diff options
| author | Eugen Rochko <eugen@zeonfederated.com> | 2018-02-28 19:04:53 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-02-28 19:04:53 +0100 |
| commit | 47bdb9b33b021c92bdfc6698914776eda13f6f77 (patch) | |
| tree | 3827da1ebcf051b42f3b78df000955a93cd3498e /config/initializers/devise.rb | |
| parent | e85287284611f7de431d9c51353125c265ebfe3f (diff) | |
Fix #942: Seamless LDAP login (#6556)
Diffstat (limited to 'config/initializers/devise.rb')
| -rw-r--r-- | config/initializers/devise.rb | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index ba7ad9e6c..0dc202976 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -36,6 +36,26 @@ module Devise mattr_accessor :pam_controlled_service @@pam_controlled_service = nil + mattr_accessor :check_at_sign + @@check_at_sign = false + + mattr_accessor :ldap_authentication + @@ldap_authentication = false + mattr_accessor :ldap_host + @@ldap_host = nil + mattr_accessor :ldap_port + @@ldap_port = nil + mattr_accessor :ldap_method + @@ldap_method = nil + mattr_accessor :ldap_base + @@ldap_base = nil + mattr_accessor :ldap_uid + @@ldap_uid = nil + mattr_accessor :ldap_bind_dn + @@ldap_bind_dn = nil + mattr_accessor :ldap_password + @@ldap_password = nil + class Strategies::PamAuthenticatable def valid? super && ::Devise.pam_authentication @@ -45,6 +65,8 @@ end Devise.setup do |config| config.warden do |manager| + manager.default_strategies(scope: :user).unshift :ldap_authenticatable if Devise.ldap_authentication + manager.default_strategies(scope: :user).unshift :pam_authenticatable if Devise.pam_authentication manager.default_strategies(scope: :user).unshift :two_factor_authenticatable manager.default_strategies(scope: :user).unshift :two_factor_backupable end @@ -324,4 +346,16 @@ Devise.setup do |config| config.pam_default_service = ENV.fetch('PAM_DEFAULT_SERVICE') { 'rpam' } config.pam_controlled_service = ENV.fetch('PAM_CONTROLLED_SERVICE') { 'rpam' } end + + if ENV['LDAP_ENABLED'] == 'true' + config.ldap_authentication = true + config.check_at_sign = true + config.ldap_host = ENV.fetch('LDAP_HOST', 'localhost') + config.ldap_port = ENV.fetch('LDAP_PORT', 389).to_i + config.ldap_method = ENV.fetch('LDAP_METHOD', :simple_tls).to_sym + config.ldap_base = ENV.fetch('LDAP_BASE') + config.ldap_bind_dn = ENV.fetch('LDAP_BIND_DN') + config.ldap_password = ENV.fetch('LDAP_PASSWORD') + config.ldap_uid = ENV.fetch('LDAP_UID', 'cn') + end end |