Sha256: fac41d1bf4cf90f4f610d56143375bd5245c00d28488459978bf63fa5878d5dd
Contents?: true
Size: 1.45 KB
Versions: 3
Compression:
Stored size: 1.45 KB
Contents
module Adauth
# Authenticates the specifed user agains the domain
#
# Checks the groups & ous are in the allow/deny lists
def self.authenticate(username, password)
begin
Adauth.logger.info("authentication") { "Attempting to authenticate as #{username}" }
if Adauth::AdObjects::User.authenticate(username, password)
user = Adauth::AdObjects::User.where('sAMAccountName', username).first
if allowed_to_login(user)
Adauth.logger.info("authentication") { "Authentication succesful" }
return user
else
Adauth.logger.info("authentication") { "Authentication failed (not in allowed group or ou)" }
return false
end
end
rescue RuntimeError
Adauth.logger.info("authentication") { "Authentication failed (RuntimeError)" }
return false
end
end
# Check if the user is allowed to login
def self.allowed_to_login(user)
(allowed_from_arrays(@config.allowed_groups, @config.denied_groups, user.cn_groups_nested) && allowed_from_arrays(@config.allowed_ous, @config.denied_ous, user.dn_ous))
end
private
def self.allowed_from_arrays(allowed, denied, test)
return true if allowed.empty? && denied.empty?
return true if !((allowed & test).empty?)
return false if !((denied & test).empty?)
end
end
Version data entries
3 entries across 3 versions & 1 rubygems
| Version | Path |
|---|---|
| adauth-2.0.3 | lib/adauth/authenticate.rb |
| adauth-2.0.2 | lib/adauth/authenticate.rb |
| adauth-2.0.1 | lib/adauth/authenticate.rb |