# Usage:# user = ActiveDirectoryUser.authenticate('boopathi','password')#

1. # Usage:
2. # user = ActiveDirectoryUser.authenticate('boopathi','password')
3. # user.first_name # => "Boopathi"
4. # user.flanderized_first_name # => "Boopathi Rajaa"
5. # user.groups # => ["Mac Users", "Geeks", "Ruby Coders", ... ]
6.  
7. require 'net/ldap' # gem install ruby-net-ldap
8.  
9. class ActiveDirectoryUser
10. ### BEGIN CONFIGURATION ###
11. SERVER = 'ad01.company.com' # Active Directory server name or IP
12. PORT = 389 # Active Directory server port (default 389)
13. BASE = 'DC=company,DC=com' # Base to search from
14. DOMAIN = 'company.com' # For simplified user@domain format login
15.  
16. # ATTR_SV is for single valued attributes only. Generated readers will
17. # convert the value to a string before returning or calling your Proc.
18. ATTR_SV = {
19. :login => :samaccountname,
20. :first_name => :givenname,
21. :last_name => :sn,
22. :email => :mail
23. }
24.  
25.  
26. # ATTR_MV is for multi-valued attributes. Generated readers will always
27. # return an array.
28. ATTR_MV = {
29. :groups => [ :memberof,
30. # Get the simplified name of first-level groups.
31. # TODO: Handle escaped special characters
32. Proc.new {|g| g.sub(/.*?CN=(.*?),.*/, '\1')} ]
33. }
34.  
35. # Exposing the raw Net::LDAP::Entry is probably overkill, but could be set
36. # up by uncommenting the line below if you disagree.
37. # attr_reader :entry
38.  
39. ### END CONFIGURATION ###
40.  
41. # Automatically fail login if login or password are empty. Otherwise, try
42. # to initialize a Net::LDAP object and call its bind method. If successful,
43. # we find the LDAP entry for the user and initialize with it. Returns nil
44. # on failure.
45. def self.authenticate(login, pass)
46. return nil if login.empty? or pass.empty?
47.  
48. conn = Net::LDAP.new :host => SERVER,
49. :port => PORT,
50. :base => BASE,
51. :auth => { :username => "#{login}@#{DOMAIN}",
52. :password => pass,
53. :method => :simple }
54. if conn.bind and user = conn.search(:filter => "sAMAccountName=#{login}").first
55. return self.new(user)
56. else
57. return nil
58. end
59. # If we don't rescue this, Net::LDAP is decidedly ungraceful about failing
60. # to connect to the server. We'd prefer to say authentication failed.
61. rescue Net::LDAP::LdapError => e
62. return nil
63. end
64.  
65. def full_name
66. self.first_name + ' ' + self.last_name
67. end
68.  
69. def member_of?(group)
70. self.groups.include?(group)
71. end
72.  
73. private
74.  
75. def initialize(entry)
76. @entry = entry
77. self.class.class_eval do
78. generate_single_value_readers
79. generate_multi_value_readers
80. end
81. end
82.  
83. def self.generate_single_value_readers
84. ATTR_SV.each_pair do |k, v|
85. val, block = Array(v)
86. define_method(k) do
87. if @entry.attribute_names.include?(val)
88. if block.is_a?(Proc)
89. return block[@entry.send(val).to_s]
90. else
91. return @entry.send(val).to_s
92. end
93. else
94. return ''
95. end
96. end
97. end
98. end
99.  
100. def self.generate_multi_value_readers
101. ATTR_MV.each_pair do |k, v|
102. val, block = Array(v)
103. define_method(k) do
104. if @entry.attribute_names.include?(val)
105. if block.is_a?(Proc)
106. return @entry.send(val).collect(&block)
107. else
108. return @entry.send(val)
109. end
110. else
111. return []
112. end
113. end
114. end
115. end
116. end