diff --git a/README.md b/README.md index 7b3019f..61029bf 100644 --- a/README.md +++ b/README.md @@ -10,16 +10,19 @@ Use the LDAP strategy as a middleware in your application: :port => 389, :method => :plain, :base => 'dc=intridea, dc=com', - :uid => 'sAMAccountName', :name_proc => Proc.new {|name| name.gsub(/@.*$/,'')}, :bind_dn => 'default_bind_dn', + :password => 'password', + :uid => 'sAMAccountName', # Or, alternatively: #:filter => '(&(uid=%{username})(memberOf=cn=myapp-users,ou=groups,dc=example,dc=com))' - :name_proc => Proc.new {|name| name.gsub(/@.*$/,'')} - :bind_dn => 'default_bind_dn' - :password => 'password' + :mapping => { + 'name' => 'cn;lang-en', + 'email' => ['preferredEmail', 'mail'], + 'nickname' => ['uid', 'userid', 'sAMAccountName'] + } -All of the listed options are required, with the exception of :title, :name_proc, :bind_dn, and :password. +All of the listed options are required, with the exception of :title, :name_proc, :bind_dn, :password, and :mapping. Allowed values of :method are: :plain, :ssl, :tls. :bind_dn and :password is the default credentials to perform user lookup. @@ -45,12 +48,15 @@ Allowed values of :method are: :plain, :ssl, :tls. Use them to initialize a SASL connection to server. If you are not familiar with these authentication methods, please just avoid them. +:mapping allows you to customize mapping of LDAP attributes to the returned user info hash. The default mappings are + defined in [ldap.rb](lib/omniauth/strategies/ldap.rb#L7), it will be merged with yours. + Direct users to '/auth/ldap' to have them authenticated via your company's LDAP server. ## License -Copyright (C) 2011 by Ping Yu and Intridea, Inc. +Copyright (C) 2011-2014 by Ping Yu and Intridea, Inc. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/lib/omniauth/strategies/ldap.rb b/lib/omniauth/strategies/ldap.rb index 9a4d880..8e394b6 100644 --- a/lib/omniauth/strategies/ldap.rb +++ b/lib/omniauth/strategies/ldap.rb @@ -4,7 +4,7 @@ module OmniAuth module Strategies class LDAP include OmniAuth::Strategy - @@config = { + option :mapping, { 'name' => 'cn', 'first_name' => 'givenName', 'last_name' => 'sn', @@ -42,7 +42,7 @@ def callback_phase @ldap_user_info = @adaptor.bind_as(:filter => filter(@adaptor), :size => 1, :password => request['password']) return fail!(:invalid_credentials) if !@ldap_user_info - @user_info = self.class.map_user(@@config, @ldap_user_info) + @user_info = self.class.map_user(@options[:mapping], @ldap_user_info) super rescue Exception => e return fail!(:ldap_error, e) diff --git a/spec/omniauth/strategies/ldap_spec.rb b/spec/omniauth/strategies/ldap_spec.rb index f4dde69..bd0881c 100644 --- a/spec/omniauth/strategies/ldap_spec.rb +++ b/spec/omniauth/strategies/ldap_spec.rb @@ -189,6 +189,22 @@ class MyLdapProvider < OmniAuth::Strategies::LDAP; end auth_hash.info.image.should == 'http://www.intridea.com/ping.jpg' auth_hash.info.description.should == 'omniauth-ldap' end + + context 'and mapping is set' do + let(:app) do + Rack::Builder.new { + use OmniAuth::Test::PhonySession + use MyLdapProvider, :name => 'ldap', :host => '192.168.1.145', :base => 'dc=score, dc=local', :mapping => { 'phone' => 'mobile' } + run lambda { |env| [404, {'Content-Type' => 'text/plain'}, [env.key?('omniauth.auth').to_s]] } + }.to_app + end + + it 'should map user info according to customized mapping' do + post('/auth/ldap/callback', {:username => 'ping', :password => 'password'}) + auth_hash.info.phone.should == '444-444-4444' + auth_hash.info.mobile.should == '444-444-4444' + end + end end end end