avdt_ldap 1.0.0 → 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/README.rdoc +39 -35
- data/lib/avdt_ldap/avdt_ldap.rb +19 -13
- data/lib/avdt_ldap/version.rb +1 -1
- metadata +3 -3
data/README.rdoc
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
= AvdtLdap
|
2
2
|
|
3
|
-
This gem supports LDAP authentication both on sigle and multiple servers with a minimal configuration.
|
3
|
+
This gem supports LDAP authentication both on sigle and multiple LDAP servers with a minimal configuration.
|
4
4
|
It requires 'net-ldap' gem (automatically installed)
|
5
5
|
|
6
6
|
== Installation
|
@@ -34,29 +34,43 @@ Inside this file you have to specify connection parameters for all the directori
|
|
34
34
|
|
35
35
|
Example file:
|
36
36
|
|
37
|
-
|
38
|
-
host: ldap.yourhost.com
|
39
|
-
port: 389
|
40
|
-
attribute: uid
|
41
|
-
base: ou=People,dc=example,dc=com
|
42
|
-
ssl: false
|
37
|
+
# All the directory attributes (except "base") are optional. Defaults are specified in the example below.
|
43
38
|
|
44
39
|
development:
|
45
|
-
|
40
|
+
dir1:
|
41
|
+
host: ldap.foobar.com # defaults to "127.0.0.1"
|
42
|
+
base: ou=People,dc=foobar,dc=com # REQUIRED
|
43
|
+
port: 123 # defaults to 389
|
44
|
+
ssl: true # defaults to false
|
45
|
+
attribute: cn # defaults to "uid"
|
46
|
+
|
47
|
+
|
48
|
+
dir2:
|
49
|
+
host: ldap.goofy.foobar.com
|
50
|
+
base: ou=People,dc=goofy,dc=foobar,dc=com
|
46
51
|
|
47
52
|
test:
|
48
|
-
|
53
|
+
dir1:
|
54
|
+
host: ldap.test.foobar.com
|
55
|
+
base: ou=People,dc=foobar,dc=com
|
56
|
+
|
57
|
+
dir2:
|
58
|
+
host: ldap.goofy.foobar.com
|
59
|
+
base: ou=People,dc=goofy,dc=foobar,dc=com
|
49
60
|
|
50
61
|
production:
|
51
|
-
|
62
|
+
dir2:
|
63
|
+
host: ldap.live.foobar.com
|
64
|
+
base: ou=People,dc=foobar,dc=com
|
65
|
+
attribute: cn
|
66
|
+
|
67
|
+
new_dir:
|
68
|
+
host: donald.duck.com
|
69
|
+
attribute: foo
|
70
|
+
base: ou=Ducks,dc=foobar,dc=com
|
52
71
|
|
53
|
-
foobar:
|
54
|
-
host: foobar.yourhost.com
|
55
|
-
attribute: cn
|
56
|
-
base: ou=Users,dc=foo,dc=bar
|
57
72
|
|
58
|
-
|
59
|
-
Not specified parameters will be set to the default values:
|
73
|
+
Not specified parameters (except for "base" which is required) will be set to the default values:
|
60
74
|
|
61
75
|
host: "127.0.0.1"
|
62
76
|
port: 389
|
@@ -64,31 +78,28 @@ Not specified parameters will be set to the default values:
|
|
64
78
|
base: %s
|
65
79
|
ssl: false
|
66
80
|
|
67
|
-
|
81
|
+
== Authentication
|
68
82
|
|
69
|
-
To verify user's credentials on the
|
83
|
+
To verify user's credentials on ALL the specified directories (default) simply do this:
|
70
84
|
|
71
85
|
AvdtLdap.new.valid?(login, password)
|
72
86
|
|
73
|
-
As mentioned this will try to authenticate the user on the
|
87
|
+
As mentioned this will try to authenticate the user on all the directories specified on ldap.yml and will return true or false.
|
88
|
+
If authentication fails an error message, containing directory response (error message and code), will be displayed on server's logs.
|
74
89
|
|
75
|
-
===
|
90
|
+
=== Authentication only on specified directories
|
76
91
|
|
77
|
-
If you have to check user's credentials on
|
92
|
+
If you have to check user's credentials only on some specific directories, you can pass an hash to AvdtLdap.new(), specifying on which to do the check.
|
78
93
|
|
79
|
-
|
80
|
-
|
81
|
-
a = AvdtLdap.new(:directories => [:foobar], :include_default => true)
|
94
|
+
a = AvdtLdap.new(:directories => [:dir1,dir3])
|
82
95
|
a.valid?(login,password)
|
83
|
-
=> true
|
84
|
-
|
85
|
-
The +include_default+ option is used to specify if the authentication shoud be performed also on environment-specific directory server (default is +false+).
|
96
|
+
=> true (false)
|
86
97
|
|
87
98
|
NOTE: The authentication process stops as soon as one positive match is found, so it's possible that not all the directories are queried.
|
88
99
|
|
89
100
|
=== User's attributes access
|
90
101
|
|
91
|
-
|
102
|
+
If the authentication process is successfull, you can access user's attributes simply calling a method on your AvdtLdap object, with the same name of the desired attribute. For example let's suppose we want the user's name and surname (+givenName+ and +sn+ attributes on the directory), then you can do this:
|
92
103
|
|
93
104
|
username = a.givenname
|
94
105
|
surname = a.cn
|
@@ -104,10 +115,3 @@ You can also access the whole attributes hash by calling:
|
|
104
115
|
You can know it by calling the +user_location+ method on your AvdtLdap object:
|
105
116
|
|
106
117
|
location = a.user_location
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
data/lib/avdt_ldap/avdt_ldap.rb
CHANGED
@@ -1,23 +1,29 @@
|
|
1
1
|
# AvdtLdap
|
2
2
|
|
3
|
-
# This gem supports LDAP authentication both on sigle and multiple servers
|
3
|
+
# This gem supports LDAP authentication both on sigle and multiple LDAP servers
|
4
4
|
# with a minimal configuration.
|
5
|
-
# It requires 'net
|
6
|
-
#
|
5
|
+
# It requires 'net-ldap' gem.
|
6
|
+
#
|
7
7
|
# USAGE
|
8
|
-
#
|
9
|
-
#
|
10
|
-
#
|
8
|
+
#
|
9
|
+
# Authentication
|
10
|
+
#
|
11
|
+
# To verify user's credentials on ALL the specified directories (default) simply do this:
|
12
|
+
#
|
11
13
|
# AvdtLdap.new.valid?(login, password)
|
12
|
-
# => true (false)
|
13
14
|
#
|
14
|
-
#
|
15
|
-
#
|
16
|
-
#
|
15
|
+
# As mentioned this will try to authenticate the user on all the directories specified on ldap.yml and will return true or false.
|
16
|
+
# If authentication fails an error message, containing directory response (error message and code), will be displayed on server's logs.
|
17
|
+
#
|
18
|
+
# Authentication only on specified directories
|
19
|
+
#
|
20
|
+
# If you have to check user's credentials only on some specific directories, you can pass an hash to AvdtLdap.new(), specifying on which to do the check.
|
21
|
+
#
|
22
|
+
# a = AvdtLdap.new(:directories => [:dir1,dir3])
|
23
|
+
# a.valid?(login,password)
|
24
|
+
# => true (false)
|
17
25
|
#
|
18
|
-
#
|
19
|
-
# a.valid?(login,password)
|
20
|
-
# => true (false)
|
26
|
+
# NOTE: The authentication process stops as soon as one positive match is found, so it's possible that not all the directories are queried.
|
21
27
|
#
|
22
28
|
# User's attributes access:
|
23
29
|
# If you have to access (read) user's attributes from the directory you can
|
data/lib/avdt_ldap/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: avdt_ldap
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.1
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -15,7 +15,7 @@ default_executable:
|
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: net-ldap
|
18
|
-
requirement: &
|
18
|
+
requirement: &73705960 !ruby/object:Gem::Requirement
|
19
19
|
none: false
|
20
20
|
requirements:
|
21
21
|
- - ! '>='
|
@@ -23,7 +23,7 @@ dependencies:
|
|
23
23
|
version: '0'
|
24
24
|
type: :runtime
|
25
25
|
prerelease: false
|
26
|
-
version_requirements: *
|
26
|
+
version_requirements: *73705960
|
27
27
|
description: This gem can manage user authentication on multiple LDAP directories
|
28
28
|
that can reside either on same server or not.
|
29
29
|
email:
|