0001-Allow-configuration-of-ldap-group-member-field.patch
src/authm_mad/remotes/ldap/authenticate | ||
---|---|---|
68 | 68 |
begin |
69 | 69 |
ldap=OpenNebula::LdapAuth.new(server_conf) |
70 | 70 | |
71 |
user_name=ldap.find_user(user) |
|
71 |
user_name,user_group_name=ldap.find_user(user)
|
|
72 | 72 | |
73 | 73 |
if !user_name |
74 | 74 |
STDERR.puts "User #{user} not found" |
... | ... | |
76 | 76 |
end |
77 | 77 | |
78 | 78 |
if server_conf[:group] |
79 |
if !ldap.is_in_group?(user_name, server_conf[:group]) |
|
79 |
if !ldap.is_in_group?(user_group_name, server_conf[:group])
|
|
80 | 80 |
STDERR.puts "User #{user} is not in group #{server_conf[:group]}" |
81 | 81 |
next |
82 | 82 |
end |
src/authm_mad/remotes/ldap/ldap_auth.conf | ||
---|---|---|
46 | 46 |
# field name for group membership, by default it is 'member' |
47 | 47 |
#:group_field: 'member' |
48 | 48 | |
49 |
# user field that that is in in the group group_field, if not set 'dn' will be used |
|
50 |
#:user_group_field: 'dn' |
|
51 | ||
49 | 52 |
# this example server wont be called as it is not in the :order list |
50 | 53 |
server 2: |
51 | 54 |
:auth_method: :simple |
src/authm_mad/remotes/ldap/ldap_auth.rb | ||
---|---|---|
29 | 29 |
:base => nil, |
30 | 30 |
:auth_method => :simple, |
31 | 31 |
:user_field => 'cn', |
32 |
:user_group_field => 'dn', |
|
32 | 33 |
:group_field => 'member' |
33 | 34 |
}.merge(options) |
34 | 35 | |
... | ... | |
56 | 57 |
:filter => "#{@options[:user_field]}=#{name}") |
57 | 58 | |
58 | 59 |
if result && result.first |
59 |
result.first.dn
|
|
60 |
[result.first.dn, result.first[@options[:user_group_field]]]
|
|
60 | 61 |
else |
61 | 62 |
result=@ldap.search(:base => name) |
62 | 63 | |
63 | 64 |
if result && result.first |
64 |
name
|
|
65 |
[name, name]
|
|
65 | 66 |
else |
66 |
nil
|
|
67 |
[nil, nil]
|
|
67 | 68 |
end |
68 | 69 |
end |
69 | 70 |
rescue |
70 |
nil
|
|
71 |
[nil, nil]
|
|
71 | 72 |
end |
72 | 73 |
end |
73 | 74 |
src/authm_mad/remotes/ldap/test/ldap_auth_spec.rb | ||
---|---|---|
29 | 29 |
end |
30 | 30 | |
31 | 31 |
it 'should find user dn' do |
32 |
name=@ldap.find_user('user01') |
|
32 |
name,group_name=@ldap.find_user('user01')
|
|
33 | 33 |
name.should=='cn=user01,dc=localdomain' |
34 |
group_name.should=='cn=user01,dc=localdomain' |
|
34 | 35 | |
35 |
name=@ldap.find_user('user02') |
|
36 |
name,group_name=@ldap.find_user('user02')
|
|
36 | 37 |
name.should=='cn=user02,dc=localdomain' |
38 |
group_name.should=='cn=user02,dc=localdomain' |
|
37 | 39 | |
38 |
name=@ldap.find_user('user03') |
|
40 |
name,group_name=@ldap.find_user('user03')
|
|
39 | 41 |
name.should==nil |
42 |
group_name.should==nil |
|
40 | 43 | |
41 | 44 |
name=@ldap.find_user('cn=user01,dc=localdomain') |
42 | 45 |
name.should=='cn=user01,dc=localdomain' |
46 |
group_name.should=='cn=user01,dc=localdomain' |
|
43 | 47 |
end |
44 | 48 | |
45 | 49 |
it 'should tell if a user is in a group' do |
46 |
- |