1

I am trying to use ldap_devise_authenticatable in my rails app. I am referring to https://github.com/cschiewek/devise_ldap_authenticatable and http://random-rails.blogspot.com/2010/07/ldap-authentication-with-devise.html.

I am currently facing issues configuring the ldap.yml file to the ldap server I am using. I facing difficulty in figuring out what parameters are to be filled with exactly what details.

I was able to gather some infromation from http://net-ldap.rubyforge.org/classes/Net/LDAP.html. But since this tutorial is mainly for net-ldap gem. It doesn't completely serve my purpose.

Could you please suggest me with a good tutorial on LDAP... specific to the parameters I need to fill in as values to the ldap.yml I am using for both Authorization and Environment. An important doubt I had is

I have some idea on what parameter values to enter in Enviroments but I am like blank on what details to enter for Authorization related parameters. I have commented on few details to be filled in with my doubts in the ldap.yml given below. Kindly help me with them if feasible.

My current ldap.yml looks like this:-

#

# Authorizations
# Uncomment out the merging for each enviornment that you'd like to include.
# You can also just copy and paste the tree (do not include the "authorizations") to each
# enviornment if you need something different per enviornment.
authorizations: &AUTHORIZATIONS
  group_base: ou=groups,dc=test,dc=com
  ## Requires config.ldap_check_group_membership in devise.rb be true
  # Can have multiple values, must match all to be authorized
  required_groups:
    # If only a group name is given, membership will be checked against "uniqueMember"
    - cn=admins,ou=groups,dc=test,dc=com
    - cn=users,ou=groups,dc=test,dc=com
    # If an array is given, the first element will be the attribute to check against, the second the group name
    - ["moreMembers", "cn=users,ou=groups,dc=test,dc=com"]
  ## Requires config.ldap_check_attributes in devise.rb to be true
  ## Can have multiple attributes and values, must match all to be authorized
  require_attribute:
    objectClass: inetOrgPerson
    authorizationRole: postsAdmin


## Enviornments


development:
  host: # ip address is to be filled in here..
  port: # port number goes here..
  attribute: cn # what does attribute and cn signify?? what are the other things I can fill attribute with like uid, and..what else ??
  base: # my tree base details go in here..
  admin_user: cn=admin_name,dc=test,dc=com # do I need to enter the domain component also ? or just the admin_name  would do?
  admin_password: # password goes in here..
  ssl: true # when would I be using this..??
  # <<: *AUTHORIZATIONS - how & where can I use this..??

test:
  host: # ip address is to be filled in here..
  port: # port number goes here..
  attribute: cn # what does attribute and cn signify?? what are the other things I can fill attribute with like uid, and..what else ??
  base: # my tree base details go in here..
  admin_user: cn=admin_name,dc=test,dc=com
  admin_password: # password goes in here..
  ssl: true
  # <<: *AUTHORIZATIONS - how can I use this..

production:
  host: # ip address is to be filled in here..
  port: # port number goes here..
  attribute: cn # what does attribute and cn signify?? what are the other things I can fill attribute with like uid, and..what else ??
  base: # my tree base details go in here..
  admin_user: cn=admin_name,dc=test,dc=com
  admin_password: # password goes in here..
  ssl: true
  # <<: *AUTHORIZATIONS - how can I use this..

Thanks for you help..

boddhisattva
  • 6,908
  • 11
  • 48
  • 72

1 Answers1

0

Probably good examples to take a look at are the tests within the gem. The only way I was able to test it was with a whole sample rails app..

There are some examples you can look at on github: https://github.com/cschiewek/devise_ldap_authenticatable/blob/master/test/rails_app/config/ldap.yml https://github.com/cschiewek/devise_ldap_authenticatable/blob/master/test/rails_app/config/ldap_with_uid.yml https://github.com/cschiewek/devise_ldap_authenticatable/blob/master/test/rails_app/config/ldap_with_erb.yml

Also, dont get too confused about the <<: *AUTHORIZATIONS stuff, it's just a yaml shortcut to include the same variables for each environment, you could just as soon copy and paste the whole authorizations block into each one.

Dan McNevin
  • 22,278
  • 5
  • 35
  • 28
  • Hi Daniel, thanks for your answer, I wanted to ask you another thing can we use ldap_devise_authenticatable gem with devise 1.1.3?, I am making use of an app that uses this gem for security issues, I was considering to integrate LDAP in that app. It would be difficult for me to downgrade my devise gem 1.1.3 to 1.1.2 as some cucumber tests are failing with the downgrade( I just tried it out to see the impact on changing the version in my Gemfile ). Thanks for your support Daniel. – boddhisattva Feb 18 '11 at 05:29
  • I haven't had much time to really keep on updating it as they release new versions of devise, but if you update the Rakefile to something like: gemspec.add_runtime_dependency "devise", "~> 1.1.2" and then rake build. I can't guarantee that they didn't change anything in 1.1.3 that will break it, though. – Dan McNevin Feb 18 '11 at 06:03
  • Hi Dan, thanks I shall try this out.. I shall just revert back to you incase I face any issues. I can do this in the Rake file specific to my app right..? instead of doing this in the Rake file of the gem.. – boddhisattva Feb 18 '11 at 07:45
  • Hi Dan, I ran the cucumber tests on the app, the app did break for most of the tests, I made a change to my gemfile and gave a gem 'devise', '~>1.1.2' . When I ran bundle install this time, bundle very smartly choose to install ldap_devise_authenticatable 0.4.4 gem.. as for that the prerequisite is any devise > 1.0.4. I guess this should do the trick for me now.. it also gave a using devise 1.1.3 in my app on the bundle install. I have a general doubt, how can we keep track of enhancements made for each gem versions present in www.rubygems.org. Thanks a lot.. – boddhisattva Feb 18 '11 at 08:19
  • It's not an easy problem to keep on top of all the new gems.. If your project is open source, you can try using http://rubytracker.com/ – Dan McNevin Feb 18 '11 at 16:27
  • Hi Dan, I was able to figure out most of the tests failed as the original code was built using database_authenticatable & now by using ldap_devise_authenticatable we the user model making use of devise was changed to ldap_authenticatable. The break in the app was not due to the gem as thought earlier..as this time i used a combination of devise 1.0.4 with ldap_devise_authenticatable 0.4.4 Is there no way by which we can make use of ldap_authenticatable and database_authenticatable in our user model or any other model for the record..?. Thanks..:) – boddhisattva Feb 20 '11 at 05:37
  • both links get you to 404 :( – grepit Jun 08 '15 at 17:08