diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2012-03-17 12:09:59 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2012-03-17 12:09:59 +0000 |
| commit | fdeb398c5e06f642b52f91371c1740f0c828a259 (patch) | |
| tree | 83430fb22f233ec3a1ff8ae0073b48ff39bed76e /app/models/auth_source_ldap.rb | |
| parent | ef77825f10e794fdeb8863b142ff12715f551f29 (diff) | |
| download | redmine-fdeb398c5e06f642b52f91371c1740f0c828a259.tar.gz redmine-fdeb398c5e06f642b52f91371c1740f0c828a259.zip | |
LDAP: adds the ability to bind with user's account (#1913).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@9241 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/models/auth_source_ldap.rb')
| -rw-r--r-- | app/models/auth_source_ldap.rb | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/app/models/auth_source_ldap.rb b/app/models/auth_source_ldap.rb index 5b8dc0cfe..59ad3f6b4 100644 --- a/app/models/auth_source_ldap.rb +++ b/app/models/auth_source_ldap.rb @@ -17,6 +17,7 @@ require 'iconv' require 'net/ldap' +require 'net/ldap/dn' class AuthSourceLdap < AuthSource validates_presence_of :host, :port, :attr_login @@ -35,7 +36,7 @@ class AuthSourceLdap < AuthSource def authenticate(login, password) return nil if login.blank? || password.blank? - attrs = get_user_dn(login) + attrs = get_user_dn(login, password) if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password) logger.debug "Authentication successful for '#{login}'" if logger && logger.debug? @@ -116,8 +117,13 @@ class AuthSourceLdap < AuthSource end # Get the user's dn and any attributes for them, given their login - def get_user_dn(login) - ldap_con = initialize_ldap_con(self.account, self.account_password) + def get_user_dn(login, password) + ldap_con = nil + if self.account && self.account.include?("login") + ldap_con = initialize_ldap_con(self.account.sub("$login", Net::LDAP::DN.escape(login)), password) + else + ldap_con = initialize_ldap_con(self.account, self.account_password) + end login_filter = Net::LDAP::Filter.eq( self.attr_login, login ) object_filter = Net::LDAP::Filter.eq( "objectClass", "*" ) attrs = {} |