Saturday, February 19, 2011

LDAP through Ruby or Rails

I've been attempting to hook a Rails application up to ActiveDirectory. I'll be synchronizing data about users between AD and a database, currently MySQL (but may turn into SQL Server or PostgreSQL).

I've checked out activedirectory-ruby, and it looks really buggy (for a 1.0 release!?). It wraps Net::LDAP, so I tried using that instead, but it's really close to the actual syntax of LDAP, and I enjoyed the abstraction of ActiveDirectory-Ruby because of its ActiveRecord-like syntax.

Is there an elegant ORM-type tool for a directory server? Better yet, if there were some kind of scaffolding tool for LDAP (CRUD for users, groups, organizational units, and so on). Then I could quickly integrate that with my existing authentication code though Authlogic, and keep all of the data synchronized.

From stackoverflow

  • Have you checked out thoughtbot's ldap-activerecord-gateway? It might be something for you to consider...

    http://github.com/thoughtbot/ldap-activerecord-gateway/tree/master

    Clinton Judy : Hmm. I'm still trying to understand what this could do for us. Essentially, I would start this ldap server when starting the rails application. Then, if there's a way to replicate data between this and the real AD server, do that. Then use my ldap server for data. Does that make sense?

  • Have you tried this: http://wiki.rubyonrails.org/rails/pages/HowtoAuthenticateViaLdap

    Or looking these, although these are more in the lines of authenticating against AD:

    http://wiki.rubyonrails.com/rails/pages/WindowsDomainAuthentication

    http://www.noitulove.ch/ldap-authentication-plugin-for-rails/

    http://saush.wordpress.com/2006/07/18/rubyrails-user-authentication-with-microsoft-active-directory/

    http://xaop.com/blog/2008/06/17/simple-windows-active-directory-ldap-authentication-with-rails/

    Chris Markle : mrT - Many of the links that presumably once worked in your answer are now broken. Could you be persuaded to update them? Thanks in advance.
    Charles Ma : new how to authenticate with ldap link: http://wiki.rubyonrails.org/rails/pages/howtoauthenticatewithrubynetldap

  • This is more anecdotal than a real answer...

    I had a similar experience using Samba and OpenLDAP server. I couldn't find a library to really do what I wanted so I rolled my own helper classes.

    I used ldapbrowser to see what fields Samba filled in when I created a user the "official" way and and basically duplicated that.

    The only tricky/non-standard LDAP thing was the crazy password encryption we have:

    userPass:

    "{MD5}" + Base64.encode64(Digest::MD5.digest(pass))

    sambaNTPassword:

    OpenSSL::Digest::MD4.hexdigest(Iconv.iconv("UCS-2", "UTF-8", pass).join).upcase

    For the def authenticate(user, pass) function I try to get LDAP to bind to the domain using their credentials, if I catch an exception then the login failed, otherwise let them in.

    chmeee : +1 Thanks, I was looking for a way to generate an nt password hash in ruby :)

  • I began using ruby-activedirectory, and even extended it/fixed a few things, hosting judy-activedirectory in Github.

    Doing the next iteration, I've discovered ActiveLdap has a much better code base, and I'm seriously contemplating switching to it. Does anyone have personal experience with this?

    chmeee : +1 for ruby-activedirectory
Posted by Mu Cat at 11:21 PM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)