Module: Adauth

Defined in:
lib/adauth.rb,
lib/adauth/rails.rb,
lib/adauth/config.rb,
lib/adauth/version.rb,
lib/adauth/ad_object.rb,
lib/adauth/connection.rb,
lib/adauth/authenticate.rb,
lib/adauth/ad_objects/ou.rb,
lib/adauth/rails/helpers.rb,
lib/adauth/search_results.rb,
lib/adauth/ad_objects/user.rb,
lib/adauth/ad_objects/group.rb,
lib/adauth/ad_objects/folder.rb,
lib/adauth/rails/model_bridge.rb,
lib/adauth/ad_objects/computer.rb,
lib/generators/adauth/config/config_generator.rb,
lib/generators/adauth/sessions/sessions_generator.rb

Overview

Adauth Container Module

Defined Under Namespace

Modules: AdObjects, Generators, Rails Classes: AdObject, Config, Connection, SearchResults

Constant Summary collapse

Version =

Adauths Version Number

'2.0.6'

Class Method Summary collapse

Class Method Details

.add_field(object, adauth_method, ldap_method) ⇒ Object

Add a field to the specified model


9
10
11
12
# File 'lib/adauth/ad_object.rb', line 9

def self.add_field(object, adauth_method, ldap_method)
    Adauth.logger.info(object.inspect) { "Adding field \"#{ldap_method}\"" }
    object::Fields[adauth_method] = ldap_method
end

.allowed_to_login(user) ⇒ Object

Check if the user is allowed to login


50
51
52
53
54
55
56
# File 'lib/adauth/authenticate.rb', line 50

def self.(user)
  if (@config.allowed_groups.empty? && @config.allowed_ous.empty?) && (@config.denied_groups.empty? && @config.denied_ous.empty?)
    return true
  else
    return (allowed_from_arrays(@config.allowed_groups, @config.denied_groups, user.cn_groups_nested) && allowed_from_arrays(@config.allowed_ous, @config.denied_ous, user.dn_ous))
  end
end

.authenticate(username, password) ⇒ Object

Authenticates the specifed user agains the domain

Checks the groups & ous are in the allow/deny lists


5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# File 'lib/adauth/authenticate.rb', line 5

def self.authenticate(username, password)
    begin
        Adauth.logger.info("authentication") { "Attempting to authenticate as #{username}" }
        if Adauth::AdObjects::User.authenticate(username, password)
            user = Adauth::AdObjects::User.where('sAMAccountName', username).first
            if (user)
                Adauth.logger.info("authentication") { "Authentication succesful" }
                return user
            else
                Adauth.logger.info("authentication") { "Authentication failed (not in allowed group or ou)" }
                return false
            end
        end
    rescue RuntimeError
        Adauth.logger.info("authentication") { "Authentication failed (RuntimeError)" }
        return false
    end
end

.configure {|@config| ... } ⇒ Object

Yields a new config object and then sets it as the Adauth Config

Yields:

  • (@config)

30
31
32
33
34
35
36
# File 'lib/adauth.rb', line 30

def self.configure
    @logger ||= Logger.new('log/adauth.log', 'weekly')
    @logger.info('load') { "Loading new config" }
    @connection = nil
    @config = Config.new
    yield(@config)
end

.connectObject

Connects to ActiveDirectory using the query user details


47
48
49
50
# File 'lib/adauth.rb', line 47

def self.connect
    @logger.info('connection') { "Connecting to AD as \"#{@config.query_user}\"" }
    @connection = Adauth::Connection.new(connection_hash(@config.query_user, @config.query_password)).bind
end

.connectionObject

Returns Adauths current connection to ActiveDirectory


39
40
41
42
43
44
# File 'lib/adauth.rb', line 39

def self.connection
    @logger.fatal('connection') { "Attempted to create connection without configuring" } if @config == nil
    raise 'Adauth needs configuring before use' if @config == nil # Still raise an error here even after logging it so that adauth stops dead and doesn't error on the next line
    connect unless @connection
    @connection
end

.connection_hash(user, password) ⇒ Object

Generates a hash for the connection class, takes a username and password


53
54
55
56
57
58
59
60
61
62
63
64
65
# File 'lib/adauth.rb', line 53

def self.connection_hash(user, password)
    { 
        :domain => @config.domain, 
        :server => @config.server, 
        :port => @config.port, 
        :base => @config.base, 
        :encryption => @config.encryption,
        :allow_fallback => @config.allow_fallback,
        :username => user, 
        :password => password,
        :anonymous_bind => @config.anonymous_bind 
    }
end

.loggerObject

Returns the logger object


68
69
70
# File 'lib/adauth.rb', line 68

def self.logger
  @logger
end

.logger=(inputs) ⇒ Object

Lets you set a new logger


73
74
75
# File 'lib/adauth.rb', line 73

def self.logger=(inputs)
  @logger = inputs
end

.simple_authenticate(username, password) ⇒ Object

Authenticates the user against the domain without using the query user

Checks the groups & ous are in the allow/deny lists


27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# File 'lib/adauth/authenticate.rb', line 27

def self.simple_authenticate(username, password)
  begin
    Adauth.logger.info("authentication") { "Attempting to simple authenticate as #{username}" }
    user_connection = Adauth::AdObjects::User.authenticate(username, password)
    if user_connection
      search_filter = Net::LDAP::Filter.eq('SAMAccountName', username) & Net::LDAP::Filter.eq('objectClass', 'user')
      results = user_connection.search(filter: search_filter)
      user = Adauth::AdObjects::User.new(results[0])
      if (user)
        Adauth.logger.info("authentication") { "Authentication succesful" }
        return user
      else
        Adauth.logger.info("authentication") { "Authentication failed (not in allowed group or ou)" }
        return false
      end
    end
  rescue RuntimeError
    Adauth.logger.info("authentication") { "Authentication failed (RuntimeError)" }
    return false
  end
end