Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- require 'net-ldap'
- HOST = "XXXXXX"
- PORT = 389
- LDAP = Net::LDAP.new(:host => HOST, :port => PORT)
- # get account info somewhere safe
- LDAP.auth(CONFIG.admin_user, CONFIG.admin_password)
- if LDAP.bind
- log "ldap logged in"
- else
- log "ldap login failed"
- abort
- end
- # CONFIG.permitted_users is the name of the apps security group
- $members = get_members CONFIG.permitted_users
- def get_ldap_username cn
- treebase = "ou=xxxxxx,ou=xxxxxx,ou=xxxxxxx,ou=xxxxxx,dc=xxx,dc=xx"
- filter = Net::LDAP::Filter.eq("cn", cn)
- LDAP.search(:filter => filter, :base => treebase) do |item|
- return item.sAMAccountName.first
- end
- end
- def get_members name, members = []
- treebase = "ou=xxxxxxx,ou=xxxxxxx,ou=xxxxxxx,ou=xxxxxx,dc=xxx,dc=xx"
- filter = Net::LDAP::Filter.eq("cn", name)
- LDAP.search(:filter => filter, :base => treebase) do |item|
- item.each do |attribute, values|
- if attribute == :member
- values.each do |value|
- cn = value[/CN=([^,]+),/,1]
- # my groups all begin with a letter/number sequence
- # recurse this method if member is a group itself
- if cn[0..2].downcase == "xxx" # xxx something else of course
- get_members cn, members
- else
- members << get_ldap_username(cn)
- end
- end
- end
- end
- end
- members # an array of permitted usernames
- end
- before do
- # authentication code
- # see https://stackoverflow.com/questions/5506932/is-there-a-way-to-read-a-clients-windows-login-name-using-ruby-on-rails/48407500#48407500
- # authorisation
- unless $members.include? @username
- halt "No access"
- end
- end
Add Comment
Please, Sign In to add comment