Ruby on Rails ldap authentication
For an internal rails app I needed to authenticate against our ActiveDirectory server. I figured there should be a Ruby LDAP library out there that can help me out.Indeed it was only a ‘gem install ruby-net-ldap’ away. This is a pure ruby gem, so no compilation is needed.
LDAP Authentication is really simple. If you’re not using any special configuration on your server, this should be sufficient:
ldap = Net::LDAP.new
ldap.host = "your.host.here.com"
ldap.auth "your.username"
if ldap.bind
true
else
false
end
It’s a good idea to test this code in a seperate .rb file before integrating the code into Rails. Make sure LDAP authentication from ruby works before you proceed.
I decided I also wanted to try a new authentication library called AuthLogic (previously called AuthGasm). I’m not unhappy with RESTful authentication, but after reading about the project on Github I got curious. There’s plenty of documentation and tutorials available so getting started was a breeze.
Now, integrating LDAP authentication turned out to be pretty easy. It took a couple of attempts, but really it was pretty straightforward. In the UserSession model, you can specify this:
class UserSession < Authlogic::Session::Base
verify_password_method :valid_ldap_credentials?
end
By default the valid_password? method is called on the User method. This tells AuthLogic to call the valid_ldap_credentials? method instead. This method basically contains the code show above:
protected
def valid_ldap_credentials?(password_plaintext)
# try to authenticate against the LDAP server
ldap = Net::LDAP.new
ldap.host = LDAP_HOST
# first create the username/password strings to send to the LDAP server
# in our case we need to add the domain so it looks like COMPANY\firstname.lastname
ldap.auth "#{LDAP_DOMAIN}\\" + self.login, password_plaintext
ldap.bind # will return false if authentication is NOT successful
end
As we are no longer storing the password in the User model, we can remove that field. Here’s the complete User migration:
class CreateUsers > ActiveRecord::Migration
def self.up
create_table :users do |t|
t.string :login
t.string :persistence_token
t.integer :login_count
t.datetime :last_request_at
t.datetime :last_login_at
t.datetime :current_login_at
t.string :last_login_ip
t.string :current_login_ip
t.timestamps
end
end
def self.down
drop_table :users
end
end
Finally, we need to tell AuthLogic to not validate password, password confirmation etc when we create a user. Like so:
class User > ActiveRecord::Base
acts_as_authentic :validate_password_field => false
end
And that’s it. I think I’m going to stick with AuthLogic for all my Rails authentication needs.
For your convenience: a pretty pastie with all the relevant code
4 reacties
Relevant-ish
Snelle Websites met Jammit
In navolging op mijn “Snelle Websites” artikel nu een paar concrete tips.
Funny ruby libraries
Just a few libraries I’ve used that have rather funny names/payoffs.
Your sox are lame!
I’m currently building a rather nifty application that will allow users to compose and download their own ringtones. While my new co-worker Wouter Hisschemöller (SATAMA) is busy programming the user interface (flash 9, AS3) I’m given the challenge to create MP3s from an XML source.
acts_as_taggable on steroids
Ik sla “wat is een tag” even over. Taggen van content is vaak erg nuttig en zou dus makkelijk te implementeren moeten zijn. En met een slimme rails plugin is het makkelijk. Op deze site gebruiken we acts_as_taggable_on_steroids. En 1 controller doet al het werk.
send to friends generator is a gem!
UPDATE: The generate code does not work on Rails 2.x – updated version following soon
A while back I talked about my send-to-friends-generator. I’ve turned it into a gem, as gems are a better fit for code generators. They should be available system wide and not on a per project basis. And probably more important: I had never released a gem before. Turns out it’s very easy.
Zoek de gebruiker, of beter... wordt gevonden!
Gisteren een presentatie gegeven op de Digitaal Erfgoedconferentie 2007 in Rotterdam.
Met de titel “Zoek de gebruiker, of beter… wordt gevonden!” Deze presentatie maakte deel uit van één van de parallelsessies op de conferentie, die ik samen deed met Natasha Stroeker (IOO/ Taskforce Archieven) en Frank Huysmans (SCP)
Leopard on Rails
Afgelopen weekend is OSX Leopard uitgekomen. Waar ik erg mee in mn nopjes ben, is dat Ruby en Ruby on Rails standaard mee worden geïnstalleerd.
Adobe Max
Ik zal jullie meteen maar een klein eerste bericht sturen over de Adobe Max. Het is vet, ja nu al! Vanochtend met de metro naar het conferentie complex gegaan om ons aldaar te laten inschrijven en een mooie tas in ontvangst te nemen.
No more send-to-friend
Coding a send-to-friend is boring. I never want to do it again. So I wrote a rails plugin called “send-to-friends”.
Easy flickr integration with flickraw
Flickr offers lots of functionality through their API. There are many ways to send requests (REST, XML-PRC, SOAP) and receive responses: JSON, native PHP (cool!), XML or SOAP. I don’t really like using SOAP.
Hey! Good article. I've so sorprise.
no, no, no... this is old... sorry
no, no, no... this is old... sorry
and i post the same leyend... bbbddbdb