ldap_controller.rb 1.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. class Integration::LdapController < ApplicationController
  3. include Integration::ImportJobBase
  4. prepend_before_action :authenticate_and_authorize!
  5. EXCEPTIONS_SPECIAL_TREATMENT = {
  6. '48, Inappropriate Authentication' => {}, # workaround for issue #1114
  7. '50, Insufficient Access Rights' => { error: 'disallow-bind-anon' },
  8. '53, Unwilling to perform' => { error: 'disallow-bind-anon' },
  9. }.freeze
  10. def discover
  11. answer_with do
  12. ldap = ::Ldap.new(params)
  13. {
  14. attributes: ldap.preferences
  15. }
  16. rescue => e
  17. EXCEPTIONS_SPECIAL_TREATMENT.find { |msg, _| e.message.ends_with?(msg) }&.last || raise
  18. end
  19. end
  20. def bind
  21. answer_with do
  22. # create single instance so
  23. # User and Group don't have to
  24. # open new connections
  25. ldap = ::Ldap.new(params)
  26. user = ::Ldap::User.new(params, ldap: ldap)
  27. group = ::Ldap::Group.new(params, ldap: ldap)
  28. {
  29. # the order of these calls is relevant!
  30. user_filter: user.filter,
  31. user_attributes: user.attributes,
  32. user_uid: user.uid_attribute,
  33. # the order of these calls is relevant!
  34. group_filter: group.filter,
  35. groups: group.list,
  36. group_uid: group.uid_attribute,
  37. }
  38. end
  39. end
  40. private
  41. def payload_dry_run
  42. {
  43. ldap_config: super
  44. }
  45. end
  46. end