Fixed issue #1764 - LDAP login not possible since change to objectguid.

2018-01-22 16:53:53 +01:00 · 2018-01-22 16:53:53 +01:00 · c66e22bef9
parent 4b8f1b9452
commit c66e22bef9
3 changed files with 21 additions and 13 deletions
--- a/lib/auth/ldap.rb
+++ b/lib/auth/ldap.rb
@ -22,8 +22,9 @@ class Auth
      log_auth_result(user, authed)
      authed
    rescue => e
-      message = "Can't connect to ldap backend, #{e}"
+      message = "Can't connect to ldap backend #{e}"
      Rails.logger.info message
+      Rails.logger.info e
      log(
        user:     user,
        status:   'failed',
--- a/lib/ldap/user.rb
+++ b/lib/ldap/user.rb
@ -82,9 +82,10 @@ class Ldap
    #
    # @return [nil]
    def initialize(config = nil, ldap: nil)
-      @ldap = ldap || ::Ldap.new(config)
+      @config = config || Setting.get('ldap_config')
+      @ldap   = ldap || ::Ldap.new(@config)

-      handle_config(config)
+      handle_config
    end

    # Checks if given username and password combination is valid for the connected LDAP.
@ -100,12 +101,12 @@ class Ldap
    def valid?(username, password)
      bind_success = @ldap.connection.bind_as(
        base: @ldap.base_dn,
-        filter: "(#{uid_attribute}=#{username})",
+        filter: "(#{login_attribute}=#{username})",
        password: password
      )

      message = bind_success ? 'successful' : 'failed'
-      Rails.logger.info "ldap authentication for user '#{username}' (#{uid_attribute}) #{message}!"
+      Rails.logger.info "ldap authentication for user '#{username}' (#{login_attribute}) #{message}!"
      bind_success.present?
    end

@ -177,7 +178,13 @@ class Ldap

    private

-    def handle_config(config)
+    attr_reader :config
+
+    def login_attribute
+      @login_attribute ||= config[:user_attributes]&.key('login') || uid_attribute
+    end
+
+    def handle_config
      return if config.blank?
      @uid_attribute = config[:uid_attribute]
      @filter        = config[:filter]
--- a/spec/lib/ldap/user_spec.rb
+++ b/spec/lib/ldap/user_spec.rb
@ -13,10 +13,10 @@ RSpec.describe Ldap::User do

    it 'returns uid attribute string from given attribute strucutre' do
      attributes = {
-        samaccountname: 'TEST',
-        custom:         'value',
+        objectguid: 'TEST',
+        custom:     'value',
      }
-      expect(described_class.uid_attribute(attributes)).to eq('samaccountname')
+      expect(described_class.uid_attribute(attributes)).to eq('objectguid')
    end

    it 'returns nil if no attribute could be found' do
@ -54,7 +54,7 @@ RSpec.describe Ldap::User do

    it 'takes optional uid_attribute' do

-      uid_attribute = 'samaccountname'
+      uid_attribute = 'objectguid'
      config = {
        uid_attribute: uid_attribute
      }
@ -74,7 +74,7 @@ RSpec.describe Ldap::User do

    let(:initialization_config) do
      {
-        uid_attribute: 'samaccountname',
+        uid_attribute: 'objectguid',
        filter:        '(objectClass=user)',
      }
    end
@ -147,7 +147,7 @@ RSpec.describe Ldap::User do

      let(:initialization_config) do
        {
-          uid_attribute: 'samaccountname',
+          uid_attribute: 'objectguid',
        }
      end

@ -182,7 +182,7 @@ RSpec.describe Ldap::User do
        ldap_entry = build(:ldap_entry)

        # selectable attribute
-        ldap_entry['samaccountname'] = 'test@example.com'
+        ldap_entry['objectguid'] = 'f742b361-32c6-4a92-baaa-eaae7df657ee'

        expect(mocked_ldap).to receive(:search).and_yield(ldap_entry)