Revision fc3faf6f
Added by Marek Hulán about 9 years ago
Gemfile | ||
---|---|---|
gem 'will_paginate', '~> 3.0'
|
||
gem 'ancestry', '~> 2.0'
|
||
gem 'scoped_search', '~> 2.7'
|
||
gem 'ldap_fluff', '~> 0.3'
|
||
gem 'ldap_fluff', '>= 0.3.4', '< 1.0'
|
||
gem 'apipie-rails', '~> 0.2.5'
|
||
gem 'rabl', '~> 0.11'
|
||
gem 'oauth', '~> 0.4'
|
app/models/auth_sources/auth_source_ldap.rb | ||
---|---|---|
|
||
def to_config(login = nil, password = nil)
|
||
raise ::Foreman::Exception.new(N_('Cannot create LDAP configuration for %s without dedicated service account'), self.name) if login.nil? && use_user_login_for_service?
|
||
{ :host => host, :port => port, :encryption => (tls ? :simple_tls : nil),
|
||
{ :host => host, :port => port, :encryption => encryption_config,
|
||
:base_dn => base_dn, :group_base => groups_base, :attr_login => attr_login,
|
||
:server_type => server_type.to_sym, :search_filter => ldap_filter,
|
||
:anon_queries => account.blank?, :service_user => service_user(login),
|
||
:service_pass => use_user_login_for_service? ? password : account_password }
|
||
end
|
||
|
||
def encryption_config
|
||
method = tls ? :simple_tls : nil
|
||
{ :method => method, :tls_options => { :verify_mode => OpenSSL::SSL::VERIFY_PEER } }
|
||
end
|
||
|
||
def ldap_con(login = nil, password = nil)
|
||
if login.present?
|
||
LdapFluff.new(self.to_config(login, password))
|
test/unit/auth_source_ldap_test.rb | ||
---|---|---|
assert conf[:anon_queries]
|
||
end
|
||
|
||
test '#to_config enforces verify_mode peer' do
|
||
conf = FactoryGirl.build(:auth_source_ldap).to_config('user', 'pass')
|
||
assert_kind_of Hash, conf[:encryption]
|
||
assert_equal OpenSSL::SSL::VERIFY_PEER, conf[:encryption][:tls_options][:verify_mode]
|
||
end
|
||
|
||
test '#ldap_con does not cache connections with user auth' do
|
||
ldap = FactoryGirl.build(:auth_source_ldap, :account => 'DOMAIN/$login')
|
||
refute_equal ldap.ldap_con('user', 'pass'), ldap.ldap_con('user', 'pass')
|
Also available in: Unified diff
Fixes #9885 - pass verify_mode to net/ldap