simple_ldap_authenticator 1.0.0

data/LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2004-2007 Jeremy Evans
+
+Permission is hereby granted, free of charge, to any person obtaining a copy 
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights 
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 
+copies of the Software, and to permit persons to whom the Software is 
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in 
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 
+SOFTWARE.

data/README

@@ -0,0 +1,22 @@
+SimpleLdapAuthenticator
+=======================
+
+Allows for simple authentication to an LDAP server with a minimum of
+configuration.  Requires either Ruby/LDAP or Net::LDAP.   
+
+Usage is fairly simple:
+  require 'simple_ldap_authenticator'
+  SimpleLdapAuthenticator.servers = %w'dc1.domain.com dc2.domain.com'
+  SimpleLdapAuthenticator.use_ssl = true
+  SimpleLdapAuthenticator.login_format = '%s @domain.com'
+  SimpleLdapAuthenticator.logger = RAILS_DEFAULT_LOGGER
+  class LoginController < ApplicationController
+    def login
+      return redirect_to(:action=>'try_again') unless \
+        SimpleLdapAuthenticator.valid?(params[:username], \
+        params[:password])  
+      session[:username] = params[:username]
+    end
+  end
+
+github: http://github.com/jeremyevans/simple_ldap_authenticator/tree/master

data/lib/simple_ldap_authenticator.rb

@@ -0,0 +1,127 @@
+# SimpleLdapAuthenticator
+#
+# This plugin supports both Ruby/LDAP and Net::LDAP, defaulting to Ruby/LDAP
+# if it is available.  If both are installed and you want to force the use of 
+# Net::LDAP, set SimpleLdapAuthenticator.ldap_library = 'net/ldap'.
+
+# Allows for easily authenticating users via LDAP (or LDAPS).  If authenticating
+# via LDAP to a server running on localhost, you should only have to configure
+# the login_format.
+#
+# Can be configured using the following accessors (with examples):
+# * login_format = '%s@domain.com' # Active Directory, OR
+# * login_format = 'cn=%s,cn=users,o=organization,c=us' # Other LDAP servers
+# * servers = ['dc1.domain.com', 'dc2.domain.com'] # names/addresses of LDAP servers to use
+# * use_ssl = true # for logging in via LDAPS
+# * port = 3289 # instead of 389 for LDAP or 636 for LDAPS
+# * logger = RAILS_DEFAULT_LOGGER # for logging authentication successes/failures
+#
+# The class is used as a global variable, you are not supposed to create an
+# instance of it. For example:
+#
+#    require 'simple_ldap_authenticator'
+#    SimpleLdapAuthenticator.servers = %w'dc1.domain.com dc2.domain.com'
+#    SimpleLdapAuthenticator.use_ssl = true
+#    SimpleLdapAuthenticator.login_format = '%s@domain.com'
+#    SimpleLdapAuthenticator.logger = RAILS_DEFAULT_LOGGER
+#    class LoginController < ApplicationController 
+#      def login
+#        return redirect_to(:action=>'try_again') unless SimpleLdapAuthenticator.valid?(params[:username], params[:password])
+#        session[:username] = params[:username]
+#      end
+#    end
+class SimpleLdapAuthenticator
+  class << self
+    @servers = ['127.0.0.1']
+    @use_ssl = false
+    @login_format = '%s'
+    attr_accessor :servers, :use_ssl, :port, :login_format, :logger, :connection, :ldap_library
+    
+    # Load the required LDAP library, either 'ldap' or 'net/ldap'
+    def load_ldap_library
+      return if @ldap_library_loaded
+      if ldap_library
+        if ldap_library == 'net/ldap'
+          require 'net/ldap'
+        else
+          require 'ldap'
+          require 'ldap/control'
+        end
+      else
+        begin
+          require 'ldap'
+          require 'ldap/control'
+          ldap_library = 'ldap'
+        rescue LoadError
+          require 'net/ldap'
+          ldap_library = 'net/ldap'
+        end
+      end
+      @ldap_library_loaded = true
+    end
+    
+    # The next LDAP server to which to connect
+    def server
+      servers[0]
+    end
+    
+    # The connection to the LDAP server.  A single connection is made and the
+    # connection is only changed if a server returns an error other than 
+    # invalid password.
+    def connection
+      return @connection if @connection
+      load_ldap_library
+      @connection = if ldap_library == 'net/ldap'
+        Net::LDAP.new(:host=>server, :port=>(port), :encryption=>(:simple_tls if use_ssl))
+      else
+        (use_ssl ? LDAP::SSLConn : LDAP::Conn).new(server, port)
+      end
+    end
+    
+    # The port to use.  Defaults to 389 for LDAP and 636 for LDAPS.
+    def port
+      @port ||= use_ssl ? 636 : 389
+    end
+    
+    # Disconnect from current LDAP server and use a different LDAP server on the
+    # next authentication attempt
+    def switch_server
+      self.connection = nil
+      servers << servers.shift
+    end
+    
+    # Check the validity of a login/password combination
+    def valid?(login, password)
+      if ldap_library == 'net/ldap'
+        connection.authenticate(login_format % login.to_s, password.to_s)
+        begin
+          if connection.bind
+              logger.info("Authenticated #{login.to_s} by #{server}") if logger
+              true
+            else
+              logger.info("Error attempting to authenticate #{login.to_s} by #{server}: #{connection.get_operation_result.code} #{connection.get_operation_result.message}") if logger
+              switch_server unless connection.get_operation_result.code == 49
+              false
+            end
+        rescue Net::LDAP::LdapError => error
+          logger.info("Error attempting to authenticate #{login.to_s} by #{server}: #{error.message}") if logger
+          switch_server
+          false
+        end
+      else
+        connection.unbind if connection.bound?
+        begin
+          connection.bind(login_format % login.to_s, password.to_s)
+          connection.unbind
+          logger.info("Authenticated #{login.to_s} by #{server}") if logger
+          true
+        rescue LDAP::ResultError => error
+          connection.unbind if connection.bound?
+          logger.info("Error attempting to authenticate #{login.to_s} by #{server}: #{error.message}") if logger
+          switch_server unless error.message == 'Invalid credentials'
+          false
+        end
+      end
+    end
+  end
+end

metadata

@@ -0,0 +1,60 @@
+--- !ruby/object:Gem::Specification 
+name: simple_ldap_authenticator
+version: !ruby/object:Gem::Version 
+  version: 1.0.0
+platform: ruby
+authors: 
+- Jeremy Evans
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2009-10-11 00:00:00 -07:00
+default_executable: 
+dependencies: []
+
+description: 
+email: code@jeremyevans.net
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE
+files: 
+- README
+- LICENSE
+- lib/simple_ldap_authenticator.rb
+has_rdoc: true
+homepage: 
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --inline-source
+- --line-numbers
+- README
+- lib
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.5
+signing_key: 
+specification_version: 3
+summary: Easy authentication to an LDAP server(s)
+test_files: []
+