Class: Net::LDAP::AuthAdapers::GSS_SPNEGO

Inherits:
Net::LDAP::AuthAdapter show all
Defined in:
lib/net/ldap/auth_adapter/gss_spnego.rb

Overview

– PROVISIONAL, only for testing SASL implementations. DON’T USE THIS YET. Uses Kohei Kajimoto’s Ruby/NTLM. We have to find a clean way to integrate it without introducing an external dependency.

This authentication method is accessed by calling #bind with a :method parameter of :gss_spnego. It requires :username and :password attributes, just like the :simple authentication method. It performs a GSS-SPNEGO authentication with the server, which is presumed to be a Microsoft Active Directory. ++

Instance Method Summary collapse

Methods inherited from Net::LDAP::AuthAdapter

[], #initialize, register

Constructor Details

This class inherits a constructor from Net::LDAP::AuthAdapter

Instance Method Details

#bind(auth) ⇒ Object



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# File 'lib/net/ldap/auth_adapter/gss_spnego.rb', line 19

def bind(auth)
  require 'ntlm'

  user, psw = [auth[:username] || auth[:dn], auth[:password]]
  raise Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless user && psw

  nego = proc do |challenge|
    t2_msg = NTLM::Message.parse(challenge)
    t3_msg = t2_msg.response({ :user => user, :password => psw },
                             { :ntlmv2 => true })
    t3_msg.serialize
  end

  Net::LDAP::AuthAdapter::Sasl.new(@connection).bind \
    :method             => :sasl,
    :mechanism          => "GSS-SPNEGO",
    :initial_credential => NTLM::Message::Type1.new.serialize,
    :challenge_response => nego
end