User authentication by both ldap and database

Question

We are planing to build a Rails application which utilizes both LDAP and database authentication ways.

we plan to take devise and devise_ldap_authenticatable to accomplish that.

The authlogic maybe like this, internal use complete the authentication by LDAP, however, external user have to sign up for the first time, and then app could take the database authentication.

I search by google, Devise and devise_ldap_authenticatable can't work in combined way, anybody here has similar usage, or some other way to achieve that?

thanks in advance.

Answer 1

I find some valuable link here, however, we have to use different models.

https://groups.google.com/forum/#!topic/plataformatec-devise/-Fnr3LWXxBg

Answer 2

I have implemented dual authentication in the following way.

 session_controller.rb

def create

 if (params[:log]=="local")   
           self.resource = warden.authenticate!(:database_authenticatable)

              sign_in(resource_name, resource)
                      yield resource if block_given?
                          respond_with resource, location: after_sign_in_path_for(resource)


                 else

                       
                                   self.resource = warden.authenticate!(:ldap_authenticatable)

                              sign_in(resource_name, resource)
                      yield resource if block_given?
                          respond_with resource, location: after_sign_in_path_for(resource)
                       end

  end

user.rb

  class User < ActiveRecord::Base
      
      devise :ldap_authenticatable, 
:database_authenticatable,:registerable,
            :recoverable, :rememberable, :trackable, :validatable
       

 

**and view devise/sessions/new.html.erb**


<%= form_for(:user, :url => session_path(:user)) do |f| %>
  <div class="form-inputs">
 <%= f.text_field :username ,:placeholder => "Login id"  %><br> <br>
  <%= f.password_field :password,:placeholder => "Password"  %>




   <label for="check_box_type">Login Server </label><%= select_tag :log, options_for_select([ [" Domain Server","domain"],["Local Server", "local"]])%>


  <%= f.submit 'Sign in' %>

Here according to the user input (login server :local/domain] it will login.

Answer 3

A slight modification of the SessionsController. This first checks to see if the user exists in the local DB. If not, it then tries LDAP. All without the user having to specify which account type at login. Note that my local DB has a retired and bypass_ldap flag. If bypass_ldap is false, they have to authenticate via LDAP.

  def create                                                                                                                                                       
    # If the user has a valid ldap_bypass account                               
    possible_user = User.where(username: params["user"]["username"], bypass_ldap: true, retired: false).first                                  
    if !possible_user.nil? && possible_user.valid_password?(params["user"]["password"])
      self.resource = warden.authenticate!(:database_authenticatable)           
      set_flash_message!(:notice, :signed_in)                                   
      sign_in(resource_name, resource)                                          
      yield resource if block_given?                                            
      respond_with resource, location: after_sign_in_path_for(resource)         
    else                                                                        
      super                                                                     
    end                                                                         
    set_login_token                                                             
  end