anolson · December 14, 2011 15:44
diff --git a/simple_ed_authenticator.rb b/simple_ed_authenticator.rb
 require 'rubygems'
 require 'net/ldap'

 class SimpleEdAuthenticator
  HOST, PORT, BASE_DN = 'authn.directory.vt.edu', 636, 'ou=People,dc=vt,dc=edu'
  
  def initialize(options = {})
    @authenticated = false
    @attributes = {}
    
    @host = options[:host] || HOST
    @port = options[:port] || PORT
    @base_dn = options[:base] || BASE_DN
  end

  def authenticate(username, password)
    return false unless(username && password)
    bind_as_person(username, password)
    @authenticated
  end
  
  def group_membership
    @attributes[:groupmembership]
  end
  
  private 
    def filter(username)
      @filter ||= Net::LDAP::Filter.eq("authid", username)
    end
    
    def bind_as_person(username, password)  
      Net::LDAP.open(ldap_options) do |ldap|
        authenticate_person(ldap, username, password)
        retrieve_attributes(ldap, username) if(@authenticated)
      end
    end
    
    def ldap_options
      {:host => @host, :port => @port, :base => @base_dn, :encryption => :simple_tls}
    end
    
    def find_person(ldap, username, &block)
      ldap.search(:scope => Net::LDAP::SearchScope_SingleLevel, :filter => filter(username), &block)
    end
    
    def authenticate_person(ldap, username, password)
      @authenticated = false
      results = find_person(ldap, username)    
      if(ldap.bind(ldap.auth(results.first.dn, password)))  
        @authenticated = true
      end
    end
    
    def retrieve_attributes(ldap, username)
      find_person(ldap, username) do |entry|
        entry.each do |k,v|
          @attributes[k] = v
        end
      end
    end
 end
	require 'rubygems'
	require 'net/ldap'

	class SimpleEdAuthenticator
	HOST, PORT, BASE_DN = 'authn.directory.vt.edu', 636, 'ou=People,dc=vt,dc=edu'

	def initialize(options = {})
	@authenticated = false
	@attributes = {}

	@host = options[:host] \|\| HOST
	@port = options[:port] \|\| PORT
	@base_dn = options[:base] \|\| BASE_DN
	end

	def authenticate(username, password)
	return false unless(username && password)
	bind_as_person(username, password)
	@authenticated
	end

	def group_membership
	@attributes[:groupmembership]
	end

	private
	def filter(username)
	@filter \|\|= Net::LDAP::Filter.eq("authid", username)
	end

	def bind_as_person(username, password)
	Net::LDAP.open(ldap_options) do \|ldap\|
	authenticate_person(ldap, username, password)
	retrieve_attributes(ldap, username) if(@authenticated)
	end
	end

	def ldap_options
	{:host => @host, :port => @port, :base => @base_dn, :encryption => :simple_tls}
	end

	def find_person(ldap, username, &block)
	ldap.search(:scope => Net::LDAP::SearchScope_SingleLevel, :filter => filter(username), &block)
	end

	def authenticate_person(ldap, username, password)
	@authenticated = false
	results = find_person(ldap, username)
	if(ldap.bind(ldap.auth(results.first.dn, password)))
	@authenticated = true
	end
	end

	def retrieve_attributes(ldap, username)
	find_person(ldap, username) do \|entry\|
	entry.each do \|k,v\|
	@attributes[k] = v
	end
	end
	end
	end