ldap_auth.rb

Jean-Philippe Garcia Ballester, 04/26/2013 08:04 AM

Download (3.24 KB)

 
1
# ---------------------------------------------------------------------------- #
2
# Copyright 2010-2013, C12G Labs S.L                                           #
3
#                                                                              #
4
# Licensed under the Apache License, Version 2.0 (the "License"); you may      #
5
# not use this file except in compliance with the License. You may obtain      #
6
# a copy of the License at                                                     #
7
#                                                                              #
8
# http://www.apache.org/licenses/LICENSE-2.0                                   #
9
#                                                                              #
10
# Unless required by applicable law or agreed to in writing, software          #
11
# distributed under the License is distributed on an "AS IS" BASIS,            #
12
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.     #
13
# See the License for the specific language governing permissions and          #
14
# limitations under the License.                                               #
15
# ---------------------------------------------------------------------------- #
16

    
17
require 'rubygems'
18
require 'net/ldap'
19

    
20
module OpenNebula; end
21

    
22
class OpenNebula::LdapAuth
23
    def initialize(options)
24
        @options={
25
            :host => 'localhost',
26
            :port => 389,
27
            :user => nil,
28
            :password => nil,
29
            :base => nil,
30
            :auth_method => :simple,
31
            :user_field => 'cn',
32
            :user_group_field => 'dn',
33
            :group_field => 'member'
34
        }.merge(options)
35

    
36
        ops={}
37

    
38
        if @options[:user]
39
            ops[:auth] = {
40
                :method => @options[:auth_method],
41
                :username => @options[:user],
42
                :password => @options[:password]
43
            }
44
        end
45

    
46
        ops[:host]=@options[:host] if @options[:host]
47
        ops[:port]=@options[:port].to_i if @options[:port]
48
        ops[:encryption]=@options[:encryption] if @options[:encryption]
49

    
50
        @ldap=Net::LDAP.new(ops)
51
    end
52

    
53
    def find_user(name)
54
        begin
55
            result=@ldap.search(
56
                :base => @options[:base],
57
                :filter => "#{@options[:user_field]}=#{name}")
58

    
59
            if result && result.first
60
                [result.first.dn, result.first[@options[:user_group_field]]]
61
            else
62
                result=@ldap.search(:base => name)
63

    
64
                if result && result.first
65
                    [name, result.first[@options[:user_group_field]]]
66
                else
67
                    [nil, nil]
68
                end
69
            end
70
        rescue
71
            [nil, nil]
72
        end
73
    end
74

    
75
    def is_in_group?(user, group)
76
        result=@ldap.search(:base => group,
77
                            :filter => "(#{@options[:group_field]}=#{user})")
78

    
79
        if result && result.first
80
            true
81
        else
82
            false
83
        end
84
    end
85

    
86
    def authenticate(user, password)
87
        ldap=@ldap.clone
88

    
89
        auth={
90
            :method => @options[:auth_method],
91
            :username => user,
92
            :password => password
93
        }
94

    
95
        if ldap.bind(auth)
96
            true
97
        else
98
            false
99
        end
100
    end
101
end
102