Add Kerberos and NTLM authentication support

Fixes #41

config/sample-config.yaml

@@ -5,13 +5,25 @@
 # Connection parameters to LDAP server
 # see also: http://net-ldap.rubyforge.org/Net/LDAP.html#method-c-new
 ldap_connection:
-  host: localhost
+  host: ldapserver
   port: 389
   auth:
     method: :simple
     username: CN=username,OU=!Serviceaccounts,OU=company,DC=company,DC=de
     password: secret
 
+  # or GSSAPI / Kerberos authentication:
+  auth:
+    method: :gssapi
+    hostname: ldapserver
+
+  # or GSS-SPNEGO / NTLM authentication
+  auth:
+    method: :gss_spnego
+    domain: 'company.de'
+    username: 'myuser'
+    password: 'secret'
+
 # Search parameters for LDAP users which should be synchronized
 ldap_users:
   base: OU=company,OU=company,DC=company,DC=de

lib/pg_ldap_sync/application.rb

@@ -361,8 +361,26 @@ class Application
   def start!
     read_config_file(@config_fname)
 
+    ldap_conf = @config[:ldap_connection]
+    auth_meth = ldap_conf.dig(:auth, :method).to_s
+    if auth_meth == "gssapi"
+      begin
+        require 'net/ldap/auth_adapter/gssapi'
+      rescue LoadError => err
+        raise "#{err}\nTo use GSSAPI authentication please run:\n  gem install net-ldap-auth_adapter-gssapi"
+      end
+    elsif auth_meth == "gss_spnego"
+      begin
+        require 'net-ldap-gss-spnego'
+        # This doesn't work since this file is defined in net-ldap as a placeholder:
+        #   require 'net/ldap/auth_adapter/gss_spnego'
+      rescue LoadError => err
+        raise "#{err}\nTo use GSSAPI authentication please run:\n  gem install net-ldap-gss-spnego"
+      end
+    end
+
     # gather LDAP users and groups
-    @ldap = Net::LDAP.new @config[:ldap_connection]
+    @ldap = Net::LDAP.new ldap_conf
     ldap_users = uniq_names search_ldap_users
     ldap_groups = uniq_names search_ldap_groups