
call_app! call_app!

3
oa-enterprise/lib/omniauth/strategies/ldap/adaptor.rb
View file

@ -46,9 +46,8 @@ module OmniAuth
def connect(options={}) def connect(options={})
host = options[:host] || @host host = options[:host] || @host
method = options[:method] || @method || :plain method = ensure_method(options[:method] || @method || :plain)
port = options[:port] || @port || ensure_port(method) port = options[:port] || @port || ensure_port(method)
method = ensure_method(method)
@disconnected = false @disconnected = false
@bound = false @bound = false
@bind_tried = false @bind_tried = false