Skip to content

Support custom ldap attributes mapping #45

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 12 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,16 +10,19 @@ Use the LDAP strategy as a middleware in your application:
:port => 389,
:method => :plain,
:base => 'dc=intridea, dc=com',
:uid => 'sAMAccountName',
:name_proc => Proc.new {|name| name.gsub(/@.*$/,'')},
:bind_dn => 'default_bind_dn',
:password => 'password',
:uid => 'sAMAccountName',
# Or, alternatively:
#:filter => '(&(uid=%{username})(memberOf=cn=myapp-users,ou=groups,dc=example,dc=com))'
:name_proc => Proc.new {|name| name.gsub(/@.*$/,'')}
:bind_dn => 'default_bind_dn'
:password => 'password'
:mapping => {
'name' => 'cn;lang-en',
'email' => ['preferredEmail', 'mail'],
'nickname' => ['uid', 'userid', 'sAMAccountName']
}

All of the listed options are required, with the exception of :title, :name_proc, :bind_dn, and :password.
All of the listed options are required, with the exception of :title, :name_proc, :bind_dn, :password, and :mapping.
Allowed values of :method are: :plain, :ssl, :tls.

:bind_dn and :password is the default credentials to perform user lookup.
Expand All @@ -45,12 +48,15 @@ Allowed values of :method are: :plain, :ssl, :tls.
Use them to initialize a SASL connection to server. If you are not familiar with these authentication methods,
please just avoid them.

:mapping allows you to customize mapping of LDAP attributes to the returned user info hash. The default mappings are
defined in [ldap.rb](lib/omniauth/strategies/ldap.rb#L7), it will be merged with yours.

Direct users to '/auth/ldap' to have them authenticated via your company's LDAP server.


## License

Copyright (C) 2011 by Ping Yu and Intridea, Inc.
Copyright (C) 2011-2014 by Ping Yu and Intridea, Inc.

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
Expand Down
4 changes: 2 additions & 2 deletions lib/omniauth/strategies/ldap.rb
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ module OmniAuth
module Strategies
class LDAP
include OmniAuth::Strategy
@@config = {
option :mapping, {
'name' => 'cn',
'first_name' => 'givenName',
'last_name' => 'sn',
Expand Down Expand Up @@ -42,7 +42,7 @@ def callback_phase
@ldap_user_info = @adaptor.bind_as(:filter => filter(@adaptor), :size => 1, :password => request['password'])
return fail!(:invalid_credentials) if !@ldap_user_info

@user_info = self.class.map_user(@@config, @ldap_user_info)
@user_info = self.class.map_user(@options[:mapping], @ldap_user_info)
super
rescue Exception => e
return fail!(:ldap_error, e)
Expand Down
16 changes: 16 additions & 0 deletions spec/omniauth/strategies/ldap_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -189,6 +189,22 @@ class MyLdapProvider < OmniAuth::Strategies::LDAP; end
auth_hash.info.image.should == 'http://www.intridea.com/ping.jpg'
auth_hash.info.description.should == 'omniauth-ldap'
end

context 'and mapping is set' do
let(:app) do
Rack::Builder.new {
use OmniAuth::Test::PhonySession
use MyLdapProvider, :name => 'ldap', :host => '192.168.1.145', :base => 'dc=score, dc=local', :mapping => { 'phone' => 'mobile' }
run lambda { |env| [404, {'Content-Type' => 'text/plain'}, [env.key?('omniauth.auth').to_s]] }
}.to_app
end

it 'should map user info according to customized mapping' do
post('/auth/ldap/callback', {:username => 'ping', :password => 'password'})
auth_hash.info.phone.should == '444-444-4444'
auth_hash.info.mobile.should == '444-444-4444'
end
end
end
end
end