lib/auth/backend/ldap.rb
# Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
class Auth
class Backend
class Ldap < Auth::Backend::Base
private
def source
LdapSource.by_user(user)
end
def login_valid?(ldap_user)
# get from config or fallback to login
# for a list of user attributes which should
# be used for logging in
login_attributes = config[:login_attributes] || %w[login]
login_attributes.any? do |attribute|
ldap_user.valid?(user[attribute], password)
end
end
# Validation against the configured ldap integration.
#
# @returns [Boolean] true if the validation works, otherwise false.
def authenticated?
return if !source
ldap_user = ::Ldap::User.new(source.preferences)
authed = login_valid?(ldap_user)
log_auth_result(authed)
authed
rescue => e
message = "Can't connect to ldap backend #{e}"
Rails.logger.info message
Rails.logger.info e
log(
status: 'failed',
response: message,
)
false
end
# Checks the default behaviour and as a addition if the ldap integration is currently active.
#
# @returns [Boolean] true if the ldap integration is active and the default behaviour matches.
def perform?
user.source =~ %r{^Ldap::(\d+)$} && Setting.get('ldap_integration')
end
# Logs the auth result
#
# @param authed [Boolean] true if the user is authed, otherwise false.
def log_auth_result(authed)
result = authed ? 'success' : 'failed'
log(
status: result,
)
end
# Created the http log for the current authentication.
#
# @param status [String] the status of the ldap authentication.
# @param response [String] the response message.
def log(status:, response: nil)
HttpLog.create(
direction: 'out',
facility: 'ldap',
url: "bind -> #{user.login}",
status: status,
ip: nil,
request: { content: user.login },
response: { content: response || status },
method: 'tcp',
created_by_id: 1,
updated_by_id: 1,
)
end
end
end
end