class OpenNebula::LdapAuth
Public Class Methods
new(options)
click to toggle source
# File lib/opennebula/ldap_auth.rb, line 35 def initialize(options) @options={ :host => 'localhost', :port => 389, :user => nil, :password => nil, :base => nil, :auth_method => :simple, :user_field => 'cn', :user_group_field => 'dn', :group_field => 'member', :mapping_generate => true, :mapping_timeout => 300, :mapping_filename => 'server1.yaml', :mapping_key => 'GROUP_DN', :mapping_default => 1, :attributes => [ "memberOf" ] }.merge(options) ops={} if @options[:user] ops[:auth] = { :method => @options[:auth_method], :username => @options[:user], :password => @options[:password] } end ops[:host]=@options[:host] if @options[:host] ops[:port]=@options[:port].to_i if @options[:port] ops[:encryption]=@options[:encryption] if @options[:encryption] @options[:mapping_file_path] = VAR_LOCATION + @options[:mapping_filename] generate_mapping if @options[:mapping_generate] load_mapping @ldap=Net::LDAP.new(ops) end
Public Instance Methods
authenticate(user, password)
click to toggle source
# File lib/opennebula/ldap_auth.rb, line 161 def authenticate(user, password) ldap=@ldap.clone auth={ :method => @options[:auth_method], :username => user, :password => password } if ldap.bind(auth) true else false end end
find_user(name)
click to toggle source
# File lib/opennebula/ldap_auth.rb, line 123 def find_user(name) begin result=@ldap.search( :base => @options[:base], :attributes => @options[:attributes], :filter => "#{@options[:user_field]}=#{name}") if result && result.first @user = result.first [@user.dn, @user[@options[:user_group_field]]] else result=@ldap.search(:base => name) if result && result.first @user = result.first [name, @user[@options[:user_group_field]]] else [nil, nil] end end rescue [nil, nil] end end
generate_mapping()
click to toggle source
# File lib/opennebula/ldap_auth.rb, line 75 def generate_mapping file=@options[:mapping_file_path] generate = false if File.exists?(file) stat = File.stat(file) age = Time.now.to_i - stat.mtime.to_i generate = true if age > @options[:mapping_timeout] else generate = true end return if !generate client = OpenNebula::Client.new group_pool = OpenNebula::GroupPool.new(client) group_pool.info groups = group_pool.to_hash[''] groups=[group_pool.get_hash['GROUP_POOL']['GROUP']].flatten yaml={} groups.each do |group| if group['TEMPLATE'] && group['TEMPLATE'][@options[:mapping_key]] yaml[group['TEMPLATE'][@options[:mapping_key]]] = group['ID'] end end File.open(file, 'w') do |f| f.write(yaml.to_yaml) end end
get_groups()
click to toggle source
# File lib/opennebula/ldap_auth.rb, line 177 def get_groups groups = [] [@user['memberOf']].flatten.each do |group| if @mapping[group] groups << @mapping[group] else groups << @options[:mapping_default] end end groups.delete(false) groups.compact.uniq end
is_in_group?(user, group)
click to toggle source
# File lib/opennebula/ldap_auth.rb, line 148 def is_in_group?(user, group) result=@ldap.search( :base => group, :attributes => @options[:group_field], :filter => "(#{@options[:group_field]}=#{user.first})") if result && result.first true else false end end
load_mapping()
click to toggle source
# File lib/opennebula/ldap_auth.rb, line 109 def load_mapping file=@options[:mapping_file_path] @mapping = {} if File.exists?(file) @mapping = YAML.load(File.read(file)) end if @mapping.class != Hash @mapping = {} end end