diff -urN ./app/models/auth_source_ldap.rb ./app/models/auth_source_ldap.rb
--- ./app/models/auth_source_ldap.rb 2010-01-09 14:56:02.000000000 +0300
+++ ./app/models/auth_source_ldap.rb 2010-01-26 12:26:18.000000000 +0300
@@ -21,7 +21,7 @@
class AuthSourceLdap < AuthSource
validates_presence_of :host, :port, :attr_login
validates_length_of :name, :host, :account_password, :maximum => 60, :allow_nil => true
- validates_length_of :account, :base_dn, :maximum => 255, :allow_nil => true
+ validates_length_of :account, :base_dn, :group_base_dn, :maximum => 255, :allow_nil => true
validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :maximum => 30, :allow_nil => true
validates_numericality_of :port, :only_integer => true
@@ -56,6 +56,44 @@
return nil unless ldap_con.bind
# return user's attributes
logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
+
+ if self.group_base_dn != ""
+ # Search for ldap groups that the user is in
+ ldap_con.search( :base => self.group_base_dn,
+ :filter => Net::LDAP::Filter.eq("uniqueMember", dn),
+ :attributes => [ "cn" ]) do |entry|
+ # look to see if the group exists
+ # then add it if it doesn't
+
+ @matchinggroups = Group.find(:all, :conditions => "lastname = '#{entry.cn}'")
+
+ if @matchinggroups.length == 0
+ @group = Group.new(:lastname => "#{entry.cn}")
+
+ unless @group.save
+ logger.debug "group '#{entry.cn}' save didn't work" if logger && logger.debug?
+ end
+ end
+
+ # look to see if the user is a member of the group
+ # and add them if they are not
+
+ @currentgroup = Group.find(:first, :conditions => "lastname = '#{entry.cn}'")
+ @userdetails = User.find(:first, :conditions => "login = '#{login}'")
+
+ if !@currentgroup.user_ids.include?(@userdetails.id)
+ # add the user to the group
+
+ @currentgroup.user_ids = @currentgroup.user_ids + [@userdetails.id]
+
+ unless @currentgroup.save
+ logger.debug "user NOT added to group" if logger && logger.debug?
+ end
+ end
+
+ end
+ end
+
attrs
rescue Net::LDAP::LdapError => text
raise "LdapError: " + text
diff -urN ./app/views/auth_sources/_form.rhtml ./app/views/auth_sources/_form.rhtml
--- ./app/views/auth_sources/_form.rhtml 2010-01-09 14:56:02.000000000 +0300
+++ ./app/views/auth_sources/_form.rhtml 2010-01-26 11:32:27.000000000 +0300
@@ -23,6 +23,9 @@
<%= text_field 'auth_source', 'base_dn', :size => 60 %>
+
+<%= text_field 'auth_source', 'group_base_dn', :size => 60 %>
+
<%= check_box 'auth_source', 'onthefly_register' %>
diff -urN ./config/locales/en.yml ./config/locales/en.yml
--- ./config/locales/en.yml 2010-01-09 14:56:04.000000000 +0300
+++ ./config/locales/en.yml 2010-01-26 12:28:29.000000000 +0300
@@ -245,6 +245,7 @@
field_attr_firstname: Firstname attribute
field_attr_lastname: Lastname attribute
field_attr_mail: Email attribute
+ field_group_base_dn: Base DN for groups
field_onthefly: On-the-fly user creation
field_start_date: Start
field_done_ratio: % Done
diff -urN ./db/migrate/20100125132612_add_group_base_dn_to_auth_sources.rb ./db/migrate/20100125132612_add_group_base_dn_to_auth_sources.rb
--- ./db/migrate/20100125132612_add_group_base_dn_to_auth_sources.rb 1970-01-01 03:00:00.000000000 +0300
+++ ./db/migrate/20100125132612_add_group_base_dn_to_auth_sources.rb 2010-01-25 16:29:43.000000000 +0300
@@ -0,0 +1,9 @@
+class AddGroupBaseDnToAuthSources < ActiveRecord::Migration
+ def self.up
+ add_column :auth_sources, :group_base_dn, :string, :limit => 255
+ end
+
+ def self.down
+ remove_column :auth_sources, :group_base_dn
+ end
+end