Skip to content

LDAP ActiveDirectory notes

acozine edited this page Oct 6, 2015 · 5 revisions

For authentication and authorization with OpenLDAP:

  • use the config/initializers/devise.rb straight out of the box

For authentication and authorization with ActiveDirectory:

  • in config/initializers/devise.rb, set config.ldap_use_admin_to_bind = true
  • in config/ldap.yml, change the default section so the attribute, base (hierarchy within which to find the attribute), and group_base (hierarchy within which to find the 'admin' group) match the output from ActiveDirectory - for example:
attribute: sAMAccountName  
base: CN=UUsers,DC=ULib,DC=Univ,DC=edu
group_base: OU=UGroups,DC=ULib,DC=Univ,DC=edu

This issue offered helpful tips about how things fit together for ActiveDirectory connections.

Troubleshooting:

  1. on the rails server, confirm that you can connect to your ldap/AD server using the command-line tool ldapsearch
  2. on your ldap/AD server, make sure your admins are members of a group called "admin"
  3. replicate the structure of your ldap users and groups in the ldap.yml file
Clone this wiki locally