class OpenNebula::LdapAuth

Public Class Methods

new(options) click to toggle source
# File lib/opennebula/ldap_auth.rb, line 35
def initialize(options)
    @options={
        :host               => 'localhost',
        :port               => 389,
        :user               => nil,
        :password           => nil,
        :base               => nil,
        :auth_method        => :simple,
        :user_field         => 'cn',
        :user_group_field   => 'dn',
        :group_field        => 'member',
        :mapping_generate   => true,
        :mapping_timeout    => 300,
        :mapping_filename   => 'server1.yaml',
        :mapping_key        => 'GROUP_DN',
        :mapping_default    => 1,
        :attributes         => [ "memberOf" ]
    }.merge(options)

    ops={}

    if @options[:user]
        ops[:auth] = {
            :method => @options[:auth_method],
            :username => @options[:user],
            :password => @options[:password]
        }
    end

    ops[:host]=@options[:host] if @options[:host]
    ops[:port]=@options[:port].to_i if @options[:port]
    ops[:encryption]=@options[:encryption] if @options[:encryption]

    @options[:mapping_file_path] = VAR_LOCATION + @options[:mapping_filename]
    generate_mapping if @options[:mapping_generate]
    load_mapping

    @ldap=Net::LDAP.new(ops)
end

Public Instance Methods

authenticate(user, password) click to toggle source
# File lib/opennebula/ldap_auth.rb, line 161
def authenticate(user, password)
    ldap=@ldap.clone

    auth={
        :method => @options[:auth_method],
        :username => user,
        :password => password
    }

    if ldap.bind(auth)
        true
    else
        false
    end
end
find_user(name) click to toggle source
# File lib/opennebula/ldap_auth.rb, line 123
def find_user(name)
    begin
        result=@ldap.search(
            :base => @options[:base],
            :attributes => @options[:attributes],
            :filter => "#{@options[:user_field]}=#{name}")

        if result && result.first
            @user = result.first
            [@user.dn, @user[@options[:user_group_field]]]
        else
            result=@ldap.search(:base => name)

            if result && result.first
                @user = result.first
                [name, @user[@options[:user_group_field]]]
            else
                [nil, nil]
            end
        end
    rescue
        [nil, nil]
    end
end
generate_mapping() click to toggle source
# File lib/opennebula/ldap_auth.rb, line 75
def generate_mapping
    file=@options[:mapping_file_path]
    generate = false

    if File.exists?(file)
        stat = File.stat(file)
        age = Time.now.to_i - stat.mtime.to_i
        generate = true if age > @options[:mapping_timeout]
    else
        generate = true
    end

    return if !generate

    client = OpenNebula::Client.new
    group_pool = OpenNebula::GroupPool.new(client)
    group_pool.info

    groups = group_pool.to_hash['']
    groups=[group_pool.get_hash['GROUP_POOL']['GROUP']].flatten

    yaml={}

    groups.each do |group|
        if group['TEMPLATE'] && group['TEMPLATE'][@options[:mapping_key]]
            yaml[group['TEMPLATE'][@options[:mapping_key]]] = group['ID']
        end
    end

    File.open(file, 'w') do |f|
        f.write(yaml.to_yaml)
    end
end
get_groups() click to toggle source
# File lib/opennebula/ldap_auth.rb, line 177
def get_groups
    groups = []

    [@user['memberOf']].flatten.each do |group|
        if @mapping[group]
            groups << @mapping[group]
        else
            groups << @options[:mapping_default]
        end
    end

    groups.delete(false)
    groups.compact.uniq
end
is_in_group?(user, group) click to toggle source
# File lib/opennebula/ldap_auth.rb, line 148
def is_in_group?(user, group)
    result=@ldap.search(
                :base   => group,
                :attributes => @options[:group_field],
                :filter => "(#{@options[:group_field]}=#{user.first})")

    if result && result.first
        true
    else
        false
    end
end
load_mapping() click to toggle source
# File lib/opennebula/ldap_auth.rb, line 109
def load_mapping
    file=@options[:mapping_file_path]

    @mapping = {}

    if File.exists?(file)
        @mapping = YAML.load(File.read(file))
    end

    if @mapping.class != Hash
        @mapping = {}
    end
end