Class: Ldap::Authenticator

Inherits:
Object
  • Object
show all
Defined in:
app/services/ldap/authenticator.rb

Instance Method Summary collapse

Constructor Details

#initialize(email:, password:) ⇒ Authenticator

Returns a new instance of Authenticator.



4
5
6
7
 
# File 'app/services/ldap/authenticator.rb', line 4

def initialize(email:, password:)
  @password = password
  @email = email
end

Instance Method Details

#auth_on_single_server(server) ⇒ Object 



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
# File 'app/services/ldap/authenticator.rb', line 9

def auth_on_single_server(server)
  Rails.logger.debug("LDAP: Trying to authenticate #{email} on server #{server.inspect}")
  ldap = Net::LDAP.new(
    host: server.host,
    port: server.port,
    encryption: server.use_ssl ? :simple_tls : nil,
    auth: {
      method: :simple,
      username: server.admin_user,
      password: server.admin_password,
    },
  )

  Rails.logger.debug("LDAP: Binding to server #{server.inspect} ")
  unless ldap.bind
    Rails.logger.debug("LDAP: Admin bind failed on server #{server.inspect}: #{ldap.get_operation_result.message}")
    return nil
  end

  filter = Net::LDAP::Filter.eq(server.auth_field, email) # server.auth_field
  treebase = server.base_dn

  Rails.logger.debug("LDAP: Searching for user #{email} in base #{treebase} with filter #{filter.to_s}")
  ldap.search(base: treebase, filter: filter) do |entry|
    user_dn = entry.dn

    # Prova autenticazione utente
    user_ldap = Net::LDAP.new(
      host: server.host,
      port: server.port,
      encryption: server.use_ssl ? :simple_tls : nil,
      auth: {
        method: :simple,
        username: user_dn,
        password: password,
      },
    )

    Rails.logger.debug("LDAP: Trying to bind as user #{user_dn} on server #{server.inspect}")
    return entry if user_ldap.bind
  end
  Rails.logger.debug("LDAP: Authentication failed for #{email} on server #{server.inspect}")
  nil
end

#authenticateObject 



54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
 
# File 'app/services/ldap/authenticator.rb', line 54

def authenticate
  return nil if @password.blank?

  LdapServer.all.each do |server|
    entry = auth_on_single_server(server)
    if entry
      Rails.logger.info("Authentication: LDAP authentication succeeded for #{email} on server #{server.host}")
      return find_or_create_user(entry, server)
    else
      Rails.logger.info("Authentication: LDAP authentication failed for #{email} on server #{server.host}")
    end
  end

  nil
end