Project

General

Profile

« Previous | Next » 

Revision fc3faf6f

Added by Marek Hulán about 9 years ago

Fixes #9885 - pass verify_mode to net/ldap

View differences:

Gemfile
gem 'will_paginate', '~> 3.0'
gem 'ancestry', '~> 2.0'
gem 'scoped_search', '~> 2.7'
gem 'ldap_fluff', '~> 0.3'
gem 'ldap_fluff', '>= 0.3.4', '< 1.0'
gem 'apipie-rails', '~> 0.2.5'
gem 'rabl', '~> 0.11'
gem 'oauth', '~> 0.4'
app/models/auth_sources/auth_source_ldap.rb
def to_config(login = nil, password = nil)
raise ::Foreman::Exception.new(N_('Cannot create LDAP configuration for %s without dedicated service account'), self.name) if login.nil? && use_user_login_for_service?
{ :host => host, :port => port, :encryption => (tls ? :simple_tls : nil),
{ :host => host, :port => port, :encryption => encryption_config,
:base_dn => base_dn, :group_base => groups_base, :attr_login => attr_login,
:server_type => server_type.to_sym, :search_filter => ldap_filter,
:anon_queries => account.blank?, :service_user => service_user(login),
:service_pass => use_user_login_for_service? ? password : account_password }
end
def encryption_config
method = tls ? :simple_tls : nil
{ :method => method, :tls_options => { :verify_mode => OpenSSL::SSL::VERIFY_PEER } }
end
def ldap_con(login = nil, password = nil)
if login.present?
LdapFluff.new(self.to_config(login, password))
test/unit/auth_source_ldap_test.rb
assert conf[:anon_queries]
end
test '#to_config enforces verify_mode peer' do
conf = FactoryGirl.build(:auth_source_ldap).to_config('user', 'pass')
assert_kind_of Hash, conf[:encryption]
assert_equal OpenSSL::SSL::VERIFY_PEER, conf[:encryption][:tls_options][:verify_mode]
end
test '#ldap_con does not cache connections with user auth' do
ldap = FactoryGirl.build(:auth_source_ldap, :account => 'DOMAIN/$login')
refute_equal ldap.ldap_con('user', 'pass'), ldap.ldap_con('user', 'pass')

Also available in: Unified diff