Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
A plugin to allow rails apps to authenticate to Active Directory
Ruby
branch: master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
lib
tasks
test
MIT-LICENSE
README.rdoc
Rakefile
init.rb
install.rb
uninstall.rb

README.rdoc

ActiveDirectoryAuth

Lets you authenticate users against an ActiveDirectory systems, also provides a test implementation so you don't need to have an LDAP server when developing. The goal here is to allow you to store your user information in your local database, but use the LDAP information for authentication and retrieving authorization information.

This will add an 'authenticate' method to your model which works as follows:

@user = User.authenticate("koz", "mypassword") # returns the user
@user = User.authenticate("who knows", "not a password") # nil

In order to map from the ldap result to your database, you need to implement a find_from_ldap method on the user class. It will be passed an ldap user, which responds to a few key methods. username returns the account name that successfully authenticated. roles returns the list of configured group which the user is a member of. It also adds some simple predicate methods for each of the available roles. For example:

def self.find_from_ldap(ldap_user)
  returning find_or_create_by_login(ldap_user.username) do |user|
    user.permissions.clear
    if ldap_user.admin?
      user.admin = true
    end
    if ldap_user.printer_operator?
      user.permissions.create! :code=>"printer"
    end
    user.save!
  end
end

There's obviously a risk that users who have been disabled in ldap could still have an active session in the rails application.

Requirements

You need the net/ldap gem. You should add a line in your config/enviornment.rb file:

config.gem "ruby-net-ldap", :lib => "net/ldap", :source => "http://gems.github.com"

Optionally, you could unpack this gem into your vendor/gems directory with this command:

rake gems:unpack

Example

In production.rb you can write:

config.to_prepare do
  User.authenticates_with_active_directory do |config|
    config.host    = "1.2.3.4"
    config.base_dn = "DC=radionz,DC=co,DC=nz"

    # Only needed if your ldap server doesn't support anonymous binding
    config.administrator_dn = "CN=administrator,OU=Sysadmins Group,OU=Systems"
    config.administrator_password = "admin_pw"

    config.roles :printer_operator => "CN=Printer Operators,CN=Groups",
                 :backup_operator  => "CN=Backup Operators,CN=Groups",
                 :admin            => "CN=AdminUsers,OU=Groups,OU=Corporate",
                 :operators        => "CN=OperatorsGroup,OU=Groups,OU=Corporate"
  end
end

then in development.rb and test.rb you write:

User.stub_active_directory_authentication do |config|
  config.user "koz", "a password", :printer_operator, :backup_operator
  config.user "dhh", "anotherpassword", :admin
end

Note: the config.to_prepare block is used, as Ruby is garbage collecting the User's config settings.

Copyright & Credits

This plugin was funded by Radio New Zealand Limited, and written by Michael Koziarski.

Copyright © 2009 Koziarski Software Ltd Copyright © 2009 Radio New Zealand Limited

Released under the MIT license

Something went wrong with that request. Please try again.