ldap_groups.patch

Javi Fontan, 04/25/2013 02:38 PM

Download (2.09 KB)

View differences:

src/authm_mad/remotes/ldap/authenticate
68 68 
begin
69 69 
    ldap=OpenNebula::LdapAuth.new(server_conf)
70 70 

  		




  71
  
  
    
    user_name=ldap.find_user(user)

  		




  
  71
  
    
    user_name, user_group=ldap.find_user(user)

  		




  72
  72
  
    

  		




  73
  73
  
    
    if !user_name

  		




  74
  74
  
    
        STDERR.puts "User #{user} not found"

  		




  ......




  76
  76
  
    
    end

  		




  77
  77
  
    

  		




  78
  78
  
    
    if server_conf[:group]

  		




  79
  
  
    
        if !ldap.is_in_group?(user_name, server_conf[:group])

  		




  80
  
  
    
            STDERR.puts "User #{user} is not in group #{server_conf[:group]}"

  		




  
  79
  
    
        group=server_conf[:group]

  		




  
  80
  
    
        if (server_conf[:user_group_field] && group!=user_group) ||

  		




  
  81
  
    
                !ldap.is_in_group?(user_name, group)

  		




  
  82
  
    
            STDERR.puts "User #{user} is not in group #{group}"

  		




  81
  83
  
    
            next

  		




  82
  84
  
    
        end

  		




  83
  85
  
    
    end

  		












  

    
      src/authm_mad/remotes/ldap/ldap_auth.rb
    
  





  56
  56
  
    
                :filter => "#{@options[:user_field]}=#{name}")

  		




  57
  57
  
    

  		




  58
  58
  
    
            if result && result.first

  		




  59
  
  
    
                result.first.dn

  		




  
  59
  
    
                n=result.first.dn

  		




  
  60
  
    
                if @options[:user_group_field]

  		




  
  61
  
    
                    g=result.first[:user_group_field]

  		




  
  62
  
    
                else

  		




  
  63
  
    
                    g=nil

  		




  
  64
  
    
                end

  		




  
  65
  
    
                [n, g]

  		




  60
  66
  
    
            else

  		




  61
  67
  
    
                result=@ldap.search(:base => name)

  		




  62
  68
  
    

  		




  63
  69
  
    
                if result && result.first

  		




  64
  
  
    
                    name

  		




  
  70
  
    
                    if @options[:user_group_field]

  		




  
  71
  
    
                        g=result.first[:user_group_field]

  		




  
  72
  
    
                    else

  		




  
  73
  
    
                        g=nil

  		




  
  74
  
    
                    end

  		




  
  75
  
    
                    [name, g]

  		




  65
  76
  
    
                else

  		




  66
  
  
    
                    nil

  		




  
  77
  
    
                    [nil, nil]

  		




  67
  78
  
    
                end

  		




  68
  79
  
    
            end

  		




  69
  80
  
    
        rescue

  		




  70
  
  
    
            nil

  		




  
  81
  
    
            [nil, nil]

  		




  71
  82
  
    
        end

  		




  72
  83
  
    
    end

  		




  73
  84