-
Notifications
You must be signed in to change notification settings - Fork 4
LDAP ActiveDirectory notes
acozine edited this page Oct 6, 2015
·
5 revisions
For authentication and authorization with OpenLDAP:
- use the config/initializers/devise.rb straight out of the box
For authentication and authorization with ActiveDirectory:
- in config/initializers/devise.rb, set
config.ldap_use_admin_to_bind = true
- in config/ldap.yml, change the default section so the attribute, base (hierarchy within which to find the attribute), and group_base (hierarchy within which to find the 'admin' group) match the output from ActiveDirectory - for example:
attribute: sAMAccountName
base: CN=UUsers,DC=ULib,DC=Univ,DC=edu
group_base: OU=UGroups,DC=ULib,DC=Univ,DC=edu
This issue offered helpful tips about how things fit together for ActiveDirectory connections.
Troubleshooting:
- on the rails server, confirm that you can connect to your ldap/AD server using the command-line tool
ldapsearch
- on your ldap/AD server, make sure your admins are members of a group called "admin"
- replicate the structure of your ldap users and groups in the ldap.yml file