Commit f5ebf666 authored by jplang's avatar jplang

Adds an optional LDAP filter (#1060).

git-svn-id: https://svn.redmine.org/redmine/trunk@9044 e93f8b46-1217-0410-a6f0-8f06a7374b81
parent 51ed526b
......@@ -21,9 +21,10 @@ require 'net/ldap'
class AuthSourceLdap < AuthSource
validates_presence_of :host, :port, :attr_login
validates_length_of :name, :host, :maximum => 60, :allow_nil => true
validates_length_of :account, :account_password, :base_dn, :maximum => 255, :allow_nil => true
validates_length_of :account, :account_password, :base_dn, :filter, :maximum => 255, :allow_blank => true
validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :maximum => 30, :allow_nil => true
validates_numericality_of :port, :only_integer => true
validate :validate_filter
before_validation :strip_ldap_attributes
......@@ -58,6 +59,20 @@ class AuthSourceLdap < AuthSource
private
def ldap_filter
if filter.present?
Net::LDAP::Filter.construct(filter)
end
rescue Net::LDAP::LdapError
nil
end
def validate_filter
if filter.present? && ldap_filter.nil?
errors.add(:filter, :invalid)
end
end
def strip_ldap_attributes
[:attr_login, :attr_firstname, :attr_lastname, :attr_mail].each do |attr|
write_attribute(attr, read_attribute(attr).strip) unless read_attribute(attr).nil?
......@@ -107,8 +122,13 @@ class AuthSourceLdap < AuthSource
object_filter = Net::LDAP::Filter.eq( "objectClass", "*" )
attrs = {}
search_filter = object_filter & login_filter
if f = ldap_filter
search_filter = search_filter & f
end
ldap_con.search( :base => self.base_dn,
:filter => object_filter & login_filter,
:filter => search_filter,
:attributes=> search_attributes) do |entry|
if onthefly_register?
......
......@@ -23,6 +23,9 @@
<p><label for="auth_source_base_dn"><%=l(:field_base_dn)%> <span class="required">*</span></label>
<%= text_field 'auth_source', 'base_dn', :size => 60 %></p>
<p><label for="auth_source_custom_filter"><%=l(:field_ldap_filter)%></label>
<%= text_field 'auth_source', 'filter', :size => 60 %></p>
<p><label for="auth_source_onthefly_register"><%=l(:field_onthefly)%></label>
<%= check_box 'auth_source', 'onthefly_register' %></p>
</div>
......
......@@ -1023,3 +1023,4 @@ ar:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1021,3 +1021,4 @@ bg:
description_date_range_interval: Изберете диапазон чрез задаване на начална и крайна дати
description_date_from: Въведете начална дата
description_date_to: Въведете крайна дата
field_ldap_filter: LDAP filter
......@@ -1037,3 +1037,4 @@ bs:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1025,3 +1025,4 @@ ca:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1026,3 +1026,4 @@ cs:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1040,3 +1040,4 @@ da:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1043,3 +1043,4 @@ de:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1023,3 +1023,4 @@ el:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1025,3 +1025,4 @@ en-GB:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -321,6 +321,7 @@ en:
field_cvs_module: Module
field_repository_is_default: Main repository
field_multiple: Multiple values
field_ldap_filter: LDAP filter
setting_app_title: Application title
setting_app_subtitle: Application subtitle
......
......@@ -1060,3 +1060,4 @@ es:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1039,3 +1039,4 @@ et:
label_export_options: "%{export_format} ekspordi valikud"
label_completed_versions: "Lõpetatud versioonid"
error_attachment_too_big: "Seda faili ei saa üles laadida, kuna ületab maksimumsuurust (%{max_size})"
field_ldap_filter: LDAP filter
......@@ -1026,3 +1026,4 @@ eu:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1025,3 +1025,4 @@ fa:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1044,3 +1044,4 @@ fi:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -320,6 +320,7 @@ fr:
field_commit_logs_encoding: Encodage des messages de commit
field_repository_is_default: Dépôt principal
field_multiple: Valeurs multiples
field_ldap_filter: Filtre LDAP
setting_app_title: Titre de l'application
setting_app_subtitle: Sous-titre de l'application
......
......@@ -1034,3 +1034,4 @@ gl:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1028,3 +1028,4 @@ he:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1029,3 +1029,4 @@ hr:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1042,3 +1042,4 @@
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1029,3 +1029,4 @@ id:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1024,3 +1024,4 @@ it:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1053,3 +1053,4 @@ ja:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1073,3 +1073,4 @@ ko:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1083,3 +1083,4 @@ lt:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1017,3 +1017,4 @@ lv:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1023,3 +1023,4 @@ mk:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1023,3 +1023,4 @@ mn:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1005,3 +1005,4 @@ nl:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1013,3 +1013,4 @@
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1040,3 +1040,4 @@ pl:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1046,3 +1046,4 @@ pt-BR:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1028,3 +1028,4 @@ pt:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1020,3 +1020,4 @@ ro:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1138,3 +1138,4 @@ ru:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1023,3 +1023,4 @@ sk:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1023,3 +1023,4 @@ sl:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1023,3 +1023,4 @@ sr-YU:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1024,3 +1024,4 @@ sr:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1064,3 +1064,4 @@ sv:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1020,3 +1020,4 @@ th:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1042,3 +1042,4 @@ tr:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1020,3 +1020,4 @@ uk:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1074,3 +1074,4 @@ vi:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
......@@ -1103,3 +1103,4 @@
zero: 0 問題
one: 1 問題
other: "%{count} 問題清單"
field_ldap_filter: LDAP filter
......@@ -1025,3 +1025,4 @@ zh:
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
permission_manage_related_issues: Manage related issues
field_ldap_filter: LDAP filter
class AddAuthSourcesFilter < ActiveRecord::Migration
def self.up
add_column :auth_sources, :filter, :string
end
def self.down
remove_column :auth_sources, :filter
end
end
......@@ -18,6 +18,7 @@
require File.expand_path('../../test_helper', __FILE__)
class AuthSourceLdapTest < ActiveSupport::TestCase
include Redmine::I18n
fixtures :auth_sources
def setup
......@@ -44,6 +45,18 @@ class AuthSourceLdapTest < ActiveSupport::TestCase
assert_equal 389, a.port
end
def test_filter_should_be_validated
set_language_if_valid 'en'
a = AuthSourceLdap.new(:name => 'My LDAP', :host => 'ldap.example.net', :port => 389, :attr_login => 'sn')
a.filter = "(mail=*@redmine.org"
assert !a.valid?
assert_equal "is invalid", a.errors[:filter].to_s
a.filter = "(mail=*@redmine.org)"
assert a.valid?
end
if ldap_configured?
context '#authenticate' do
setup do
......@@ -83,6 +96,23 @@ class AuthSourceLdapTest < ActiveSupport::TestCase
end
end
context 'without filter' do
should 'return any user' do
assert @auth.authenticate('example1','123456')
assert @auth.authenticate('edavis', '123456')
end
end
context 'with filter' do
setup do
@auth.filter = "(mail=*@redmine.org)"
end
should 'return user who matches the filter only' do
assert @auth.authenticate('example1','123456')
assert_nil @auth.authenticate('edavis', '123456')
end
end
end
else
puts '(Test LDAP server not configured)'
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment