summaryrefslogtreecommitdiffstats
path: root/app/models/auth_source_ldap.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/models/auth_source_ldap.rb')
-rw-r--r--app/models/auth_source_ldap.rb42
1 files changed, 35 insertions, 7 deletions
diff --git a/app/models/auth_source_ldap.rb b/app/models/auth_source_ldap.rb
index 5a32ffc2a..71625dd6b 100644
--- a/app/models/auth_source_ldap.rb
+++ b/app/models/auth_source_ldap.rb
@@ -64,6 +64,32 @@ class AuthSourceLdap < AuthSource
"LDAP"
end
+ # Returns true if this source can be searched for users
+ def searchable?
+ !account.to_s.include?("$login") && %w(login firstname lastname mail).all? {|a| send("attr_#{a}?")}
+ end
+
+ # Searches the source for users and returns an array of results
+ def search(q)
+ q = q.to_s.strip
+ return [] unless searchable? && q.present?
+
+ results = []
+ search_filter = base_filter & Net::LDAP::Filter.begins(self.attr_login, q)
+ ldap_con = initialize_ldap_con(self.account, self.account_password)
+ ldap_con.search(:base => self.base_dn,
+ :filter => search_filter,
+ :attributes => ['dn', self.attr_login, self.attr_firstname, self.attr_lastname, self.attr_mail],
+ :size => 10) do |entry|
+ attrs = get_user_attributes_from_ldap_entry(entry)
+ attrs[:login] = AuthSourceLdap.get_attr(entry, self.attr_login)
+ results << attrs
+ end
+ results
+ rescue Net::LDAP::LdapError => e
+ raise AuthSourceException.new(e.message)
+ end
+
private
def with_timeout(&block)
@@ -84,6 +110,14 @@ class AuthSourceLdap < AuthSource
nil
end
+ def base_filter
+ filter = Net::LDAP::Filter.eq("objectClass", "*")
+ if f = ldap_filter
+ filter = filter & f
+ end
+ filter
+ end
+
def validate_filter
if filter.present? && ldap_filter.nil?
errors.add(:filter, :invalid)
@@ -140,14 +174,8 @@ class AuthSourceLdap < AuthSource
else
ldap_con = initialize_ldap_con(self.account, self.account_password)
end
- login_filter = Net::LDAP::Filter.eq( self.attr_login, login )
- object_filter = Net::LDAP::Filter.eq( "objectClass", "*" )
attrs = {}
-
- search_filter = object_filter & login_filter
- if f = ldap_filter
- search_filter = search_filter & f
- end
+ search_filter = base_filter & Net::LDAP::Filter.eq(self.attr_login, login)
ldap_con.search( :base => self.base_dn,
:filter => search_filter,