Commit 2bb2dee0 authored by Steve Prentice's avatar Steve Prentice

Use the omniauth-ldap info object instead of the raw ldap info in extra.

This helps with compatibility with more LDAP providers as the implementation
doesn't depend on the exact names of the LDAP fields. The LDAP strategy
helps maps the attributes to the fields in the info object and we use the
info object to get the email and name.

This makes the LDAP auth compatible with most OpenLDAP servers as well.
parent 9a24ccde
...@@ -2,8 +2,8 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController ...@@ -2,8 +2,8 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
def ldap def ldap
# We only find ourselves here if the authentication to LDAP was successful. # We only find ourselves here if the authentication to LDAP was successful.
omniauth = request.env["omniauth.auth"]["extra"]["raw_info"] info = request.env["omniauth.auth"]["info"]
@user = User.find_for_ldap_auth(omniauth) @user = User.find_for_ldap_auth(info)
if @user.persisted? if @user.persisted?
@user.remember_me = true @user.remember_me = true
end end
......
...@@ -67,15 +67,15 @@ class User < ActiveRecord::Base ...@@ -67,15 +67,15 @@ class User < ActiveRecord::Base
(0...8).map{ ('a'..'z').to_a[rand(26)] }.join (0...8).map{ ('a'..'z').to_a[rand(26)] }.join
end end
def self.find_for_ldap_auth(omniauth) def self.find_for_ldap_auth(omniauth_info)
username = omniauth.sAMAccountName[0] name = omniauth_info.name
email = omniauth.userprincipalname[0] email = omniauth_info.email
if @user = User.find_by_email(email) if @user = User.find_by_email(email)
@user @user
else else
password = generate_random_password password = generate_random_password
@user = User.create(:name => username, @user = User.create(:name => name,
:email => email, :email => email,
:password => password, :password => password,
:password_confirmation => password :password_confirmation => password
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment