devise_ldap_authenticatable 0.1.2 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/README.md
CHANGED
|
@@ -19,7 +19,11 @@ You must use the net-ldap gem and _NOT_ the ruby-net-ldap gem.
|
|
|
19
19
|
Installation
|
|
20
20
|
------------
|
|
21
21
|
|
|
22
|
-
|
|
22
|
+
gem install devise_ldap_authenticatable
|
|
23
|
+
|
|
24
|
+
and
|
|
25
|
+
|
|
26
|
+
config.gem 'devise_ldap_authenticatable'
|
|
23
27
|
|
|
24
28
|
Setup
|
|
25
29
|
-----
|
|
@@ -85,6 +89,8 @@ In initializer `config/initializers/devise.rb` :
|
|
|
85
89
|
# Required
|
|
86
90
|
config.ldap_host = 'ldap.mydomain.com'
|
|
87
91
|
config.ldap_port = 389
|
|
92
|
+
config.ldap_base_dn = 'ou=People,dc=local'
|
|
93
|
+
config.ldap_login_attribute = 'uid'
|
|
88
94
|
|
|
89
95
|
# Optional, these will default to false or nil if not set
|
|
90
96
|
config.ldap_ssl = true
|
|
@@ -93,10 +99,26 @@ In initializer `config/initializers/devise.rb` :
|
|
|
93
99
|
|
|
94
100
|
* ldap\_host
|
|
95
101
|
* The host of your LDAP server
|
|
102
|
+
|
|
96
103
|
* ldap\_port
|
|
97
|
-
* The port your LDAP service is listening on.
|
|
104
|
+
* The port your LDAP service is listening on.
|
|
105
|
+
|
|
106
|
+
* ldap\_base_dn
|
|
107
|
+
* The DN that is appended to the login before the LDAP bind is performed.
|
|
108
|
+
|
|
109
|
+
* ldap\_login_attribute
|
|
110
|
+
* The attribute that is prepended to the login and the base dn to form the
|
|
111
|
+
full DN that is used for the bind.
|
|
112
|
+
* Example:
|
|
113
|
+
* config.ldap\_base_dn = 'ou=People,dc=local'
|
|
114
|
+
* config.ldap\_login_attribute = 'uid'
|
|
115
|
+
* So when trying to login with 'admin' for example, 'admin' would be
|
|
116
|
+
the value stored in login field, but the actual DN used for the bind
|
|
117
|
+
would be 'uid=admin,ou=People,dc=local'
|
|
118
|
+
|
|
98
119
|
* ldap\_ssl
|
|
99
120
|
* Enables SSL (ldaps) encryption. START_TLS encryption will be added when the net-ldap gem adds support for it.
|
|
121
|
+
|
|
100
122
|
* ldap\_create\_user
|
|
101
123
|
* If set to true, all valid LDAP users will be allowed to login and an appropriate user record will be created.
|
|
102
124
|
If set to false, you will have to create the user record before they will be allowed to login.
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.1.
|
|
1
|
+
0.1.3
|
|
@@ -14,13 +14,21 @@ module Devise
|
|
|
14
14
|
mattr_accessor :ldap_port
|
|
15
15
|
@@ldap_port = nil
|
|
16
16
|
|
|
17
|
+
# Base DN
|
|
18
|
+
mattr_accessor :ldap_base_dn
|
|
19
|
+
@@ldap_base_dn = nil
|
|
20
|
+
|
|
21
|
+
# Attribute for login
|
|
22
|
+
mattr_accessor :ldap_login_attribute
|
|
23
|
+
@@ldap_login_attribute = nil
|
|
24
|
+
|
|
17
25
|
# Use SSL
|
|
18
26
|
mattr_accessor :ldap_ssl
|
|
19
27
|
@@ldap_ssl = false
|
|
20
28
|
|
|
21
29
|
# Add valid users to database
|
|
22
30
|
mattr_accessor :ldap_create_user
|
|
23
|
-
|
|
31
|
+
@@ldap_create_user = false
|
|
24
32
|
end
|
|
25
33
|
|
|
26
34
|
# Add ldap_authenticatable strategy to defaults.
|
|
@@ -7,6 +7,7 @@ module Devise
|
|
|
7
7
|
module LdapAdapter
|
|
8
8
|
|
|
9
9
|
def self.valid_credentials?(login, password)
|
|
10
|
+
login = ::Devise.ldap_login_attribute+'='+login+','+::Devise.ldap_base_dn
|
|
10
11
|
@encryption = ::Devise.ldap_ssl ? :simple_tls : nil
|
|
11
12
|
ldap = Net::LDAP.new(:encryption => @encryption)
|
|
12
13
|
ldap.host = ::Devise.ldap_host
|
|
@@ -32,7 +32,7 @@ module Devise
|
|
|
32
32
|
# Authenticate a user based on configured attribute keys. Returns the
|
|
33
33
|
# authenticated user if it's valid or nil.
|
|
34
34
|
def authenticate_with_ldap(attributes={})
|
|
35
|
-
return unless attributes[:login].present?
|
|
35
|
+
return unless attributes[:login].present?
|
|
36
36
|
conditions = attributes.slice(:login)
|
|
37
37
|
|
|
38
38
|
unless conditions[:login]
|