Devise LDAP Authenticatable - Based on Devise-Imapable
Devise LDAP Authenticatable is a LDAP based authentication strategy for the Devise authentication framework.
If you are building applications for use within your organization which require authentication and you want to use LDAP, this plugin is for you.
- Rails 2.3.5
- Devise 1.0.6
- Net-LDAP 0.1.1
You must use the net-ldap gem and NOT the ruby-net-ldap gem.
gem install devise_ldap_authenticatable
Once devise_ldap_authenticatable is installed, all you need to do is setup the user model which includes a small addition to the model itself and to the schema.
First the schema :
create_table :users do |t| t.ldap_authenticatable, :null => false end
and indexes (optional) :
add_index :login, :unique => true
and don’t forget to migrate :
then the model :
class User < ActiveRecord::Base devise :ldap_authenticatable, :rememberable, :trackable, :timeoutable # Setup accessible (or protected) attributes for your model attr_accessible :login, :ldap_attributes, :password, :remember_me ... end
and finally change the authentication key in the devise initializer :
Devise.setup do |config| ... config.authentication_keys = [ :login ] ... end
The string stored in ldap_attributes will be inserted between the login and base to provide the full dn used to bind. I recommend using :rememberable, :trackable, :timeoutable as it gives a full feature set for logins.
Devise LDAP Authenticatable works in replacement of Authenticatable, but because we have to change the authentication_keys, you'll need to run:
and customize your login pages to use :login, instead of :email.
This devise plugin has not been tested with Authenticatable enabled at the same time. This is meant as a drop in replacement for Authenticatable allowing for a semi single sign on approach.
Devise.setup do |config| # Required config.ldap_host = 'ldap.mydomain.com' config.ldap_port = 389 config.ldap_base_dn = 'ou=People,dc=local' config.ldap_login_attribute = 'uid' # Optional, these will default to false or nil if not set config.ldap_ssl = true config.ldap_create_user = true end
- The host of your LDAP server
- The port your LDAP service is listening on.
- The DN that is appended to the login before the LDAP bind is performed.
- The attribute that is prepended to the login and the base dn to form the full DN that is used for the bind.
- config.ldap_base_dn = 'ou=People,dc=local'
- config.ldap_login_attribute = 'uid'
- So when trying to login with 'admin' for example, 'admin' would be the value stored in login field, but the actual DN used for the bind would be 'uid=admin,ou=People,dc=local'
- Enables SSL (ldaps) encryption. START_TLS encryption will be added when the net-ldap gem adds support for it.
- If set to true, all valid LDAP users will be allowed to login and an appropriate user record will be created. If set to false, you will have to create the user record before they will be allowed to login.
- Add support for defining DN format to make logins cleaner
Released under the MIT license
Copyright (c) 2010 Curtis Schiewek