Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
WIP - PImplement basic LDAP authentication
Add devise_ldap_authenticatable - see https://github.com/cschiewek/devise_ldap_authenticatable#usage * Add gem to gemfile * Run devise_ldap_authenticatable generator * Add username to User model * Authenticate against username instead of email Add ladle wrapper for ApacheDS LDAP server * Add gem to gemfile * Add rake task to launch LDAP server * Add minimal ldap user setup file
- Loading branch information
Showing
11 changed files
with
152 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
## Authorizations | ||
# Uncomment out the merging for each environment that you'd like to include. | ||
# You can also just copy and paste the tree (do not include the "authorizations") to each | ||
# environment if you need something different per enviornment. | ||
authorizations: &AUTHORIZATIONS | ||
allow_unauthenticated_bind: false | ||
group_base: ou=groups,dc=example,dc=org | ||
## Requires config.ldap_check_group_membership in devise.rb be true | ||
# Can have multiple values, must match all to be authorized | ||
required_groups: | ||
# If only a group name is given, membership will be checked against "uniqueMember" | ||
- cn=admins,ou=groups,dc=example,dc=org | ||
- cn=users,ou=groups,dc=example,dc=org | ||
# If an array is given, the first element will be the attribute to check against, the second the group name | ||
- ["moreMembers", "cn=users,ou=groups,dc=example,dc=org"] | ||
## Requires config.ldap_check_attributes in devise.rb to be true | ||
## Can have multiple attributes and values, must match all to be authorized | ||
require_attribute: | ||
objectClass: inetOrgPerson | ||
require_attribute_presence: | ||
mail: true | ||
|
||
## Environment | ||
|
||
development: | ||
host: localhost | ||
port: 3389 | ||
attribute: cn | ||
base: ou=people,dc=example,dc=org | ||
admin_user: cn=admin,dc=test,dc=com | ||
admin_password: admin_password | ||
ssl: false | ||
# <<: *AUTHORIZATIONS | ||
|
||
test: | ||
host: localhost | ||
port: 3389 | ||
attribute: cn | ||
base: ou=people,dc=example,dc=com | ||
admin_user: cn=admin,dc=test,dc=com | ||
admin_password: admin_password | ||
ssl: false | ||
# <<: *AUTHORIZATIONS | ||
|
||
production: | ||
host: localhost | ||
port: 636 | ||
attribute: cn | ||
base: ou=people,dc=test,dc=com | ||
admin_user: cn=admin,dc=test,dc=com | ||
admin_password: admin_password | ||
ssl: start_tls | ||
# <<: *AUTHORIZATIONS |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
|
||
version: 1 | ||
|
||
# people.example.org | ||
dn: ou=people,dc=example,dc=org | ||
objectClass: top | ||
objectClass: organizationalUnit | ||
ou: people | ||
|
||
# user.people.examle.org | ||
dn: cn=user,ou=people,dc=example,dc=org | ||
objectClass: top | ||
objectClass: person | ||
objectClass: organizationalPerson | ||
objectClass: inetOrgPerson | ||
sn: Ffrind | ||
givenName: Rhyw | ||
uid: example_user | ||
mail: user@example.org | ||
cn: user | ||
userPassword: password | ||
|
||
# admin.people.examle.org | ||
dn: cn=admin,ou=people,dc=example,dc=org | ||
objectClass: top | ||
objectClass: person | ||
objectClass: organizationalPerson | ||
objectClass: inetOrgPerson | ||
sn: Arall | ||
givenName: Rhywun | ||
uid: admin_user | ||
mail: admin@example.org | ||
cn: admin | ||
userPassword: password |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
class AddUsernameToUsers < ActiveRecord::Migration[5.0] | ||
def change | ||
add_column :users, :username, :string | ||
add_index :users, :username, unique: true | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
require 'ladle' | ||
|
||
'Start a ladle server' | ||
task :ladle do | ||
conf_path = Rails.root.join('config') | ||
|
||
server = Ladle::Server.new( | ||
port: Rails.application.config_for(:ldap)['port'], | ||
quiet: false, | ||
ldif: conf_path.join('ldap_data_dev.ldif').to_s | ||
) | ||
|
||
begin | ||
puts 'Starting LDAP server on port 3398' | ||
server.start | ||
sleep | ||
rescue Interrupt | ||
puts 'Stopping server' | ||
ensure | ||
server.stop | ||
end | ||
end |