0001-Allow-configuration-of-ldap-group-member-field.patch

Jean-Philippe Garcia Ballester, 04/26/2013 08:05 AM

Download (4.22 KB)

View differences:

src/authm_mad/remotes/ldap/authenticate
68 68
begin
69 69
    ldap=OpenNebula::LdapAuth.new(server_conf)
70 70

  
71
    user_name=ldap.find_user(user)
71
    user_name,user_group_name=ldap.find_user(user)
72 72

  
73 73
    if !user_name
74 74
        STDERR.puts "User #{user} not found"
......
76 76
    end
77 77

  
78 78
    if server_conf[:group]
79
        if !ldap.is_in_group?(user_name, server_conf[:group])
79
        if !ldap.is_in_group?(user_group_name, server_conf[:group])
80 80
            STDERR.puts "User #{user} is not in group #{server_conf[:group]}"
81 81
            next
82 82
        end
src/authm_mad/remotes/ldap/ldap_auth.conf
46 46
    # field name for group membership, by default it is 'member'
47 47
    #:group_field: 'member'
48 48

  
49
    # user field that that is in in the group group_field, if not set 'dn' will be used
50
    #:user_group_field: 'dn'
51

  
49 52
# this example server wont be called as it is not in the :order list
50 53
server 2:
51 54
    :auth_method: :simple
src/authm_mad/remotes/ldap/ldap_auth.rb
29 29
            :base => nil,
30 30
            :auth_method => :simple,
31 31
            :user_field => 'cn',
32
            :user_group_field => 'dn',
32 33
            :group_field => 'member'
33 34
        }.merge(options)
34 35

  
......
56 57
                :filter => "#{@options[:user_field]}=#{name}")
57 58

  
58 59
            if result && result.first
59
                result.first.dn
60
                [result.first.dn, result.first[@options[:user_group_field]]]
60 61
            else
61 62
                result=@ldap.search(:base => name)
62 63

  
63 64
                if result && result.first
64
                    name
65
                    [name, result.first[@options[:user_group_field]]]
65 66
                else
66
                    nil
67
                    [nil, nil]
67 68
                end
68 69
            end
69 70
        rescue
70
            nil
71
            [nil, nil]
71 72
        end
72 73
    end
73 74

  
src/authm_mad/remotes/ldap/test/ldap_auth_spec.rb
29 29
    end
30 30

  
31 31
    it 'should find user dn' do
32
        name=@ldap.find_user('user01')
32
        name,group_name=@ldap.find_user('user01')
33 33
        name.should=='cn=user01,dc=localdomain'
34
        group_name.should=='cn=user01,dc=localdomain'
34 35

  
35
        name=@ldap.find_user('user02')
36
        name,group_name=@ldap.find_user('user02')
36 37
        name.should=='cn=user02,dc=localdomain'
38
        group_name.should=='cn=user02,dc=localdomain'
37 39

  
38
        name=@ldap.find_user('user03')
40
        name,group_name=@ldap.find_user('user03')
39 41
        name.should==nil
42
        group_name.should==nil
40 43

  
41 44
        name=@ldap.find_user('cn=user01,dc=localdomain')
42 45
        name.should=='cn=user01,dc=localdomain'
46
        group_name.should=='cn=user01,dc=localdomain'
43 47
    end
44 48

  
45 49
    it 'should tell if a user is in a group' do
46
-