Merge pull request #5120 from opf/feature/ldap-admin-mapping

UCS Ldap changes
pull/5129/head
Markus Kahl 8 years ago committed by GitHub
commit deae8e64ca
  1. 5
      app/models/ldap_auth_source.rb
  2. 1
      app/views/ldap_auth_sources/_form.html.erb
  3. 34
      db/migrate/20161219134700_add_attr_admin_to_ldap.rb
  4. 56
      lib/tasks/ldap.rake

@ -33,7 +33,7 @@ class LdapAuthSource < AuthSource
validates_presence_of :host, :port, :attr_login
validates_length_of :name, :host, maximum: 60, allow_nil: true
validates_length_of :account, :account_password, :base_dn, maximum: 255, allow_nil: true
validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, maximum: 30, allow_nil: true
validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :attr_admin, maximum: 30, allow_nil: true
validates_numericality_of :port, only_integer: true
before_validation :strip_ldap_attributes
@ -67,7 +67,7 @@ class LdapAuthSource < AuthSource
private
def strip_ldap_attributes
[:attr_login, :attr_firstname, :attr_lastname, :attr_mail].each do |attr|
[:attr_login, :attr_firstname, :attr_lastname, :attr_mail, :attr_admin].each do |attr|
write_attribute(attr, read_attribute(attr).strip) unless read_attribute(attr).nil?
end
end
@ -88,6 +88,7 @@ class LdapAuthSource < AuthSource
firstname: LdapAuthSource.get_attr(entry, attr_firstname),
lastname: LdapAuthSource.get_attr(entry, attr_lastname),
mail: LdapAuthSource.get_attr(entry, attr_mail),
admin: !!LdapAuthSource.get_attr(entry, attr_admin),
auth_source_id: id
}
end

@ -53,4 +53,5 @@ See doc/COPYRIGHT.rdoc for more details.
<div class="form--field"><%= f.text_field 'attr_firstname', label: AuthSource.human_attribute_name(:firstname), size: 20 %></div>
<div class="form--field"><%= f.text_field 'attr_lastname', label: AuthSource.human_attribute_name(:lastname), size: 20 %></div>
<div class="form--field"><%= f.text_field 'attr_mail', label: AuthSource.human_attribute_name(:mail), size: 20 %></div>
<div class="form--field"><%= f.text_field 'attr_admin', label: AuthSource.human_attribute_name(:admin), size: 20 %></div>
</fieldset>

@ -0,0 +1,34 @@
#-- encoding: UTF-8
#-- copyright
# OpenProject is a project management system.
# Copyright (C) 2012-2015 the OpenProject Foundation (OPF)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
# Copyright (C) 2006-2013 Jean-Philippe Lang
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
# See doc/COPYRIGHT.rdoc for more details.
#++
class AddAttrAdminToLdap < ActiveRecord::Migration[5.0]
def change
add_column :auth_sources, :attr_admin, :string
end
end

@ -29,10 +29,7 @@
namespace :ldap do
desc 'Register a LDAP auth source for the given LDAP URL and attribute mapping: ' \
'rake ldap:register["url=<URL>, name=<Name>, onthefly=<true,false>, map_{login,firstname,lastname,mail}=attribute"]'
task register: :environment do
def parse_args
# Rake croaks when using commas in default args without properly escaping
args = {}
ARGV.drop(1).each do |arg|
@ -40,11 +37,59 @@ namespace :ldap do
args[key.to_sym] = val
end
args
end
desc 'Synchronize users from the LDAP auth source with an optional filter' \
'rake ldap:sync["name=<LdapAuthSource Name>", filter=<Optional RFC2254 filter string>]'
task sync: :environment do
args = parse_args
ldap = LdapAuthSource.find_by!(name: args.fetch(:name))
# Only get the required args for syncing
attributes = ['dn', ldap.attr_firstname, ldap.attr_lastname, ldap.attr_mail, ldap.attr_login]
# Map user attributes to their ldap counterpart
ar_map = Hash[ %w(firstname lastname mail login).zip(attributes.drop(1)) ]
# Parse filter string if available
filter = Net::LDAP::Filter.from_rfc2254 args.fetch(:filter, 'objectClass = *')
# Open LDAP connection
ldap_con = ldap.send(:initialize_ldap_con, ldap.account, ldap.account_password)
User.transaction do
results = ldap_con.search(base: ldap.base_dn, filter: filter) do |entry|
user = User.find_or_initialize_by(login: entry[ldap.attr_login])
user.attributes = {
firstname: entry[ldap.attr_firstname],
lastname: entry[ldap.attr_lastname],
mail: entry[ldap.attr_mail],
admin: entry[ldap.attr_admin],
auth_source: ldap
}
if user.changed?
Rails.logger.info "Updated user #{user.login} due to ldap synchronization"
user.save
end
end
end
end
desc 'Register a LDAP auth source for the given LDAP URL and attribute mapping: ' \
'rake ldap:register["url=<URL> name=<Name> onthefly=<true,false>map_{login,firstname,lastname,mail,admin}=attribute"]'
task register: :environment do
args = parse_args
url = URI.parse(args[:url])
unless %w(ldap ldaps).include?(url.scheme)
raise "Expected #{args[:url]} to be a valid ldap(s) URI."
end
source = LdapAuthSource.new name: args[:name],
host: url.host,
port: url.port,
@ -56,7 +101,8 @@ namespace :ldap do
attr_login: args[:map_login],
attr_firstname: args[:map_firstname],
attr_lastname: args[:map_lastname],
attr_mail: args[:map_mail]
attr_mail: args[:map_mail],
attr_admin: args[:map_admin]
if source.save
puts "Saved new LDAP auth source #{args[:name]}."

Loading…
Cancel
Save