ChiliProject is not maintained anymore. Please be advised that there will be no more updates.
We do not recommend that you setup new ChiliProject instances and we urge all existing users to migrate their data to a maintained system, e.g. Redmine. We will provide a migration script later. In the meantime, you can use the instructions by Christian Daehn.
chili_tls_ldap.patch
| b/Gemfile | ||
|---|---|---|
| 42 | 42 |
gem "mysql2", "~> 0.2.7" |
| 43 | 43 |
end |
| 44 | 44 | |
| 45 |
group :postgres do |
|
| 46 |
gem "pg", "~> 0.9.0" |
|
| 47 |
# gem "postgres-pr" |
|
| 48 |
end |
|
| 45 |
#group :postgres do
|
|
| 46 |
# gem "pg", "~> 0.9.0"
|
|
| 47 |
# # gem "postgres-pr"
|
|
| 48 |
#end
|
|
| 49 | 49 |
end |
| 50 | 50 | |
| 51 | 51 |
platforms :mri_18 do |
| b/app/models/auth_source_ldap.rb | ||
|---|---|---|
| 11 | 11 |
# See doc/COPYRIGHT.rdoc for more details. |
| 12 | 12 |
#++ |
| 13 | 13 | |
| 14 |
require 'ldap' |
|
| 14 | 15 |
require 'net/ldap' |
| 15 | 16 |
require 'iconv' |
| 16 | 17 | |
| ... | ... | |
| 35 | 36 |
logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
|
| 36 | 37 |
return attrs.except(:dn) |
| 37 | 38 |
end |
| 38 |
rescue Net::LDAP::LdapError => text
|
|
| 39 |
rescue LDAP::Error => text
|
|
| 39 | 40 |
raise "LdapError: " + text |
| 40 | 41 |
end |
| 41 | 42 | |
| ... | ... | |
| 43 | 44 |
def test_connection |
| 44 | 45 |
ldap_con = initialize_ldap_con(self.account, self.account_password) |
| 45 | 46 |
ldap_con.open { }
|
| 46 |
rescue Net::LDAP::LdapError => text
|
|
| 47 |
rescue LDAP::Error => text
|
|
| 47 | 48 |
raise "LdapError: " + text |
| 48 | 49 |
end |
| 49 | 50 | |
| ... | ... | |
| 65 | 66 |
:encryption => (self.tls ? :simple_tls : nil) |
| 66 | 67 |
} |
| 67 | 68 |
options.merge!(:auth => { :method => :simple, :username => ldap_user, :password => ldap_password }) unless ldap_user.blank? && ldap_password.blank?
|
| 68 |
Net::LDAP.new options |
|
| 69 |
if self.tls |
|
| 70 |
conn = LDAP::SSLConn.new(self.host, self.port, self.tls ) |
|
| 71 |
else |
|
| 72 |
conn = LDAP::Conn.new(self.host, self.port ) |
|
| 73 |
end |
|
| 74 |
conn.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3) |
|
| 69 | 75 |
end |
| 70 | 76 | |
| 71 | 77 |
def get_user_attributes_from_ldap_entry(entry) |
| ... | ... | |
| 91 | 97 |
# Check if a DN (user record) authenticates with the password |
| 92 | 98 |
def authenticate_dn(dn, password) |
| 93 | 99 |
if dn.present? && password.present? |
| 94 |
initialize_ldap_con(dn, password).bind |
|
| 100 |
initialize_ldap_con(dn, password).bind(dn, password)
|
|
| 95 | 101 |
end |
| 96 | 102 |
end |
| 97 | 103 | |
| 98 | 104 |
# Get the user's dn and any attributes for them, given their login |
| 99 | 105 |
def get_user_dn(login) |
| 100 | 106 |
ldap_con = initialize_ldap_con(self.account, self.account_password) |
| 101 |
login_filter = Net::LDAP::Filter.eq( self.attr_login, login ) |
|
| 102 |
object_filter = Net::LDAP::Filter.eq( "objectClass", "*" ) |
|
| 107 |
filter = self.attr_login + "=" + encode(login) |
|
| 103 | 108 |
attrs = {}
|
| 104 | 109 | |
| 105 |
ldap_con.search( :base => self.base_dn, |
|
| 106 |
:filter => object_filter & login_filter, |
|
| 107 |
:attributes=> search_attributes) do |entry| |
|
| 110 |
ldap_con.search( self.base_dn, |
|
| 111 |
LDAP::LDAP_SCOPE_SUBTREE, |
|
| 112 |
filter, |
|
| 113 |
search_attributes) do |entry| |
|
| 108 | 114 | |
| 109 | 115 |
if onthefly_register? |
| 110 | 116 |
attrs = get_user_attributes_from_ldap_entry(entry) |
| ... | ... | |
| 123 | 129 |
entry[attr_name].is_a?(Array) ? entry[attr_name].first : entry[attr_name] |
| 124 | 130 |
end |
| 125 | 131 |
end |
| 132 |
|
|
| 133 |
def encode(value) |
|
| 134 |
value = value.gsub("\\", "\\\\5c")
|
|
| 135 |
value = value.gsub("*", "\\\\2a")
|
|
| 136 |
value = value.gsub("(", "\\\\28")
|
|
| 137 |
value = value.gsub(")", "\\\\29")
|
|
| 138 |
value = value.gsub("\000", "\\\\00")
|
|
| 139 |
end |
|
| 126 | 140 |
end |