Sha256: a3665e9bbf939aec7657f1ff25453d55e4838b76d5c8f1e0647dec201b790bda
Contents?: true
Size: 1.62 KB
Versions: 1
Compression:
Stored size: 1.62 KB
Contents
module Adauth
# Authenticates the specifed user agains the domain
#
# Checks the groups & ous are in the allow/deny lists
def self.authenticate(username, password)
begin
Adauth.logger.info("authentication") { "Attempting to authenticate as #{username}" }
if Adauth::AdObjects::User.authenticate(username, password)
user = Adauth::AdObjects::User.where('sAMAccountName', username).first
if allowed_to_login(user)
Adauth.logger.info("authentication") { "Authentication succesful" }
return user
else
Adauth.logger.info("authentication") { "Authentication failed (not in allowed group or ou)" }
return false
end
end
rescue RuntimeError
Adauth.logger.info("authentication") { "Authentication failed (RuntimeError)" }
return false
end
end
# Check if the user is allowed to login
def self.allowed_to_login(user)
if (@config.allowed_groups.empty? && @config.allowed_ous.empty?) && (@config.denied_groups.empty? && @config.denied_ous.empty?)
return true
else
return (allowed_from_arrays(@config.allowed_groups, @config.denied_groups, user.cn_groups_nested) && allowed_from_arrays(@config.allowed_ous, @config.denied_ous, user.dn_ous))
end
end
private
def self.allowed_from_arrays(allowed, denied, test)
return true if allowed.empty? && denied.empty?
return true if !((allowed & test).empty?)
return false if !((denied & test).empty?)
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| adauth-2.0.5 | lib/adauth/authenticate.rb |