diff options
Diffstat (limited to 'app/models/auth_source_ldap.rb')
-rw-r--r-- | app/models/auth_source_ldap.rb | 42 |
1 files changed, 35 insertions, 7 deletions
diff --git a/app/models/auth_source_ldap.rb b/app/models/auth_source_ldap.rb index 5a32ffc2a..71625dd6b 100644 --- a/app/models/auth_source_ldap.rb +++ b/app/models/auth_source_ldap.rb @@ -64,6 +64,32 @@ class AuthSourceLdap < AuthSource "LDAP" end + # Returns true if this source can be searched for users + def searchable? + !account.to_s.include?("$login") && %w(login firstname lastname mail).all? {|a| send("attr_#{a}?")} + end + + # Searches the source for users and returns an array of results + def search(q) + q = q.to_s.strip + return [] unless searchable? && q.present? + + results = [] + search_filter = base_filter & Net::LDAP::Filter.begins(self.attr_login, q) + ldap_con = initialize_ldap_con(self.account, self.account_password) + ldap_con.search(:base => self.base_dn, + :filter => search_filter, + :attributes => ['dn', self.attr_login, self.attr_firstname, self.attr_lastname, self.attr_mail], + :size => 10) do |entry| + attrs = get_user_attributes_from_ldap_entry(entry) + attrs[:login] = AuthSourceLdap.get_attr(entry, self.attr_login) + results << attrs + end + results + rescue Net::LDAP::LdapError => e + raise AuthSourceException.new(e.message) + end + private def with_timeout(&block) @@ -84,6 +110,14 @@ class AuthSourceLdap < AuthSource nil end + def base_filter + filter = Net::LDAP::Filter.eq("objectClass", "*") + if f = ldap_filter + filter = filter & f + end + filter + end + def validate_filter if filter.present? && ldap_filter.nil? errors.add(:filter, :invalid) @@ -140,14 +174,8 @@ class AuthSourceLdap < AuthSource else ldap_con = initialize_ldap_con(self.account, self.account_password) end - login_filter = Net::LDAP::Filter.eq( self.attr_login, login ) - object_filter = Net::LDAP::Filter.eq( "objectClass", "*" ) attrs = {} - - search_filter = object_filter & login_filter - if f = ldap_filter - search_filter = search_filter & f - end + search_filter = base_filter & Net::LDAP::Filter.eq(self.attr_login, login) ldap_con.search( :base => self.base_dn, :filter => search_filter, |