omniauth-ldap-1.0.4/0000755000004100000410000000000012261234201014277 5ustar www-datawww-dataomniauth-ldap-1.0.4/Rakefile0000644000004100000410000000025612261234201015747 0ustar www-datawww-data#!/usr/bin/env rake require "bundler/gem_tasks" require 'rspec/core/rake_task' desc 'Default: run specs.' task :default => :spec desc "Run specs" RSpec::Core::RakeTask.new omniauth-ldap-1.0.4/Gemfile0000644000004100000410000000024112261234201015567 0ustar www-datawww-datasource 'http://rubygems.org' gemspec group :development, :test do gem 'guard' gem 'guard-rspec' gem 'guard-bundler' gem 'growl' gem 'rb-fsevent' end omniauth-ldap-1.0.4/.rspec0000644000004100000410000000001112261234201015404 0ustar www-datawww-data--colour omniauth-ldap-1.0.4/spec/0000755000004100000410000000000012261234201015231 5ustar www-datawww-dataomniauth-ldap-1.0.4/spec/omniauth/0000755000004100000410000000000012261234201017055 5ustar www-datawww-dataomniauth-ldap-1.0.4/spec/omniauth/strategies/0000755000004100000410000000000012261234201021227 5ustar www-datawww-dataomniauth-ldap-1.0.4/spec/omniauth/strategies/ldap_spec.rb0000644000004100000410000001261712261234201023515 0ustar www-datawww-datarequire 'spec_helper' describe "OmniAuth::Strategies::LDAP" do # :title => "My LDAP", # :host => '10.101.10.1', # :port => 389, # :method => :plain, # :base => 'dc=intridea, dc=com', # :uid => 'sAMAccountName', # :name_proc => Proc.new {|name| name.gsub(/@.*$/,'')} # :bind_dn => 'default_bind_dn' # :password => 'password' class MyLdapProvider < OmniAuth::Strategies::LDAP; end let(:app) do Rack::Builder.new { use OmniAuth::Test::PhonySession use MyLdapProvider, :name => 'ldap', :title => 'MyLdap Form', :host => '192.168.1.145', :base => 'dc=score, dc=local', :name_proc => Proc.new {|name| name.gsub(/@.*$/,'')} run lambda { |env| [404, {'Content-Type' => 'text/plain'}, [env.key?('omniauth.auth').to_s]] } }.to_app end let(:session) do last_request.env['rack.session'] end it 'should add a camelization for itself' do OmniAuth::Utils.camelize('ldap').should == 'LDAP' end describe '/auth/ldap' do before(:each){ get '/auth/ldap' } it 'should display a form' do last_response.status.should == 200 last_response.body.should be_include(" 1 end end describe 'post /auth/ldap/callback' do before(:each) do @adaptor = double(OmniAuth::LDAP::Adaptor, {:uid => 'ping'}) OmniAuth::LDAP::Adaptor.stub(:new).and_return(@adaptor) end context 'failure' do before(:each) do @adaptor.stub(:bind_as).and_return(false) end context "when username is not preset" do it 'should redirect to error page' do post('/auth/ldap/callback', {}) last_response.should be_redirect last_response.headers['Location'].should =~ %r{missing_credentials} end end context "when username is empty" do it 'should redirect to error page' do post('/auth/ldap/callback', {:username => ""}) last_response.should be_redirect last_response.headers['Location'].should =~ %r{missing_credentials} end end context "when username is present" do context "and password is not preset" do it 'should redirect to error page' do post('/auth/ldap/callback', {:username => "ping"}) last_response.should be_redirect last_response.headers['Location'].should =~ %r{missing_credentials} end end context "and password is empty" do it 'should redirect to error page' do post('/auth/ldap/callback', {:username => "ping", :password => ""}) last_response.should be_redirect last_response.headers['Location'].should =~ %r{missing_credentials} end end end context "when username and password are present" do context "and bind on LDAP server failed" do it 'should redirect to error page' do post('/auth/ldap/callback', {:username => 'ping', :password => 'password'}) last_response.should be_redirect last_response.headers['Location'].should =~ %r{invalid_credentials} end end context "and communication with LDAP server caused an exception" do before :each do @adaptor.stub(:bind_as).and_throw(Exception.new('connection_error')) end it 'should redirect to error page' do post('/auth/ldap/callback', {:username => "ping", :password => "password"}) last_response.should be_redirect last_response.headers['Location'].should =~ %r{ldap_error} end end end end context 'success' do let(:auth_hash){ last_request.env['omniauth.auth'] } before(:each) do @adaptor.stub(:bind_as).and_return(Net::LDAP::Entry.from_single_ldif_string( %Q{dn: cn=ping, dc=intridea, dc=com mail: ping@intridea.com givenname: Ping sn: Yu telephonenumber: 555-555-5555 mobile: 444-444-4444 uid: ping title: dev address: k street l: Washington st: DC co: U.S.A postofficebox: 20001 wwwhomepage: www.intridea.com jpegphoto: http://www.intridea.com/ping.jpg description: omniauth-ldap } )) post('/auth/ldap/callback', {:username => 'ping', :password => 'password'}) end it 'should not redirect to error page' do last_response.should_not be_redirect end it 'should map user info to Auth Hash' do auth_hash.uid.should == 'cn=ping, dc=intridea, dc=com' auth_hash.info.email.should == 'ping@intridea.com' auth_hash.info.first_name.should == 'Ping' auth_hash.info.last_name.should == 'Yu' auth_hash.info.phone.should == '555-555-5555' auth_hash.info.mobile.should == '444-444-4444' auth_hash.info.nickname.should == 'ping' auth_hash.info.title.should == 'dev' auth_hash.info.location.should == 'k street, Washington, DC, U.S.A 20001' auth_hash.info.url.should == 'www.intridea.com' auth_hash.info.image.should == 'http://www.intridea.com/ping.jpg' auth_hash.info.description.should == 'omniauth-ldap' end end end end omniauth-ldap-1.0.4/spec/spec_helper.rb0000644000004100000410000000053512261234201020052 0ustar www-datawww-data$:.unshift File.expand_path('..', __FILE__) $:.unshift File.expand_path('../../lib', __FILE__) require 'simplecov' SimpleCov.start require 'rspec' require 'rack/test' require 'omniauth' require 'omniauth-ldap' RSpec.configure do |config| config.include Rack::Test::Methods config.extend OmniAuth::Test::StrategyMacros, :type => :strategy end omniauth-ldap-1.0.4/spec/omniauth-ldap/0000755000004100000410000000000012261234201017773 5ustar www-datawww-dataomniauth-ldap-1.0.4/spec/omniauth-ldap/adaptor_spec.rb0000644000004100000410000001125512261234201022770 0ustar www-datawww-datarequire 'spec_helper' describe "OmniAuth::LDAP::Adaptor" do describe 'initialize' do it 'should throw exception when must have field is not set' do #[:host, :port, :method, :bind_dn] lambda { OmniAuth::LDAP::Adaptor.new({host: "192.168.1.145", method: 'plain'})}.should raise_error(ArgumentError) end it 'should throw exception when method is not supported' do lambda { OmniAuth::LDAP::Adaptor.new({host: "192.168.1.145", method: 'myplain', uid: 'uid', port: 389, base: 'dc=com'})}.should raise_error(OmniAuth::LDAP::Adaptor::ConfigurationError) end it 'should setup ldap connection with anonymous' do adaptor = OmniAuth::LDAP::Adaptor.new({host: "192.168.1.145", method: 'plain', base: 'dc=intridea, dc=com', port: 389, uid: 'sAMAccountName'}) adaptor.connection.should_not == nil adaptor.connection.host.should == '192.168.1.145' adaptor.connection.port.should == 389 adaptor.connection.base.should == 'dc=intridea, dc=com' adaptor.connection.instance_variable_get('@auth').should == {:method => :anonymous, :username => nil, :password => nil} end it 'should setup ldap connection with simple' do adaptor = OmniAuth::LDAP::Adaptor.new({host: "192.168.1.145", method: 'plain', base: 'dc=intridea, dc=com', port: 389, uid: 'sAMAccountName', bind_dn: 'bind_dn', password: 'password'}) adaptor.connection.should_not == nil adaptor.connection.host.should == '192.168.1.145' adaptor.connection.port.should == 389 adaptor.connection.base.should == 'dc=intridea, dc=com' adaptor.connection.instance_variable_get('@auth').should == {:method => :simple, :username => 'bind_dn', :password => 'password'} end it 'should setup ldap connection with sasl-md5' do adaptor = OmniAuth::LDAP::Adaptor.new({host: "192.168.1.145", method: 'plain', base: 'dc=intridea, dc=com', port: 389, uid: 'sAMAccountName', try_sasl: true, sasl_mechanisms: ["DIGEST-MD5"], bind_dn: 'bind_dn', password: 'password'}) adaptor.connection.should_not == nil adaptor.connection.host.should == '192.168.1.145' adaptor.connection.port.should == 389 adaptor.connection.base.should == 'dc=intridea, dc=com' adaptor.connection.instance_variable_get('@auth')[:method].should == :sasl adaptor.connection.instance_variable_get('@auth')[:mechanism].should == 'DIGEST-MD5' adaptor.connection.instance_variable_get('@auth')[:initial_credential].should == '' adaptor.connection.instance_variable_get('@auth')[:challenge_response].should_not be_nil end it 'should setup ldap connection with sasl-gss' do adaptor = OmniAuth::LDAP::Adaptor.new({host: "192.168.1.145", method: 'plain', base: 'dc=intridea, dc=com', port: 389, uid: 'sAMAccountName', try_sasl: true, sasl_mechanisms: ["GSS-SPNEGO"], bind_dn: 'bind_dn', password: 'password'}) adaptor.connection.should_not == nil adaptor.connection.host.should == '192.168.1.145' adaptor.connection.port.should == 389 adaptor.connection.base.should == 'dc=intridea, dc=com' adaptor.connection.instance_variable_get('@auth')[:method].should == :sasl adaptor.connection.instance_variable_get('@auth')[:mechanism].should == 'GSS-SPNEGO' adaptor.connection.instance_variable_get('@auth')[:initial_credential].should =~ /^NTLMSSP/ adaptor.connection.instance_variable_get('@auth')[:challenge_response].should_not be_nil end end describe 'bind_as' do let(:args) { {:filter => Net::LDAP::Filter.eq('sAMAccountName', 'username'), :password => 'password', :size => 1} } let(:rs) { Struct.new(:dn).new('new dn') } it 'should bind simple' do adaptor = OmniAuth::LDAP::Adaptor.new({host: "192.168.1.126", method: 'plain', base: 'dc=score, dc=local', port: 389, uid: 'sAMAccountName', bind_dn: 'bind_dn', password: 'password'}) adaptor.connection.should_receive(:open).and_yield(adaptor.connection) adaptor.connection.should_receive(:search).with(args).and_return([rs]) adaptor.connection.should_receive(:bind).with({:username => 'new dn', :password => args[:password], :method => :simple}).and_return(true) adaptor.bind_as(args).should == rs end it 'should bind sasl' do adaptor = OmniAuth::LDAP::Adaptor.new({host: "192.168.1.145", method: 'plain', base: 'dc=intridea, dc=com', port: 389, uid: 'sAMAccountName', try_sasl: true, sasl_mechanisms: ["GSS-SPNEGO"], bind_dn: 'bind_dn', password: 'password'}) adaptor.connection.should_receive(:open).and_yield(adaptor.connection) adaptor.connection.should_receive(:search).with(args).and_return([rs]) adaptor.connection.should_receive(:bind).and_return(true) adaptor.bind_as(args).should == rs end end end omniauth-ldap-1.0.4/lib/0000755000004100000410000000000012261234201015045 5ustar www-datawww-dataomniauth-ldap-1.0.4/lib/omniauth/0000755000004100000410000000000012261234201016671 5ustar www-datawww-dataomniauth-ldap-1.0.4/lib/omniauth/strategies/0000755000004100000410000000000012261234201021043 5ustar www-datawww-dataomniauth-ldap-1.0.4/lib/omniauth/strategies/ldap.rb0000644000004100000410000000615612261234201022320 0ustar www-datawww-datarequire 'omniauth' module OmniAuth module Strategies class LDAP include OmniAuth::Strategy @@config = { 'name' => 'cn', 'first_name' => 'givenName', 'last_name' => 'sn', 'email' => ['mail', "email", 'userPrincipalName'], 'phone' => ['telephoneNumber', 'homePhone', 'facsimileTelephoneNumber'], 'mobile' => ['mobile', 'mobileTelephoneNumber'], 'nickname' => ['uid', 'userid', 'sAMAccountName'], 'title' => 'title', 'location' => {"%0, %1, %2, %3 %4" => [['address', 'postalAddress', 'homePostalAddress', 'street', 'streetAddress'], ['l'], ['st'],['co'],['postOfficeBox']]}, 'uid' => 'dn', 'url' => ['wwwhomepage'], 'image' => 'jpegPhoto', 'description' => 'description' } option :title, "LDAP Authentication" #default title for authentication form option :port, 389 option :method, :plain option :uid, 'sAMAccountName' option :name_proc, lambda {|n| n} def request_phase OmniAuth::LDAP::Adaptor.validate @options f = OmniAuth::Form.new(:title => (options[:title] || "LDAP Authentication"), :url => callback_path) f.text_field 'Login', 'username' f.password_field 'Password', 'password' f.button "Sign In" f.to_response end def callback_phase @adaptor = OmniAuth::LDAP::Adaptor.new @options return fail!(:missing_credentials) if missing_credentials? begin @ldap_user_info = @adaptor.bind_as(:filter => Net::LDAP::Filter.eq(@adaptor.uid, @options[:name_proc].call(request['username'])),:size => 1, :password => request['password']) return fail!(:invalid_credentials) if !@ldap_user_info @user_info = self.class.map_user(@@config, @ldap_user_info) super rescue Exception => e return fail!(:ldap_error, e) end end uid { @user_info["uid"] } info { @user_info } extra { { :raw_info => @ldap_user_info } } def self.map_user(mapper, object) user = {} mapper.each do |key, value| case value when String user[key] = object[value.downcase.to_sym].first if object.respond_to? value.downcase.to_sym when Array value.each {|v| (user[key] = object[v.downcase.to_sym].first; break;) if object.respond_to? v.downcase.to_sym} when Hash value.map do |key1, value1| pattern = key1.dup value1.each_with_index do |v,i| part = ''; v.collect(&:downcase).collect(&:to_sym).each {|v1| (part = object[v1].first; break;) if object.respond_to? v1} pattern.gsub!("%#{i}",part||'') end user[key] = pattern end end end user end protected def missing_credentials? request['username'].nil? or request['username'].empty? or request['password'].nil? or request['password'].empty? end # missing_credentials? end end end OmniAuth.config.add_camelization 'ldap', 'LDAP' omniauth-ldap-1.0.4/lib/omniauth-ldap/0000755000004100000410000000000012261234201017607 5ustar www-datawww-dataomniauth-ldap-1.0.4/lib/omniauth-ldap/version.rb0000644000004100000410000000007612261234201021624 0ustar www-datawww-datamodule OmniAuth module LDAP VERSION = "1.0.4" end end omniauth-ldap-1.0.4/lib/omniauth-ldap/adaptor.rb0000644000004100000410000001177212261234201021576 0ustar www-datawww-data#this code borrowed pieces from activeldap and net-ldap require 'rack' require 'net/ldap' require 'net/ntlm' require 'sasl' require 'kconv' module OmniAuth module LDAP class Adaptor class LdapError < StandardError; end class ConfigurationError < StandardError; end class AuthenticationError < StandardError; end class ConnectionError < StandardError; end VALID_ADAPTER_CONFIGURATION_KEYS = [:host, :port, :method, :bind_dn, :password, :try_sasl, :sasl_mechanisms, :uid, :base, :allow_anonymous] MUST_HAVE_KEYS = [:host, :port, :method, :uid, :base] METHOD = { :ssl => :simple_tls, :tls => :start_tls, :plain => nil, } attr_accessor :bind_dn, :password attr_reader :connection, :uid, :base, :auth def self.validate(configuration={}) message = [] MUST_HAVE_KEYS.each do |name| message << name if configuration[name].nil? end raise ArgumentError.new(message.join(",") +" MUST be provided") unless message.empty? end def initialize(configuration={}) Adaptor.validate(configuration) @configuration = configuration.dup @configuration[:allow_anonymous] ||= false @logger = @configuration.delete(:logger) VALID_ADAPTER_CONFIGURATION_KEYS.each do |name| instance_variable_set("@#{name}", @configuration[name]) end method = ensure_method(@method) config = { :host => @host, :port => @port, :encryption => method, :base => @base } @bind_method = @try_sasl ? :sasl : (@allow_anonymous||!@bind_dn||!@password ? :anonymous : :simple) @auth = sasl_auths({:username => @bind_dn, :password => @password}).first if @bind_method == :sasl @auth ||= { :method => @bind_method, :username => @bind_dn, :password => @password } config[:auth] = @auth @connection = Net::LDAP.new(config) end #:base => "dc=yourcompany, dc=com", # :filter => "(mail=#{user})", # :password => psw def bind_as(args = {}) result = false @connection.open do |me| rs = me.search args if rs and rs.first and dn = rs.first.dn password = args[:password] method = args[:method] || @method password = password.call if password.respond_to?(:call) if method == 'sasl' result = rs.first if me.bind(sasl_auths({:username => dn, :password => password}).first) else result = rs.first if me.bind(:method => :simple, :username => dn, :password => password) end end end result end private def ensure_method(method) method ||= "plain" normalized_method = method.to_s.downcase.to_sym return METHOD[normalized_method] if METHOD.has_key?(normalized_method) available_methods = METHOD.keys.collect {|m| m.inspect}.join(", ") format = "%s is not one of the available connect methods: %s" raise ConfigurationError, format % [method.inspect, available_methods] end def sasl_auths(options={}) auths = [] sasl_mechanisms = options[:sasl_mechanisms] || @sasl_mechanisms sasl_mechanisms.each do |mechanism| normalized_mechanism = mechanism.downcase.gsub(/-/, '_') sasl_bind_setup = "sasl_bind_setup_#{normalized_mechanism}" next unless respond_to?(sasl_bind_setup, true) initial_credential, challenge_response = send(sasl_bind_setup, options) auths << { :method => :sasl, :initial_credential => initial_credential, :mechanism => mechanism, :challenge_response => challenge_response } end auths end def sasl_bind_setup_digest_md5(options) bind_dn = options[:username] initial_credential = "" challenge_response = Proc.new do |cred| pref = SASL::Preferences.new :digest_uri => "ldap/#{@host}", :username => bind_dn, :has_password? => true, :password => options[:password] sasl = SASL.new("DIGEST-MD5", pref) response = sasl.receive("challenge", cred) response[1] end [initial_credential, challenge_response] end def sasl_bind_setup_gss_spnego(options) bind_dn = options[:username] psw = options[:password] raise LdapError.new( "invalid binding information" ) unless (bind_dn && psw) nego = proc {|challenge| t2_msg = Net::NTLM::Message.parse( challenge ) bind_dn, domain = bind_dn.split('\\').reverse t2_msg.target_name = Net::NTLM::encode_utf16le(domain) if domain t3_msg = t2_msg.response( {:user => bind_dn, :password => psw}, {:ntlmv2 => true} ) t3_msg.serialize } [Net::NTLM::Message::Type1.new.serialize, nego] end end end end omniauth-ldap-1.0.4/lib/omniauth-ldap.rb0000644000004100000410000000014412261234201020133 0ustar www-datawww-datarequire "omniauth-ldap/version" require "omniauth-ldap/adaptor" require 'omniauth/strategies/ldap' omniauth-ldap-1.0.4/omniauth-ldap.gemspec0000644000004100000410000000226312261234201020411 0ustar www-datawww-data# -*- encoding: utf-8 -*- require File.expand_path('../lib/omniauth-ldap/version', __FILE__) Gem::Specification.new do |gem| gem.authors = ["Ping Yu"] gem.email = ["ping@intridea.com"] gem.description = %q{A LDAP strategy for OmniAuth.} gem.summary = %q{A LDAP strategy for OmniAuth.} gem.homepage = "https://github.com/intridea/omniauth-ldap" gem.license = "MIT" gem.add_runtime_dependency 'omniauth', '~> 1.0' gem.add_runtime_dependency 'net-ldap', '~> 0.3.1' gem.add_runtime_dependency 'pyu-ruby-sasl', '~> 0.0.3.1' gem.add_runtime_dependency 'rubyntlm', '~> 0.1.1' gem.add_development_dependency 'rspec', '~> 2.7' gem.add_development_dependency 'simplecov' gem.add_development_dependency 'rack-test' gem.add_development_dependency 'libnotify' gem.add_development_dependency 'ruby-debug19' gem.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) } gem.files = `git ls-files`.split("\n") gem.test_files = `git ls-files -- {test,spec,features}/*`.split("\n") gem.name = "omniauth-ldap" gem.require_paths = ["lib"] gem.version = OmniAuth::LDAP::VERSION end omniauth-ldap-1.0.4/metadata.yml0000644000004100000410000001075512261234201016612 0ustar www-datawww-data--- !ruby/object:Gem::Specification name: omniauth-ldap version: !ruby/object:Gem::Version version: 1.0.4 platform: ruby authors: - Ping Yu autorequire: bindir: bin cert_chain: [] date: 2013-12-11 00:00:00.000000000 Z dependencies: - !ruby/object:Gem::Dependency name: omniauth requirement: !ruby/object:Gem::Requirement requirements: - - ~> - !ruby/object:Gem::Version version: '1.0' type: :runtime prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - ~> - !ruby/object:Gem::Version version: '1.0' - !ruby/object:Gem::Dependency name: net-ldap requirement: !ruby/object:Gem::Requirement requirements: - - ~> - !ruby/object:Gem::Version version: 0.3.1 type: :runtime prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - ~> - !ruby/object:Gem::Version version: 0.3.1 - !ruby/object:Gem::Dependency name: pyu-ruby-sasl requirement: !ruby/object:Gem::Requirement requirements: - - ~> - !ruby/object:Gem::Version version: 0.0.3.1 type: :runtime prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - ~> - !ruby/object:Gem::Version version: 0.0.3.1 - !ruby/object:Gem::Dependency name: rubyntlm requirement: !ruby/object:Gem::Requirement requirements: - - ~> - !ruby/object:Gem::Version version: 0.1.1 type: :runtime prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - ~> - !ruby/object:Gem::Version version: 0.1.1 - !ruby/object:Gem::Dependency name: rspec requirement: !ruby/object:Gem::Requirement requirements: - - ~> - !ruby/object:Gem::Version version: '2.7' type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - ~> - !ruby/object:Gem::Version version: '2.7' - !ruby/object:Gem::Dependency name: simplecov requirement: !ruby/object:Gem::Requirement requirements: - - ! '>=' - !ruby/object:Gem::Version version: '0' type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - ! '>=' - !ruby/object:Gem::Version version: '0' - !ruby/object:Gem::Dependency name: rack-test requirement: !ruby/object:Gem::Requirement requirements: - - ! '>=' - !ruby/object:Gem::Version version: '0' type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - ! '>=' - !ruby/object:Gem::Version version: '0' - !ruby/object:Gem::Dependency name: libnotify requirement: !ruby/object:Gem::Requirement requirements: - - ! '>=' - !ruby/object:Gem::Version version: '0' type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - ! '>=' - !ruby/object:Gem::Version version: '0' - !ruby/object:Gem::Dependency name: ruby-debug19 requirement: !ruby/object:Gem::Requirement requirements: - - ! '>=' - !ruby/object:Gem::Version version: '0' type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - ! '>=' - !ruby/object:Gem::Version version: '0' description: A LDAP strategy for OmniAuth. email: - ping@intridea.com executables: [] extensions: [] extra_rdoc_files: [] files: - .gitignore - .rspec - Gemfile - Guardfile - README.md - Rakefile - lib/omniauth-ldap.rb - lib/omniauth-ldap/adaptor.rb - lib/omniauth-ldap/version.rb - lib/omniauth/strategies/ldap.rb - omniauth-ldap.gemspec - spec/omniauth-ldap/adaptor_spec.rb - spec/omniauth/strategies/ldap_spec.rb - spec/spec_helper.rb homepage: https://github.com/intridea/omniauth-ldap licenses: - MIT metadata: {} post_install_message: rdoc_options: [] require_paths: - lib required_ruby_version: !ruby/object:Gem::Requirement requirements: - - ! '>=' - !ruby/object:Gem::Version version: '0' required_rubygems_version: !ruby/object:Gem::Requirement requirements: - - ! '>=' - !ruby/object:Gem::Version version: '0' requirements: [] rubyforge_project: rubygems_version: 2.1.10 signing_key: specification_version: 4 summary: A LDAP strategy for OmniAuth. test_files: - spec/omniauth-ldap/adaptor_spec.rb - spec/omniauth/strategies/ldap_spec.rb - spec/spec_helper.rb omniauth-ldap-1.0.4/.gitignore0000644000004100000410000000004012261234201016261 0ustar www-datawww-data.project coverage /Gemfile.lock omniauth-ldap-1.0.4/checksums.yaml.gz0000444000004100000410000000065212261234201017570 0ustar www-datawww-dataSR0 tSA`.+qUɎasH_*rH~>ϧO=uM?=o}<_3D%Nebpˡm4Xc'*}q!%`@3nvs.#y'Ktʆe BBEY{zIGQ;T6 #;or֒j'۫vz%ERݢFzv&Rk Eثc$rѠP(p[6= q&AuMBJrBXKJ|@H˜ʕ=_XrBZ3D r%[)tW2/ %@x C}͉ܔ/yJ .%WثX3)vSPk~C:rxomniauth-ldap-1.0.4/README.md0000644000004100000410000000637712261234201015573 0ustar www-datawww-data# OmniAuth LDAP == LDAP Use the LDAP strategy as a middleware in your application: use OmniAuth::Strategies::LDAP, :title => "My LDAP", :host => '10.101.10.1', :port => 389, :method => :plain, :base => 'dc=intridea, dc=com', :uid => 'sAMAccountName', :name_proc => Proc.new {|name| name.gsub(/@.*$/,'')} :bind_dn => 'default_bind_dn' :password => 'password' All of the listed options are required, with the exception of :title, :name_proc, :bind_dn, and :password. Allowed values of :method are: :plain, :ssl, :tls. :bind_dn and :password is the default credentials to perform user lookup. most LDAP servers require that you supply a complete DN as a binding-credential, along with an authenticator such as a password. But for many applications, you often don’t have a full DN to identify the user. You usually get a simple identifier like a username or an email address, along with a password. Since many LDAP servers don't allow anonymous access, search function will require a bound connection, :bind_dn and :password will be required for searching on the username or email to retrieve the DN attribute for the user. If the LDAP server allows anonymous access, you don't need to provide these two parameters. :uid is the LDAP attribute name for the user name in the login form. typically AD would be 'sAMAccountName' or 'UserPrincipalName', while OpenLDAP is 'uid'. :name_proc allows you to match the user name entered with the format of the :uid attributes. For example, value of 'sAMAccountName' in AD contains only the windows user name. If your user prefers using email to login, a name_proc as above will trim the email string down to just the windows login name. In summary, use :name_proc to fill the gap between the submitted username and LDAP uid attribute value. :try_sasl and :sasl_mechanisms are optional. :try_sasl [true | false], :sasl_mechanisms ['DIGEST-MD5' | 'GSS-SPNEGO'] Use them to initialize a SASL connection to server. If you are not familiar with these authentication methods, please just avoid them. Direct users to '/auth/ldap' to have them authenticated via your company's LDAP server. ## License Copyright (C) 2011 by Ping Yu and Intridea, Inc. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. omniauth-ldap-1.0.4/Guardfile0000644000004100000410000000036212261234201016125 0ustar www-datawww-dataguard 'rspec', :version => 2 do watch(%r{^spec/.+_spec\.rb$}) watch(%r{^lib/(.+)\.rb$}) { |m| "spec/#{m[1]}_spec.rb" } watch('spec/spec_helper.rb') { "spec" } end guard 'bundler' do watch('Gemfile') watch(/^.+\.gemspec/) end