owen2345
6/24/2014 - 4:55 PM

Ruby 2.0 code snippet

Ruby 2.0 code snippet

require 'net-ldap'
class CustomActiveDirectory
  def initialize(host, port, base, username, pass)
    @ldap = connect(host, port, base, username, pass)
  end

  def connected?
    begin
      return @ldap.bind
    rescue
      return false
    end
  end

  def get_users_from_group(group_dn)
    filter = Net::LDAP::Filter.eq("memberof", "#{group_dn}")
    @ldap.search(:filter => filter)
  end

  # incomplete, instead this please use find_user(objectClass, "group")
  def list_groups
    group_filter = Net::LDAP::Filter.eq("objectClass", "group")
    proxy_address_filter = Net::LDAP::Filter.eq("proxyAddresses", "*")
    composite_filter = Net::LDAP::Filter.join(group_filter, proxy_address_filter)
    @ldap.search(:filter => composite_filter)
  end

  # incomplete, instead this please use find_user(objectClass, "user|person")
  def list_users(type = "person")
    group_filter = Net::LDAP::Filter.eq("objectClass", type)
    proxy_address_filter = Net::LDAP::Filter.eq("proxyAddresses", "*")
    composite_filter = Net::LDAP::Filter.join(group_filter, proxy_address_filter)
    @ldap.search(:filter => composite_filter)

  end

  #query => "(&(cn=Adriana Camacho*)(givenName=Adriana))"
  #query => "(&(|(sn=Jones)(sn=Edwards))(!(givenName=David)))"
  # info: http://search.cpan.org/~oliver/Net-LDAP-FilterBuilder-1.0004/lib/Net/LDAP/FilterBuilder.pm
  def find_user(query, attributes = nil, base = nil)
    data = {:filter => query.encode('utf-8')}
    data[:attributes] = attributes if attributes.present?
    data[:base] = base if base.present?
    @ldap.search(data)
  end

  def authentificate(user, pass)
    @ldap.auth user, pass
    @ldap.bind
  end

  def connect(host, port, base, username, pass)

    ldap = Net::LDAP.new :host => host,
                         :port => port,
                         :base => base,
                         :auth => { :username => username,
                                    :password => pass,
                                    :method => :simple }
    ldap
  end
end



######### sample ######
ad = CustomActiveDirectory.new(main_configuration("host_active_directory"), main_configuration("port_active_directory"),
                                     main_configuration("base_active_directory"), main_configuration("user_active_directory"),
                                     main_configuration("pass_active_directory"))

if ad.connected? && ad.authentificate("#{params[:session][:username]}@megaxine.net", params[:session][:password])
  ad_user = ad.find_user("(samaccountname=#{params[:session][:username]})").first
  if ad_user.present?
    unless active_directory_add_user(ad, ad_user)
      redirect_to action: "signin", error: "Datos incompletos de AD para ingresar al sistema. Por favor reporte este error a su aministrador."
      return
    end
    user = active_directory_get_user(params[:session][:username])
    if user.present?
      flash[:notice] = "Sesión iniciada usando su cuenta de Active directory"
      do_login_user(user)
    else
      flash[:notice] = "Usuario logeado en Active directory pero error de acceso al sistema"
      redirect_to action: "signin", :redirect_to => session[:return_to]
    end
    return
  end
end