-
Notifications
You must be signed in to change notification settings - Fork 359
Home
Jason F. Grissom edited this page Jan 1, 2016
·
12 revisions
gem "devise"
gem "devise_ldap_authenticatable"
bundle install
rails g devise:install
rails g devise user
rails g devise:views
rails g devise_ldap_authenticatable:install
rails g migration add_username_to_users username:string:index
bundle exec rake db:migrate
before_action :authenticate_user!
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_in) << :username
end
class User < ActiveRecord::Base
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :ldap_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
validates :username, presence: true, uniqueness: true
before_validation :get_ldap_email
def get_ldap_email
self.email = Devise::LDAP::Adapter.get_ldap_param(self.username,"mail").first
end
# use ldap uid as primary key
before_validation :get_ldap_id
def get_ldap_id
self.id = Devise::LDAP::Adapter.get_ldap_param(self.username,"uidnumber").first
end
# hack for remember_token
def authenticatable_token
Digest::SHA1.hexdigest(email)[0,29]
end
end
change email to username
Devise.setup do |config|
# ==> LDAP Configuration
config.ldap_logger = true
config.ldap_create_user = true
config.ldap_update_password = true
config.ldap_use_admin_to_bind = true
config.authentication_keys = [ :username ]
config.password_length = 0..128 # if your ldap has a weak password police
These values are used to connect your app to the ldap server (They are used with you config.ldap_use_admin_to_bind = true in your config/initializers/devise.rb file set.)
host: your.host.fqdn
port: 389 (636 if you want TLS enabled)
admin_user: "cn=Joe User,ou=people,dc=corp,dc=your-domain,dc=tld"
admin_password: "Joe-Users-Secret-Password"
ssl: false (true if you want TLS enabled)
If your enterprise ldap servers don't allow un-authenticated queries then you need to have ldap_use_admin_to_bind set to true. (You can test to see if you can connect anonymously with an ldap client like JXplorer or Apache Directory Studio. If an anonymous connection fails you will need to use ldap_use_admin_to_bind = true).
These values are used when you're app is running a query for a specific user's authentication information.
attribute: sAMAccountName
base: "ou=people,dc=corp,dc=your-domain,dc=tld"