avdt_ldap 0.2.7

data/lib/avdt_ldap/avdt_ldap.rb

@@ -0,0 +1,164 @@
+# AvdtLdap
+
+# This gem supports LDAP authentication both on sigle and multiple servers
+# with a minimal configuration.
+# It requires 'net/ldap' gem.
+# 
+# USAGE
+# Single directory authentication:
+# Autentication attempt will be made on environment-specific directory (i.e "development")
+# 
+# AvdtLdap.new.valid?(login, password)
+# => true (false)
+#
+# Multiple directories authentication:
+# Here we have authentication attemps made on 2 directories: the "foobar" and
+# the default (i.e environment-specific one)
+#
+#  a = AvdtLdap.new(:directories => [:foobar], :include_default => true)
+#  a.valid?(login,password)
+#  => true (false)
+#
+# User's attributes access:
+# If you have to access (read) user's attributes from the directory you can
+# use the handy methods provided by the gem. Let's suppose we need two attributes,
+# the user's name and surname ("givenName" and "sn" attributes on the directory).
+# Simply access attributes as in the example below:
+#
+# a = AvdtLdap.new.valid?(login, password)
+# name = a.givenname
+# surname = a.cn
+#
+# As you can see methods names reflects attribute's name (but always in downcase).
+# You can also access the whole attributes hash by calling:
+
+# a.user_attributes
+#
+# On which directory is located the user ?
+# You can know it by calling the +user_location+ method on your AvdtLdap object:
+#
+# location = a.user_location
+
+class AvdtLdap
+
+  # Used to simplify configuration from rails initializers.
+  # Works with the methods configuration and configure defined below.
+  class << self
+    attr_accessor :configuration
+  end
+
+  attr_accessor :directories, :include_default, :user_attributes, :user_location
+
+  # Loads ldap configuration file and sets up the object's parameters
+  def initialize(args = {})
+    if File.exist?(AvdtLdap.configuration.ldap_config_file)
+      @LDAP = YAML.load_file(AvdtLdap.configuration.ldap_config_file).symbolize_keys!
+    else
+      raise "AvdtLdap: File #{AvdtLdap.configuration.ldap_config_file} not found, maybe you forgot to define it ?"
+    end
+    @directories = args[:directories] || []
+    @directories << Rails.env.to_sym if ((@directories.any? and args[:include_default]) or !@directories.any?)
+  end
+
+  # Checks for user's existance on specified directories. Just pass "login" and
+  # "password" parameters to chech if a user resides on one of the directories.
+  # After this method calling, if the user is authenticated, his (directory)
+  # attributes are availaible.
+  def valid? login, password
+    @directories.each do |ldap|
+      ldap = ldap.to_sym
+      unless @LDAP[ldap].nil?
+        conn = connection(ldap)
+        conn.authenticate("#{attribute(ldap)}=#{login.to_s},#{base(ldap)}", password.to_s)
+        begin
+          # if bind => OK
+          if conn.bind
+            logger.info("Authenticated #{login.to_s} by #{host(ldap)}") if logger
+            @user_attributes = conn.search(:base => base(ldap),:filter => Net::LDAP::Filter.eq(attribute(ldap),login.to_s)).first.each do |k,v|
+              class_eval "attr_reader :#{k}"
+              self.instance_variable_set "@#{k}".to_sym, v
+            end
+            @user_location = ldap
+            return true
+          else
+            logger.info("Error attempting to authenticate #{login.to_s} by #{host(ldap)}: #{conn.get_operation_result.code} #{conn.get_operation_result.message}") if logger
+          end
+        rescue Net::LDAP::LdapError => error
+          logger.info("Error attempting to authenticate #{login.to_s} by #{host(ldap)}: #{error.message}") if logger
+          return false
+        end
+      else
+        logger.info "ERROR ! \"#{ldap}\" directory data are missing in ldap.yml" if logger
+        raise Net::LDAP::LdapError, "\"#{ldap}\" directory data are missing in ldap.yml"
+      end
+    end
+    false
+  end
+
+  # Adds configuration ability to the gem
+  def self.configuration
+    @configuration ||= Configuration.new
+  end
+
+  def self.configure
+    yield(configuration)
+  end
+
+  private
+
+  # Given a directory name returns a connection to that server using parameters
+  # specified in ldap.yml
+  def connection(which_ldap)
+    load_ldap_library
+    if @ldap_lib == "net/ldap"
+      Net::LDAP.new(:host => host(which_ldap), :port => port(which_ldap), :encryption => (:simple_tls if ssl?(which_ldap)))
+    else
+      (ssl?(which_ldap) ? LDAP::SSLConn : LDAP::Conn).new(host(which_ldap),port(which_ldap))
+    end
+  end
+
+  # Given a directory return it's host name
+  def host(which_ldap)
+    @LDAP[which_ldap][:host] || "127.0.0.1"
+  end
+
+  # Given a directory returns it's host port
+  def port(which_ldap)
+    ssl?(which_ldap) ? (@LDAP[which_ldap][:port] || 636) : (@LDAP[which_ldap][:port] || 389)
+  end
+
+  # Given a directory returns it's attribute (example: uid)
+  def attribute(which_ldap)
+    @LDAP[which_ldap][:attribute] || "uid"
+  end
+
+  # Given a directory returns it's base path (example ou=People,dc=foo,dc=bar)
+  def base(which_ldap)
+    @LDAP[which_ldap][:base] || "%s"
+  end
+
+  # Given a directory returns if connection should use ssl
+  def ssl?(which_ldap)
+    @LDAP[which_ldap][:ssl] ? true : false
+  end
+
+  # Loads the right ldap library
+  def load_ldap_library
+    return if @ldap_library_loaded
+    begin
+      require "ldap"
+      require "ldap/control"
+      @ldap_lib = "ldap/control"
+    rescue LoadError
+      require "net/ldap"
+      @ldap_lib = "net/ldap"
+    end
+    @ldap_library_loaded = true
+  end
+  
+  # Returns Rails Default logger
+  def logger
+    Rails.logger
+  end
+
+end

data/lib/avdt_ldap/configuration.rb

@@ -0,0 +1,7 @@
+class Configuration
+  attr_accessor :ldap_config_file
+
+  def initialize
+    @ldap_config_file = "#{Rails.root}/config/ldap.yml"
+  end
+end

data/lib/avdt_ldap/hash.rb

@@ -0,0 +1,20 @@
+class Hash
+    
+  # Transforms all the hash keys from strings to symbols.
+  # Example:
+  # {"one" => "two", "three" => "four"}.symbolize_keys
+  # => {:one=>"two", :three=>"four"}
+  #
+  def symbolize_keys!
+    t = self.dup
+    self.clear
+    t.each_pair do |k,v|
+      self[k.to_sym] = v
+      if v.kind_of?(Hash)
+        v.symbolize_keys!
+      end
+      self
+    end
+    self
+  end
+end

data/lib/avdt_ldap.rb

@@ -0,0 +1,4 @@
+# avdt init file
+require 'avdt_ldap/hash'
+require 'avdt_ldap/avdt_ldap'
+require 'avdt_ldap/configuration'

metadata

@@ -0,0 +1,66 @@
+--- !ruby/object:Gem::Specification
+name: avdt_ldap
+version: !ruby/object:Gem::Version
+  version: 0.2.7
+  prerelease: 
+platform: ruby
+authors:
+- Alessandro Verlato
+- Davide Targa
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2011-06-21 00:00:00.000000000 +02:00
+default_executable: 
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: net-ldap
+  requirement: &79290600 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: *79290600
+description: This gem can manage user authentication on multiple LDAP directories
+  that can reside either on same server or not.
+email:
+- averlato@gmail.com
+- davide.targa@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/avdt_ldap/hash.rb
+- lib/avdt_ldap/avdt_ldap.rb
+- lib/avdt_ldap/configuration.rb
+- lib/avdt_ldap.rb
+has_rdoc: true
+homepage: http://rubygems.org/gems/avdt_ldap
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.6.2
+signing_key: 
+specification_version: 3
+summary: Simple LDAP authentication library for user authentication on multiple LDAP
+  directories
+test_files: []