| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657 |
- # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
- class Integration::LdapController < ApplicationController
- include Integration::ImportJobBase
- prepend_before_action :authenticate_and_authorize!
- EXCEPTIONS_SPECIAL_TREATMENT = {
- '48, Inappropriate Authentication' => {}, # workaround for issue #1114
- '50, Insufficient Access Rights' => { error: 'disallow-bind-anon' },
- '53, Unwilling to perform' => { error: 'disallow-bind-anon' },
- }.freeze
- def discover
- answer_with do
- ldap = ::Ldap.new(params)
- {
- attributes: ldap.preferences
- }
- rescue => e
- EXCEPTIONS_SPECIAL_TREATMENT.find { |msg, _| e.message.ends_with?(msg) }&.last || raise
- end
- end
- def bind
- answer_with do
- # create single instance so
- # User and Group don't have to
- # open new connections
- ldap = ::Ldap.new(params)
- user = ::Ldap::User.new(params, ldap: ldap)
- group = ::Ldap::Group.new(params, ldap: ldap)
- {
- # the order of these calls is relevant!
- user_filter: user.filter,
- user_attributes: user.attributes,
- user_uid: user.uid_attribute,
- # the order of these calls is relevant!
- group_filter: group.filter,
- groups: group.list,
- group_uid: group.uid_attribute,
- }
- end
- end
- private
- def payload_dry_run
- {
- ldap_config: super
- }
- end
- end
|
