My overall goal is to let users of my Rails app authenticate against our organization's ActiveDirectory server over LDAP. (Did I say that right?)
I'd lik开发者_如何学Pythone to try the Ruby ActiveLDAP gem.
The docs say it depends on either...
RubyLDAP
or...
ruby-net-ldap
Does it matter which one I use?
Am I heading in the right general direction by investigating Ruby ActiveLDAP? Is there something else that's better?
I have an openldap server that I use for authentication with my rails apps.
I basically use authlogic and hack in support for ldap using the ruby-net-ldap gem to talk to the ldap server..
I use a pretty basic authlogic set up as detailed in the tutorial, but with a few changes:
class UserSession < Authlogic::Session::Base
verify_password_method :valid_ldap_credentials?
end
class User < ActiveRecord::Base
acts_as_authentic do |c|
c.validate_password_field = false
c.logged_in_timeout = 30.minutes
end
def valid_ldap_credentials?(password_plaintext)
ldap = ldap_connect
ldap.auth self.dn, password_plaintext
ldap.bind # will return false if authentication is NOT successful
end
def ldap_connect(params = {})
ldap_config = YAML.load_file("#{RAILS_ROOT}/config/ldap.yml")[RAILS_ENV]
ldap_options = params.merge({:encryption => :simple_tls})
ldap = Net::LDAP.new(ldap_options)
ldap.host = ldap_config["host"]
ldap.port = ldap_config["port"]
ldap.base = ldap_config["base"]
ldap.auth ldap_config["admin_user"], ldap_config["admin_password"] if params[:admin]
return ldap
end
end
There's an effort to make a plugin for ldap for authlogic, but I haven't seen any progress in a while.
The difficult thing I've found (and asked about) is testing. I basically had to set up production, development, and test instances of my LDAP server for testing.
If you just want to use LDAP and roll your own authorization stuff, I can recommend ruby-net-ldap.
But be warned if you don't have the username for some reason (I only have the login) you need a separate user to query LDAP for it.
精彩评论