diff --git a/app/models/auth_source_ldap.rb b/app/models/auth_source_ldap.rb index a619b2f..67e2a8c 100644 --- a/app/models/auth_source_ldap.rb +++ b/app/models/auth_source_ldap.rb @@ -37,25 +37,30 @@ class AuthSourceLdap < AuthSource # get user's DN ldap_con = initialize_ldap_con(self.account, self.account_password) login_filter = Net::LDAP::Filter.eq( self.attr_login, login ) - object_filter = Net::LDAP::Filter.eq( "objectClass", "*" ) dn = String.new ldap_con.search( :base => self.base_dn, - :filter => object_filter & login_filter, - # only ask for the DN if on-the-fly registration is disabled - :attributes=> (onthefly_register? ? ['dn', self.attr_firstname, self.attr_lastname, self.attr_mail] : ['dn'])) do |entry| + :filter => login_filter, + :attributes=> 'dn') do |entry| dn = entry.dn - attrs = [:firstname => AuthSourceLdap.get_attr(entry, self.attr_firstname), - :lastname => AuthSourceLdap.get_attr(entry, self.attr_lastname), - :mail => AuthSourceLdap.get_attr(entry, self.attr_mail), - :auth_source_id => self.id ] if onthefly_register? end return nil if dn.empty? logger.debug "DN found for #{login}: #{dn}" if logger && logger.debug? # authenticate user ldap_con = initialize_ldap_con(dn, password) return nil unless ldap_con.bind - # return user's attributes logger.debug "Authentication successful for '#{login}'" if logger && logger.debug? + # get attributes when on-the-fly registration is enabled + if onthefly_register? + ldap_con.search( :base => self.base_dn, + :scope => Net::LDAP::SearchScope_BaseObject, + :attributes=> [self.attr_firstname, self.attr_lastname, self.attr_mail]) do |entry| + attrs = [:firstname => AuthSourceLdap.get_attr(entry, self.attr_firstname), + :lastname => AuthSourceLdap.get_attr(entry, self.attr_lastname), + :mail => AuthSourceLdap.get_attr(entry, self.attr_mail), + :auth_source_id => self.id ] + end + end + # return user's attributes attrs rescue Net::LDAP::LdapError => text raise "LdapError: " + text