avdt_ldap 0.2.7 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +4 -0
- data/Gemfile +4 -0
- data/LICENSE +19 -0
- data/README.rdoc +113 -0
- data/Rakefile +1 -0
- data/avdt_ldap.gemspec +21 -0
- data/ldap.example.yml +34 -0
- data/lib/avdt_ldap/avdt_ldap.rb +14 -28
- data/lib/avdt_ldap/version.rb +3 -0
- metadata +16 -8
data/.gitignore
ADDED
data/Gemfile
ADDED
data/LICENSE
ADDED
@@ -0,0 +1,19 @@
|
|
1
|
+
Copyright (c) 2011 Alessandro Verlato, Davide Targa
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
4
|
+
of this software and associated documentation files (the "Software"), to deal
|
5
|
+
in the Software without restriction, including without limitation the rights
|
6
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
7
|
+
copies of the Software, and to permit persons to whom the Software is
|
8
|
+
furnished to do so, subject to the following conditions:
|
9
|
+
|
10
|
+
The above copyright notice and this permission notice shall be included in
|
11
|
+
all copies or substantial portions of the Software.
|
12
|
+
|
13
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
14
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
15
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
16
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
17
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
18
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
19
|
+
SOFTWARE.
|
data/README.rdoc
ADDED
@@ -0,0 +1,113 @@
|
|
1
|
+
= AvdtLdap
|
2
|
+
|
3
|
+
This gem supports LDAP authentication both on sigle and multiple servers with a minimal configuration.
|
4
|
+
It requires 'net-ldap' gem (automatically installed)
|
5
|
+
|
6
|
+
== Installation
|
7
|
+
|
8
|
+
=== Rails 3
|
9
|
+
|
10
|
+
Add this to your +Gemfile+ and run the +bundle+ command:
|
11
|
+
|
12
|
+
gem "avdt_ldap"
|
13
|
+
|
14
|
+
=== Rails 2
|
15
|
+
|
16
|
+
Add this to your environment.rb file:
|
17
|
+
|
18
|
+
config.gem "avdt_ldap"
|
19
|
+
|
20
|
+
== Usage
|
21
|
+
|
22
|
+
Just add a config file named ldap.yml in config/ directory.
|
23
|
+
|
24
|
+
You can change default file name by setting +ldap_config_file+ configuration parameter.
|
25
|
+
For example, inside the avdt_ldap initializer:
|
26
|
+
|
27
|
+
AvdtLdap.configure do |c|
|
28
|
+
c.ldap_config_file = "#{Rails.root}/config/foobar.yml"
|
29
|
+
end
|
30
|
+
|
31
|
+
== ldap.yml
|
32
|
+
|
33
|
+
Inside this file you have to specify connection parameters for all the directories on which to verify users credentials
|
34
|
+
|
35
|
+
Example file:
|
36
|
+
|
37
|
+
common: &com
|
38
|
+
host: ldap.yourhost.com
|
39
|
+
port: 389
|
40
|
+
attribute: uid
|
41
|
+
base: ou=People,dc=example,dc=com
|
42
|
+
ssl: false
|
43
|
+
|
44
|
+
development:
|
45
|
+
<<: *com
|
46
|
+
|
47
|
+
test:
|
48
|
+
<<: *com
|
49
|
+
|
50
|
+
production:
|
51
|
+
<<: *com
|
52
|
+
|
53
|
+
foobar:
|
54
|
+
host: foobar.yourhost.com
|
55
|
+
attribute: cn
|
56
|
+
base: ou=Users,dc=foo,dc=bar
|
57
|
+
|
58
|
+
Here we have specified common data (the same for every environment) and another directory (foobar) configuration parameters.
|
59
|
+
Not specified parameters will be set to the default values:
|
60
|
+
|
61
|
+
host: "127.0.0.1"
|
62
|
+
port: 389
|
63
|
+
attribute: uid
|
64
|
+
base: %s
|
65
|
+
ssl: false
|
66
|
+
|
67
|
+
=== Single directory authentication
|
68
|
+
|
69
|
+
To verify user's credentials on the default directory (i.e the environment-specific one) simply do this:
|
70
|
+
|
71
|
+
AvdtLdap.new.valid?(login, password)
|
72
|
+
|
73
|
+
As mentioned this will try to authenticate the user on the environment-specific directory (for example on the development one) and will return true or false. If authentication fails an error message, containing directory response (error message and code), will be displayed on server's logs.
|
74
|
+
|
75
|
+
=== Multiple directories authentication
|
76
|
+
|
77
|
+
If you have to check user's credentials on multiple directories, for example because you don't know on which one user data is stored, you have to define the configuration parameters of the new directory(ies) inside ldap.yml. In our example we have defined +foobar+ as further directory on which to perform user's authentication.
|
78
|
+
|
79
|
+
The new() method accepts an hash of parameters to specify on which directories authentication should be performed. In our case the code will look like this:
|
80
|
+
|
81
|
+
a = AvdtLdap.new(:directories => [:foobar], :include_default => true)
|
82
|
+
a.valid?(login,password)
|
83
|
+
=> true
|
84
|
+
|
85
|
+
The +include_default+ option is used to specify if the authentication shoud be performed also on environment-specific directory server (default is +false+).
|
86
|
+
|
87
|
+
NOTE: The authentication process stops as soon as one positive match is found, so it's possible that not all the directories are queried.
|
88
|
+
|
89
|
+
=== User's attributes access
|
90
|
+
|
91
|
+
On both cases (single and multiple directories) if the authentication process is successfull, you can access user's attributes simply by call a method with the same name of the desired attribute on your AvdtLdap object. For example let's suppose we want user's name and surname (+givenName+ and +sn+ attributes on the directory), than you can do this:
|
92
|
+
|
93
|
+
username = a.givenname
|
94
|
+
surname = a.cn
|
95
|
+
|
96
|
+
Note: theese methods must be called on lowercase
|
97
|
+
|
98
|
+
You can also access the whole attributes hash by calling:
|
99
|
+
|
100
|
+
a.user_attributes
|
101
|
+
|
102
|
+
==== On which directory is located the user ?
|
103
|
+
|
104
|
+
You can know it by calling the +user_location+ method on your AvdtLdap object:
|
105
|
+
|
106
|
+
location = a.user_location
|
107
|
+
|
108
|
+
|
109
|
+
|
110
|
+
|
111
|
+
|
112
|
+
|
113
|
+
|
data/Rakefile
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
require 'bundler/gem_tasks'
|
data/avdt_ldap.gemspec
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
# -*- encoding: utf-8 -*-
|
2
|
+
$:.push File.expand_path("../lib", __FILE__)
|
3
|
+
require "avdt_ldap/version"
|
4
|
+
|
5
|
+
Gem::Specification.new do |s|
|
6
|
+
s.name = "avdt_ldap"
|
7
|
+
s.version = AvdtLdap::VERSION
|
8
|
+
s.authors = ["Alessandro Verlato","Davide Targa"]
|
9
|
+
s.email = ["averlato@gmail.com","davide.targa@gmail.com"]
|
10
|
+
s.homepage = "https://rubygems.org/gems/avdt_ldap"
|
11
|
+
s.summary = %q{Simple LDAP authentication library for user authentication on multiple LDAP directories}
|
12
|
+
s.description = %q{This gem can manage user authentication on multiple LDAP directories that can reside either on same server or not.}
|
13
|
+
|
14
|
+
s.rubyforge_project = "avdt_ldap"
|
15
|
+
|
16
|
+
s.files = `git ls-files`.split("\n")
|
17
|
+
s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
|
18
|
+
s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
|
19
|
+
s.require_paths = ["lib"]
|
20
|
+
s.add_dependency "net-ldap"
|
21
|
+
end
|
data/ldap.example.yml
ADDED
@@ -0,0 +1,34 @@
|
|
1
|
+
# All the directory attributes (except "base") are optional. Defaults are specified in the example below.
|
2
|
+
|
3
|
+
development:
|
4
|
+
dir1:
|
5
|
+
host: ldap.foobar.com # defaults to "127.0.0.1"
|
6
|
+
base: ou=People,dc=foobar,dc=com # REQUIRED
|
7
|
+
port: 123 # defaults to 389
|
8
|
+
ssl: true # defaults to false
|
9
|
+
attribute: cn # defaults to "uid"
|
10
|
+
|
11
|
+
|
12
|
+
dir2:
|
13
|
+
host: ldap.goofy.foobar.com
|
14
|
+
base: ou=People,dc=goofy,dc=foobar,dc=com
|
15
|
+
|
16
|
+
test:
|
17
|
+
dir1:
|
18
|
+
host: ldap.test.foobar.com
|
19
|
+
base: ou=People,dc=foobar,dc=com
|
20
|
+
|
21
|
+
dir2:
|
22
|
+
host: ldap.goofy.foobar.com
|
23
|
+
base: ou=People,dc=goofy,dc=foobar,dc=com
|
24
|
+
|
25
|
+
production:
|
26
|
+
dir2:
|
27
|
+
host: ldap.live.foobar.com
|
28
|
+
base: ou=People,dc=foobar,dc=com
|
29
|
+
attribute: cn
|
30
|
+
|
31
|
+
new_dir:
|
32
|
+
host: donald.duck.com
|
33
|
+
attribute: foo
|
34
|
+
base: ou=Ducks,dc=foobar,dc=com
|
data/lib/avdt_ldap/avdt_ldap.rb
CHANGED
@@ -39,6 +39,8 @@
|
|
39
39
|
#
|
40
40
|
# location = a.user_location
|
41
41
|
|
42
|
+
require 'net/ldap'
|
43
|
+
|
42
44
|
class AvdtLdap
|
43
45
|
|
44
46
|
# Used to simplify configuration from rails initializers.
|
@@ -56,8 +58,7 @@ class AvdtLdap
|
|
56
58
|
else
|
57
59
|
raise "AvdtLdap: File #{AvdtLdap.configuration.ldap_config_file} not found, maybe you forgot to define it ?"
|
58
60
|
end
|
59
|
-
@directories = args[:directories] || []
|
60
|
-
@directories << Rails.env.to_sym if ((@directories.any? and args[:include_default]) or !@directories.any?)
|
61
|
+
@directories = args[:directories] || @LDAP[env].keys
|
61
62
|
end
|
62
63
|
|
63
64
|
# Checks for user's existance on specified directories. Just pass "login" and
|
@@ -67,7 +68,7 @@ class AvdtLdap
|
|
67
68
|
def valid? login, password
|
68
69
|
@directories.each do |ldap|
|
69
70
|
ldap = ldap.to_sym
|
70
|
-
unless @LDAP[ldap].nil?
|
71
|
+
unless @LDAP[env][ldap].nil?
|
71
72
|
conn = connection(ldap)
|
72
73
|
conn.authenticate("#{attribute(ldap)}=#{login.to_s},#{base(ldap)}", password.to_s)
|
73
74
|
begin
|
@@ -109,56 +110,41 @@ class AvdtLdap
|
|
109
110
|
# Given a directory name returns a connection to that server using parameters
|
110
111
|
# specified in ldap.yml
|
111
112
|
def connection(which_ldap)
|
112
|
-
|
113
|
-
if @ldap_lib == "net/ldap"
|
114
|
-
Net::LDAP.new(:host => host(which_ldap), :port => port(which_ldap), :encryption => (:simple_tls if ssl?(which_ldap)))
|
115
|
-
else
|
116
|
-
(ssl?(which_ldap) ? LDAP::SSLConn : LDAP::Conn).new(host(which_ldap),port(which_ldap))
|
117
|
-
end
|
113
|
+
Net::LDAP.new(:host => host(which_ldap), :port => port(which_ldap), :encryption => (:simple_tls if ssl?(which_ldap)))
|
118
114
|
end
|
119
115
|
|
120
116
|
# Given a directory return it's host name
|
121
117
|
def host(which_ldap)
|
122
|
-
@LDAP[which_ldap][:host] || "127.0.0.1"
|
118
|
+
@LDAP[env][which_ldap][:host] || "127.0.0.1"
|
123
119
|
end
|
124
120
|
|
125
121
|
# Given a directory returns it's host port
|
126
122
|
def port(which_ldap)
|
127
|
-
ssl?(which_ldap) ? (@LDAP[which_ldap][:port] || 636) : (@LDAP[which_ldap][:port] || 389)
|
123
|
+
ssl?(which_ldap) ? (@LDAP[env][which_ldap][:port] || 636) : (@LDAP[env][which_ldap][:port] || 389)
|
128
124
|
end
|
129
125
|
|
130
126
|
# Given a directory returns it's attribute (example: uid)
|
131
127
|
def attribute(which_ldap)
|
132
|
-
@LDAP[which_ldap][:attribute] || "uid"
|
128
|
+
@LDAP[env][which_ldap][:attribute] || "uid"
|
133
129
|
end
|
134
130
|
|
135
131
|
# Given a directory returns it's base path (example ou=People,dc=foo,dc=bar)
|
136
132
|
def base(which_ldap)
|
137
|
-
@LDAP[which_ldap][:base] || "%s"
|
133
|
+
@LDAP[env][which_ldap][:base] || "%s"
|
138
134
|
end
|
139
135
|
|
140
136
|
# Given a directory returns if connection should use ssl
|
141
137
|
def ssl?(which_ldap)
|
142
|
-
@LDAP[which_ldap][:ssl] ? true : false
|
138
|
+
@LDAP[env][which_ldap][:ssl] ? true : false
|
143
139
|
end
|
144
140
|
|
145
|
-
# Loads the right ldap library
|
146
|
-
def load_ldap_library
|
147
|
-
return if @ldap_library_loaded
|
148
|
-
begin
|
149
|
-
require "ldap"
|
150
|
-
require "ldap/control"
|
151
|
-
@ldap_lib = "ldap/control"
|
152
|
-
rescue LoadError
|
153
|
-
require "net/ldap"
|
154
|
-
@ldap_lib = "net/ldap"
|
155
|
-
end
|
156
|
-
@ldap_library_loaded = true
|
157
|
-
end
|
158
|
-
|
159
141
|
# Returns Rails Default logger
|
160
142
|
def logger
|
161
143
|
Rails.logger
|
162
144
|
end
|
163
145
|
|
146
|
+
def env
|
147
|
+
Rails.env.to_sym
|
148
|
+
end
|
149
|
+
|
164
150
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: avdt_ldap
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 1.0.0
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -10,12 +10,12 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2011-06-
|
13
|
+
date: 2011-06-22 00:00:00.000000000 +02:00
|
14
14
|
default_executable:
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: net-ldap
|
18
|
-
requirement: &
|
18
|
+
requirement: &85984200 !ruby/object:Gem::Requirement
|
19
19
|
none: false
|
20
20
|
requirements:
|
21
21
|
- - ! '>='
|
@@ -23,7 +23,7 @@ dependencies:
|
|
23
23
|
version: '0'
|
24
24
|
type: :runtime
|
25
25
|
prerelease: false
|
26
|
-
version_requirements: *
|
26
|
+
version_requirements: *85984200
|
27
27
|
description: This gem can manage user authentication on multiple LDAP directories
|
28
28
|
that can reside either on same server or not.
|
29
29
|
email:
|
@@ -33,12 +33,20 @@ executables: []
|
|
33
33
|
extensions: []
|
34
34
|
extra_rdoc_files: []
|
35
35
|
files:
|
36
|
-
-
|
36
|
+
- .gitignore
|
37
|
+
- Gemfile
|
38
|
+
- LICENSE
|
39
|
+
- README.rdoc
|
40
|
+
- Rakefile
|
41
|
+
- avdt_ldap.gemspec
|
42
|
+
- ldap.example.yml
|
43
|
+
- lib/avdt_ldap.rb
|
37
44
|
- lib/avdt_ldap/avdt_ldap.rb
|
38
45
|
- lib/avdt_ldap/configuration.rb
|
39
|
-
- lib/avdt_ldap.rb
|
46
|
+
- lib/avdt_ldap/hash.rb
|
47
|
+
- lib/avdt_ldap/version.rb
|
40
48
|
has_rdoc: true
|
41
|
-
homepage:
|
49
|
+
homepage: https://rubygems.org/gems/avdt_ldap
|
42
50
|
licenses: []
|
43
51
|
post_install_message:
|
44
52
|
rdoc_options: []
|
@@ -57,7 +65,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
57
65
|
- !ruby/object:Gem::Version
|
58
66
|
version: '0'
|
59
67
|
requirements: []
|
60
|
-
rubyforge_project:
|
68
|
+
rubyforge_project: avdt_ldap
|
61
69
|
rubygems_version: 1.6.2
|
62
70
|
signing_key:
|
63
71
|
specification_version: 3
|