0001-Allow-configuration-of-ldap-group-member-field.patch
| src/authm_mad/remotes/ldap/authenticate | ||
|---|---|---|
| 68 | 68 |
begin |
| 69 | 69 |
ldap=OpenNebula::LdapAuth.new(server_conf) |
| 70 | 70 | |
| 71 |
user_name=ldap.find_user(user) |
|
| 71 |
user_name,user_group_name=ldap.find_user(user)
|
|
| 72 | 72 | |
| 73 | 73 |
if !user_name |
| 74 | 74 |
STDERR.puts "User #{user} not found"
|
| ... | ... | |
| 76 | 76 |
end |
| 77 | 77 | |
| 78 | 78 |
if server_conf[:group] |
| 79 |
if !ldap.is_in_group?(user_name, server_conf[:group]) |
|
| 79 |
if !ldap.is_in_group?(user_group_name, server_conf[:group])
|
|
| 80 | 80 |
STDERR.puts "User #{user} is not in group #{server_conf[:group]}"
|
| 81 | 81 |
next |
| 82 | 82 |
end |
| src/authm_mad/remotes/ldap/ldap_auth.conf | ||
|---|---|---|
| 46 | 46 |
# field name for group membership, by default it is 'member' |
| 47 | 47 |
#:group_field: 'member' |
| 48 | 48 | |
| 49 |
# user field that that is in in the group group_field, if not set 'dn' will be used |
|
| 50 |
#:user_group_field: 'dn' |
|
| 51 | ||
| 49 | 52 |
# this example server wont be called as it is not in the :order list |
| 50 | 53 |
server 2: |
| 51 | 54 |
:auth_method: :simple |
| src/authm_mad/remotes/ldap/ldap_auth.rb | ||
|---|---|---|
| 29 | 29 |
:base => nil, |
| 30 | 30 |
:auth_method => :simple, |
| 31 | 31 |
:user_field => 'cn', |
| 32 |
:user_group_field => 'dn', |
|
| 32 | 33 |
:group_field => 'member' |
| 33 | 34 |
}.merge(options) |
| 34 | 35 | |
| ... | ... | |
| 56 | 57 |
:filter => "#{@options[:user_field]}=#{name}")
|
| 57 | 58 | |
| 58 | 59 |
if result && result.first |
| 59 |
result.first.dn
|
|
| 60 |
[result.first.dn, result.first[@options[:user_group_field]]]
|
|
| 60 | 61 |
else |
| 61 | 62 |
result=@ldap.search(:base => name) |
| 62 | 63 | |
| 63 | 64 |
if result && result.first |
| 64 |
name
|
|
| 65 |
[name, name]
|
|
| 65 | 66 |
else |
| 66 |
nil
|
|
| 67 |
[nil, nil]
|
|
| 67 | 68 |
end |
| 68 | 69 |
end |
| 69 | 70 |
rescue |
| 70 |
nil
|
|
| 71 |
[nil, nil]
|
|
| 71 | 72 |
end |
| 72 | 73 |
end |
| 73 | 74 | |
| src/authm_mad/remotes/ldap/test/ldap_auth_spec.rb | ||
|---|---|---|
| 29 | 29 |
end |
| 30 | 30 | |
| 31 | 31 |
it 'should find user dn' do |
| 32 |
name=@ldap.find_user('user01')
|
|
| 32 |
name,group_name=@ldap.find_user('user01')
|
|
| 33 | 33 |
name.should=='cn=user01,dc=localdomain' |
| 34 |
group_name.should=='cn=user01,dc=localdomain' |
|
| 34 | 35 | |
| 35 |
name=@ldap.find_user('user02')
|
|
| 36 |
name,group_name=@ldap.find_user('user02')
|
|
| 36 | 37 |
name.should=='cn=user02,dc=localdomain' |
| 38 |
group_name.should=='cn=user02,dc=localdomain' |
|
| 37 | 39 | |
| 38 |
name=@ldap.find_user('user03')
|
|
| 40 |
name,group_name=@ldap.find_user('user03')
|
|
| 39 | 41 |
name.should==nil |
| 42 |
group_name.should==nil |
|
| 40 | 43 | |
| 41 | 44 |
name=@ldap.find_user('cn=user01,dc=localdomain')
|
| 42 | 45 |
name.should=='cn=user01,dc=localdomain' |
| 46 |
group_name.should=='cn=user01,dc=localdomain' |
|
| 43 | 47 |
end |
| 44 | 48 | |
| 45 | 49 |
it 'should tell if a user is in a group' do |
| 46 |
- |
|