| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960 |
- # Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/
- require 'ldap'
- require 'ldap/user'
- class Auth
- class Ldap < Auth::Base
- def valid?(user, password)
- return false if !Setting.get('ldap_integration')
- ldap_user = ::Ldap::User.new()
- # get from config or fallback to login
- # for a list of user attributes which should
- # be used for logging in
- login_attributes = @config[:login_attributes] || %w(login)
- authed = login_attributes.any? do |attribute|
- ldap_user.valid?(user[attribute], password)
- end
- log_auth_result(user, authed)
- authed
- rescue => e
- message = "Can't connect to ldap backend, #{e}"
- Rails.logger.info message
- log(
- user: user,
- status: 'failed',
- response: message,
- )
- false
- end
- private
- def log_auth_result(user, authed)
- result = authed ? 'success' : 'failed'
- log(
- user: user,
- status: result,
- )
- end
- def log(user:, status:, response: nil)
- HttpLog.create(
- direction: 'out',
- facility: 'ldap',
- url: "bind -> #{user.login}",
- status: status,
- ip: nil,
- request: { content: user.login },
- response: { content: response || status },
- method: 'tcp',
- created_by_id: 1,
- updated_by_id: 1,
- )
- end
- end
- end
|
