ldap_auth.rb
| 1 |
# ---------------------------------------------------------------------------- #
|
|---|---|
| 2 |
# Copyright 2010-2013, C12G Labs S.L #
|
| 3 |
# #
|
| 4 |
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
|
| 5 |
# not use this file except in compliance with the License. You may obtain #
|
| 6 |
# a copy of the License at #
|
| 7 |
# #
|
| 8 |
# http://www.apache.org/licenses/LICENSE-2.0 #
|
| 9 |
# #
|
| 10 |
# Unless required by applicable law or agreed to in writing, software #
|
| 11 |
# distributed under the License is distributed on an "AS IS" BASIS, #
|
| 12 |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
|
| 13 |
# See the License for the specific language governing permissions and #
|
| 14 |
# limitations under the License. #
|
| 15 |
# ---------------------------------------------------------------------------- #
|
| 16 |
|
| 17 |
require 'rubygems'
|
| 18 |
require 'net/ldap'
|
| 19 |
|
| 20 |
module OpenNebula; end |
| 21 |
|
| 22 |
class OpenNebula::LdapAuth |
| 23 |
def initialize(options) |
| 24 |
@options={
|
| 25 |
:host => 'localhost', |
| 26 |
:port => 389, |
| 27 |
:user => nil, |
| 28 |
:password => nil, |
| 29 |
:base => nil, |
| 30 |
:auth_method => :simple, |
| 31 |
:user_field => 'cn', |
| 32 |
:user_group_field => 'dn', |
| 33 |
:group_field => 'member' |
| 34 |
}.merge(options) |
| 35 |
|
| 36 |
ops={}
|
| 37 |
|
| 38 |
if @options[:user] |
| 39 |
ops[:auth] = {
|
| 40 |
:method => @options[:auth_method], |
| 41 |
:username => @options[:user], |
| 42 |
:password => @options[:password] |
| 43 |
} |
| 44 |
end
|
| 45 |
|
| 46 |
ops[:host]=@options[:host] if @options[:host] |
| 47 |
ops[:port]=@options[:port].to_i if @options[:port] |
| 48 |
ops[:encryption]=@options[:encryption] if @options[:encryption] |
| 49 |
|
| 50 |
@ldap=Net::LDAP.new(ops) |
| 51 |
end
|
| 52 |
|
| 53 |
def find_user(name) |
| 54 |
begin
|
| 55 |
result=@ldap.search(
|
| 56 |
:base => @options[:base], |
| 57 |
:filter => "#{@options[:user_field]}=#{name}") |
| 58 |
|
| 59 |
if result && result.first
|
| 60 |
[result.first.dn, result.first[@options[:user_group_field]]] |
| 61 |
else
|
| 62 |
result=@ldap.search(:base => name) |
| 63 |
|
| 64 |
if result && result.first
|
| 65 |
[name, result.first[@options[:user_group_field]]] |
| 66 |
else
|
| 67 |
[nil, nil] |
| 68 |
end
|
| 69 |
end
|
| 70 |
rescue
|
| 71 |
[nil, nil] |
| 72 |
end
|
| 73 |
end
|
| 74 |
|
| 75 |
def is_in_group?(user, group) |
| 76 |
result=@ldap.search(:base => group, |
| 77 |
:filter => "(#{@options[:group_field]}=#{user})") |
| 78 |
|
| 79 |
if result && result.first
|
| 80 |
true
|
| 81 |
else
|
| 82 |
false
|
| 83 |
end
|
| 84 |
end
|
| 85 |
|
| 86 |
def authenticate(user, password) |
| 87 |
ldap=@ldap.clone
|
| 88 |
|
| 89 |
auth={
|
| 90 |
:method => @options[:auth_method], |
| 91 |
:username => user,
|
| 92 |
:password => password
|
| 93 |
} |
| 94 |
|
| 95 |
if ldap.bind(auth)
|
| 96 |
true
|
| 97 |
else
|
| 98 |
false
|
| 99 |
end
|
| 100 |
end
|
| 101 |
end
|
| 102 |
|