avdt_ldap 0.2.7 → 1.0.0

data/.gitignore

@@ -0,0 +1,4 @@
+*.gem
+.bundle
+Gemfile.lock
+pkg/*

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in avdt_ldap.gemspec
+gemspec

data/LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2011 Alessandro Verlato, Davide Targa
+
+Permission is hereby granted, free of charge, to any person obtaining a copy 
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights 
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 
+copies of the Software, and to permit persons to whom the Software is 
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in 
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 
+SOFTWARE.

data/README.rdoc

@@ -0,0 +1,113 @@
+= AvdtLdap
+
+This gem supports LDAP authentication both on sigle and multiple servers with a minimal configuration.
+It requires 'net-ldap' gem (automatically installed)
+
+== Installation
+
+=== Rails 3
+
+Add this to your +Gemfile+ and run the +bundle+ command:
+
+  gem "avdt_ldap"
+
+=== Rails 2
+
+Add this to your environment.rb file:
+
+  config.gem "avdt_ldap"
+
+== Usage
+
+Just add a config file named ldap.yml in config/ directory.
+
+You can change default file name by setting +ldap_config_file+ configuration parameter.
+For example, inside the avdt_ldap initializer:
+
+  AvdtLdap.configure do |c|
+    c.ldap_config_file = "#{Rails.root}/config/foobar.yml"
+  end
+
+== ldap.yml
+
+Inside this file you have to specify connection parameters for all the directories on which to verify users credentials
+
+Example file:
+
+  common: &com
+    host: ldap.yourhost.com
+    port: 389
+    attribute: uid
+    base: ou=People,dc=example,dc=com
+    ssl: false
+
+  development:
+    <<: *com
+
+  test:
+    <<: *com
+
+  production:
+    <<: *com
+
+  foobar:
+    host: foobar.yourhost.com
+    attribute: cn
+    base: ou=Users,dc=foo,dc=bar
+
+Here we have specified common data (the same for every environment) and another directory (foobar) configuration parameters.
+Not specified parameters will be set to the default values:
+
+  host: "127.0.0.1"
+  port: 389
+  attribute: uid
+  base: %s
+  ssl: false
+
+=== Single directory authentication
+
+To verify user's credentials on the default directory (i.e the environment-specific one) simply do this:
+
+  AvdtLdap.new.valid?(login, password)
+
+As mentioned this will try to authenticate the user on the environment-specific directory (for example on the development one) and will return true or false. If authentication fails an error message, containing directory response (error message and code), will be displayed on server's logs.
+
+=== Multiple directories authentication
+
+If you have to check user's credentials on multiple directories, for example because you don't know on which one user data is stored, you have to define the configuration parameters of the new directory(ies) inside ldap.yml. In our example we have defined +foobar+ as further directory on which to perform user's authentication.
+
+The new() method accepts an hash of parameters to specify on which directories authentication should be performed. In our case the code will look like this:
+
+  a = AvdtLdap.new(:directories => [:foobar], :include_default => true)
+  a.valid?(login,password)
+  => true
+
+The +include_default+ option is used to specify if the authentication shoud be performed also on environment-specific directory server (default is +false+).
+
+NOTE: The authentication process stops as soon as one positive match is found, so it's possible that not all the directories are queried.
+
+=== User's attributes access
+
+On both cases (single and multiple directories) if the authentication process is successfull, you can access user's attributes simply by call a method with the same name of the desired attribute on your AvdtLdap object. For example let's suppose we want user's name and surname (+givenName+ and +sn+ attributes on the directory), than you can do this:
+
+  username = a.givenname
+  surname = a.cn
+
+Note: theese methods must be called on lowercase
+
+You can also access the whole attributes hash by calling:
+
+  a.user_attributes
+
+==== On which directory is located the user ?
+
+You can know it by calling the +user_location+ method on your AvdtLdap object:
+
+  location = a.user_location
+
+
+
+
+
+
+

data/Rakefile

@@ -0,0 +1 @@
+require 'bundler/gem_tasks'

data/avdt_ldap.gemspec

@@ -0,0 +1,21 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "avdt_ldap/version"
+
+Gem::Specification.new do |s|
+  s.name        = "avdt_ldap"
+  s.version     = AvdtLdap::VERSION
+  s.authors     = ["Alessandro Verlato","Davide Targa"]
+  s.email       = ["averlato@gmail.com","davide.targa@gmail.com"]
+  s.homepage    = "https://rubygems.org/gems/avdt_ldap"
+  s.summary     = %q{Simple LDAP authentication library for user authentication on multiple LDAP directories}
+  s.description = %q{This gem can manage user authentication on multiple LDAP directories that can reside either on same server or not.}
+
+  s.rubyforge_project = "avdt_ldap"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+  s.add_dependency "net-ldap"
+end

data/ldap.example.yml

@@ -0,0 +1,34 @@
+# All the directory attributes (except "base") are optional. Defaults are specified in the example below.
+
+development:
+  dir1:
+    host: ldap.foobar.com		# defaults to "127.0.0.1"
+    base: ou=People,dc=foobar,dc=com    # REQUIRED
+    port: 123				# defaults to 389
+    ssl: true				# defaults to false
+    attribute: cn			# defaults to "uid"
+    
+
+  dir2:
+    host: ldap.goofy.foobar.com
+    base: ou=People,dc=goofy,dc=foobar,dc=com
+
+test:
+  dir1: 
+    host: ldap.test.foobar.com
+    base: ou=People,dc=foobar,dc=com
+ 
+  dir2:
+    host: ldap.goofy.foobar.com
+    base: ou=People,dc=goofy,dc=foobar,dc=com
+
+production:
+  dir2:
+    host: ldap.live.foobar.com
+    base: ou=People,dc=foobar,dc=com
+    attribute: cn
+
+  new_dir:
+    host: donald.duck.com
+    attribute: foo
+    base: ou=Ducks,dc=foobar,dc=com

data/lib/avdt_ldap/avdt_ldap.rb

@@ -39,6 +39,8 @@
 #
 # location = a.user_location
 
+require 'net/ldap'
+
 class AvdtLdap
 
   # Used to simplify configuration from rails initializers.
@@ -56,8 +58,7 @@ class AvdtLdap
     else
       raise "AvdtLdap: File #{AvdtLdap.configuration.ldap_config_file} not found, maybe you forgot to define it ?"
     end
-    @directories = args[:directories] || []
-    @directories << Rails.env.to_sym if ((@directories.any? and args[:include_default]) or !@directories.any?)
+    @directories = args[:directories] || @LDAP[env].keys
   end
 
   # Checks for user's existance on specified directories. Just pass "login" and
@@ -67,7 +68,7 @@ class AvdtLdap
   def valid? login, password
     @directories.each do |ldap|
       ldap = ldap.to_sym
-      unless @LDAP[ldap].nil?
+      unless @LDAP[env][ldap].nil?
         conn = connection(ldap)
         conn.authenticate("#{attribute(ldap)}=#{login.to_s},#{base(ldap)}", password.to_s)
         begin
@@ -109,56 +110,41 @@ class AvdtLdap
   # Given a directory name returns a connection to that server using parameters
   # specified in ldap.yml
   def connection(which_ldap)
-    load_ldap_library
-    if @ldap_lib == "net/ldap"
-      Net::LDAP.new(:host => host(which_ldap), :port => port(which_ldap), :encryption => (:simple_tls if ssl?(which_ldap)))
-    else
-      (ssl?(which_ldap) ? LDAP::SSLConn : LDAP::Conn).new(host(which_ldap),port(which_ldap))
-    end
+    Net::LDAP.new(:host => host(which_ldap), :port => port(which_ldap), :encryption => (:simple_tls if ssl?(which_ldap)))
   end
 
   # Given a directory return it's host name
   def host(which_ldap)
-    @LDAP[which_ldap][:host] || "127.0.0.1"
+    @LDAP[env][which_ldap][:host] || "127.0.0.1"
   end
 
   # Given a directory returns it's host port
   def port(which_ldap)
-    ssl?(which_ldap) ? (@LDAP[which_ldap][:port] || 636) : (@LDAP[which_ldap][:port] || 389)
+    ssl?(which_ldap) ? (@LDAP[env][which_ldap][:port] || 636) : (@LDAP[env][which_ldap][:port] || 389)
   end
 
   # Given a directory returns it's attribute (example: uid)
   def attribute(which_ldap)
-    @LDAP[which_ldap][:attribute] || "uid"
+    @LDAP[env][which_ldap][:attribute] || "uid"
   end
 
   # Given a directory returns it's base path (example ou=People,dc=foo,dc=bar)
   def base(which_ldap)
-    @LDAP[which_ldap][:base] || "%s"
+    @LDAP[env][which_ldap][:base] || "%s"
   end
 
   # Given a directory returns if connection should use ssl
   def ssl?(which_ldap)
-    @LDAP[which_ldap][:ssl] ? true : false
+    @LDAP[env][which_ldap][:ssl] ? true : false
   end
 
-  # Loads the right ldap library
-  def load_ldap_library
-    return if @ldap_library_loaded
-    begin
-      require "ldap"
-      require "ldap/control"
-      @ldap_lib = "ldap/control"
-    rescue LoadError
-      require "net/ldap"
-      @ldap_lib = "net/ldap"
-    end
-    @ldap_library_loaded = true
-  end
-  
   # Returns Rails Default logger
   def logger
     Rails.logger
   end
 
+  def env
+    Rails.env.to_sym
+  end
+
 end

data/lib/avdt_ldap/version.rb

@@ -0,0 +1,3 @@
+module AvdtLdap
+  VERSION = "1.0.0"
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: avdt_ldap
 version: !ruby/object:Gem::Version
-  version: 0.2.7
+  version: 1.0.0
   prerelease: 
 platform: ruby
 authors:
@@ -10,12 +10,12 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2011-06-21 00:00:00.000000000 +02:00
+date: 2011-06-22 00:00:00.000000000 +02:00
 default_executable: 
 dependencies:
 - !ruby/object:Gem::Dependency
   name: net-ldap
-  requirement: &79290600 !ruby/object:Gem::Requirement
+  requirement: &85984200 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -23,7 +23,7 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *79290600
+  version_requirements: *85984200
 description: This gem can manage user authentication on multiple LDAP directories
   that can reside either on same server or not.
 email:
@@ -33,12 +33,20 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- lib/avdt_ldap/hash.rb
+- .gitignore
+- Gemfile
+- LICENSE
+- README.rdoc
+- Rakefile
+- avdt_ldap.gemspec
+- ldap.example.yml
+- lib/avdt_ldap.rb
 - lib/avdt_ldap/avdt_ldap.rb
 - lib/avdt_ldap/configuration.rb
-- lib/avdt_ldap.rb
+- lib/avdt_ldap/hash.rb
+- lib/avdt_ldap/version.rb
 has_rdoc: true
-homepage: http://rubygems.org/gems/avdt_ldap
+homepage: https://rubygems.org/gems/avdt_ldap
 licenses: []
 post_install_message: 
 rdoc_options: []
@@ -57,7 +65,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
+rubyforge_project: avdt_ldap
 rubygems_version: 1.6.2
 signing_key: 
 specification_version: 3