Sutty/trabajo-afectivo
5
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Fixed issue #1764 - LDAP login not possible since change to objectguid.

Browse source
This commit is contained in:
Thorsten Eckel 2018-01-22 16:53:53 +01:00
parent 4b8f1b9452
commit c66e22bef9
3 changed files with 21 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
lib/auth/ldap.rb
View file

@ -22,8 +22,9 @@ class Auth
log_auth_result(user, authed) log_auth_result(user, authed)
authed authed
rescue => e rescue => e
message = "Can't connect to ldap backend, #{e}" message = "Can't connect to ldap backend #{e}"
Rails.logger.info message Rails.logger.info message
Rails.logger.info e
log( log(
user: user, user: user,
status: 'failed', status: 'failed',

17
lib/ldap/user.rb
View file

@ -82,9 +82,10 @@ class Ldap
# #
# @return [nil] # @return [nil]
def initialize(config = nil, ldap: nil) def initialize(config = nil, ldap: nil)
@ldap = ldap || ::Ldap.new(config) @config = config || Setting.get('ldap_config')
@ldap = ldap || ::Ldap.new(@config)
handle_config(config) handle_config
end end
# Checks if given username and password combination is valid for the connected LDAP. # Checks if given username and password combination is valid for the connected LDAP.
@ -100,12 +101,12 @@ class Ldap
def valid?(username, password) def valid?(username, password)
bind_success = @ldap.connection.bind_as( bind_success = @ldap.connection.bind_as(
base: @ldap.base_dn, base: @ldap.base_dn,
filter: "(#{uid_attribute}=#{username})", filter: "(#{login_attribute}=#{username})",
password: password password: password
) )
message = bind_success ? 'successful' : 'failed' message = bind_success ? 'successful' : 'failed'
Rails.logger.info "ldap authentication for user '#{username}' (#{uid_attribute}) #{message}!" Rails.logger.info "ldap authentication for user '#{username}' (#{login_attribute}) #{message}!"
bind_success.present? bind_success.present?
end end
@ -177,7 +178,13 @@ class Ldap
private private
def handle_config(config) attr_reader :config
def login_attribute
@login_attribute ||= config[:user_attributes]&.key('login') || uid_attribute
end
def handle_config
return if config.blank? return if config.blank?
@uid_attribute = config[:uid_attribute] @uid_attribute = config[:uid_attribute]
@filter = config[:filter] @filter = config[:filter]

12
spec/lib/ldap/user_spec.rb
View file

@ -13,10 +13,10 @@ RSpec.describe Ldap::User do
it 'returns uid attribute string from given attribute strucutre' do it 'returns uid attribute string from given attribute strucutre' do
attributes = { attributes = {
samaccountname: 'TEST', objectguid: 'TEST',
custom: 'value', custom: 'value',
} }
expect(described_class.uid_attribute(attributes)).to eq('samaccountname') expect(described_class.uid_attribute(attributes)).to eq('objectguid')
end end
it 'returns nil if no attribute could be found' do it 'returns nil if no attribute could be found' do
@ -54,7 +54,7 @@ RSpec.describe Ldap::User do
it 'takes optional uid_attribute' do it 'takes optional uid_attribute' do
uid_attribute = 'samaccountname' uid_attribute = 'objectguid'
config = { config = {
uid_attribute: uid_attribute uid_attribute: uid_attribute
} }
@ -74,7 +74,7 @@ RSpec.describe Ldap::User do
let(:initialization_config) do let(:initialization_config) do
{ {
uid_attribute: 'samaccountname', uid_attribute: 'objectguid',
filter: '(objectClass=user)', filter: '(objectClass=user)',
} }
end end
@ -147,7 +147,7 @@ RSpec.describe Ldap::User do
let(:initialization_config) do let(:initialization_config) do
{ {
uid_attribute: 'samaccountname', uid_attribute: 'objectguid',
} }
end end
@ -182,7 +182,7 @@ RSpec.describe Ldap::User do
ldap_entry = build(:ldap_entry) ldap_entry = build(:ldap_entry)
# selectable attribute # selectable attribute
ldap_entry['samaccountname'] = 'test@example.com' ldap_entry['objectguid'] = 'f742b361-32c6-4a92-baaa-eaae7df657ee'
expect(mocked_ldap).to receive(:search).and_yield(ldap_entry) expect(mocked_ldap).to receive(:search).and_yield(ldap_entry)