All: I recently wrote an LDAP library for Ruby called Net::LDAP, and I''ve noticed that quite a few people are using it to do authentication and authorization for Rails apps. I know there are several well-done login generators for Rails, but what about people that would rather use a directory? If we were to write a generator for Rails that used LDAP (or A/D) as the backend, would that be of interest to any of you? -- Posted via http://www.ruby-forum.com/.
Yeah that would be probably something that I was VERY interested in. I think I would even contribute to it. A good engine using ldap would be awesome. Internal intranets would greatly benifit from single administration sources. On 7/10/06, Francis Cianfrocca <garbagecat10@gmail.com> wrote:> All: > I recently wrote an LDAP library for Ruby called Net::LDAP, and I''ve > noticed that quite a few people are using it to do authentication and > authorization for Rails apps. I know there are several well-done login > generators for Rails, but what about people that would rather use a > directory? > > If we were to write a generator for Rails that used LDAP (or A/D) as the > backend, would that be of interest to any of you? > > -- > Posted via http://www.ruby-forum.com/. > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails >-- Elliott Clark eclark@cc.gatech.edu eclark@nife.us
On 7/10/06, Francis Cianfrocca <garbagecat10@gmail.com> wrote:> All: > I recently wrote an LDAP library for Ruby called Net::LDAP, and I''ve > noticed that quite a few people are using it to do authentication and > authorization for Rails apps. I know there are several well-done login > generators for Rails, but what about people that would rather use a > directory? > > If we were to write a generator for Rails that used LDAP (or A/D) as the > backend, would that be of interest to any of you?I went with Ruby/LDAP instead of Net::LDAP as the backend for the Simple LDAP Authenticator [1] plugin because Net::LDAP doesn''t support secure LDAP [2], and I dislike the idea of unencrypted passwords being relayed over the network. One of my apps authenticates with Active Directory and password security is critical, so until Net::LDAP supports secure LDAP, I wouldn''t be able to use it. [1] http://wiki.rubyonrails.com/rails/pages/Simple+LDAP+Authenticator [2] http://rubyforge.org/tracker/index.php?func=detail&aid=4861&group_id=143&atid=634
Jeremy Evans wrote:> I went with Ruby/LDAP instead of Net::LDAP as the backend for the > Simple LDAP Authenticator [1] plugin because Net::LDAP doesn''t support > secure LDAP [2], and I dislike the idea of unencrypted passwords being > relayed over the network. One of my apps authenticates with Active > Directory and password security is critical, so until Net::LDAP > supports secure LDAP, I wouldn''t be able to use it.Which flavor of LDAP encryption are you using with your A/D? LDAPS or STARTTLS? If anyone else uses encryption with A/D, I''d be curious to hear your answer to that question as well. Thanks. -- Posted via http://www.ruby-forum.com/.
On 7/10/06, Francis Cianfrocca <garbagecat10@gmail.com> wrote:> Which flavor of LDAP encryption are you using with your A/D? LDAPS or > STARTTLS? If anyone else uses encryption with A/D, I''d be curious to > hear your answer to that question as well. Thanks.LDAPS (via LDAP::SSLConn).
Jeremy Evans wrote:> On 7/10/06, Francis Cianfrocca <garbagecat10@gmail.com> wrote: >> Which flavor of LDAP encryption are you using with your A/D? LDAPS or >> STARTTLS? If anyone else uses encryption with A/D, I''d be curious to >> hear your answer to that question as well. Thanks. > > LDAPS (via LDAP::SSLConn).If I add LDAPS to Net::LDAP, can you test it? How much support do you need for certificate validation, peer certs, etc? -- Posted via http://www.ruby-forum.com/.
On Monday 10 July 2006 21:46, Francis Cianfrocca wrote:> All: > I recently wrote an LDAP library for Ruby called Net::LDAP, and I''ve > noticed that quite a few people are using it to do authentication and > authorization for Rails apps. I know there are several well-done login > generators for Rails, but what about people that would rather use a > directory? > > If we were to write a generator for Rails that used LDAP (or A/D) as the > backend, would that be of interest to any of you?I would be very interested. It''s important to support encrypted passwords, too, as Jeremy Evans noted. -- Pau Garcia i Quiles http://www.elpauer.org (Due to the amount of work, I usually need 10 days to answer) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 191 bytes Desc: not available Url : http://wrath.rubyonrails.org/pipermail/rails/attachments/20060710/6c3ef46d/attachment.bin
Pau Garcia i Quiles wrote:> On Monday 10 July 2006 21:46, Francis Cianfrocca wrote: >> All: >> I recently wrote an LDAP library for Ruby called Net::LDAP, and I''ve >> noticed that quite a few people are using it to do authentication and >> authorization for Rails apps. I know there are several well-done login >> generators for Rails, but what about people that would rather use a >> directory? >> >> If we were to write a generator for Rails that used LDAP (or A/D) as the >> backend, would that be of interest to any of you? > > I would be very interested. It''s important to support encrypted > passwords, > too, as Jeremy Evans noted.That''s fine, we''re already planning to add both LDAPS and STARTTLS support to Net::LDAP. But my question is whether you all would find it useful to have a generator to make it easier to integrate into Rails. -- Posted via http://www.ruby-forum.com/.
On Tuesday 11 July 2006 02:10, Francis Cianfrocca wrote:> Pau Garcia i Quiles wrote: > > On Monday 10 July 2006 21:46, Francis Cianfrocca wrote: > >> All: > >> I recently wrote an LDAP library for Ruby called Net::LDAP, and I''ve > >> noticed that quite a few people are using it to do authentication and > >> authorization for Rails apps. I know there are several well-done login > >> generators for Rails, but what about people that would rather use a > >> directory? > >> > >> If we were to write a generator for Rails that used LDAP (or A/D) as the > >> backend, would that be of interest to any of you? > > > > I would be very interested. It''s important to support encrypted > > passwords, > > too, as Jeremy Evans noted. > > That''s fine, we''re already planning to add both LDAPS and STARTTLS > support to Net::LDAP. But my question is whether you all would find it > useful to have a generator to make it easier to integrate into Rails.My answer to your question: yes, definitely :-) -- Pau Garcia i Quiles http://www.elpauer.org (Due to the amount of work, I usually need 10 days to answer) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 191 bytes Desc: not available Url : http://wrath.rubyonrails.org/pipermail/rails/attachments/20060711/a8618d17/attachment.bin
On Tue, 2006-07-11 at 02:10 +0200, Francis Cianfrocca wrote:> Pau Garcia i Quiles wrote: > > On Monday 10 July 2006 21:46, Francis Cianfrocca wrote: > >> All: > >> I recently wrote an LDAP library for Ruby called Net::LDAP, and I''ve > >> noticed that quite a few people are using it to do authentication and > >> authorization for Rails apps. I know there are several well-done login > >> generators for Rails, but what about people that would rather use a > >> directory? > >> > >> If we were to write a generator for Rails that used LDAP (or A/D) as the > >> backend, would that be of interest to any of you? > > > > I would be very interested. It''s important to support encrypted > > passwords, > > too, as Jeremy Evans noted. > > That''s fine, we''re already planning to add both LDAPS and STARTTLS > support to Net::LDAP. But my question is whether you all would find it > useful to have a generator to make it easier to integrate into Rails.---- I use Ruby::LDAP and it was simple enough to make it work. The thing that strikes me about the question is - not if it is an all or nothing proposition. I found that the logic behind the authentication systems wasn''t really the issue, but rather the view code and controller logic for the basic CRUD for the various join tables of the authentication system sucked the time. Craig
Craig White wrote:> > I found that the logic behind the authentication systems wasn''t really > the issue, but rather the view code and controller logic for the basic > CRUD for the various join tables of the authentication system sucked the > time. > > CraigNot sure I understand this. Are you talking about auth/az that is built into your domain model? And it''s a pain because you have to build all the CRUD to administer it? Obviously if you get that from a directory, you don''t have to worry about any of it, but that leaves another problem open: what if your users are external to your organization and your users aren''t in any kind of directory that you can access? Sorry for all the questions folks, but I''m trying to assess whether there is a real need that could be addressed with some additional features in Net::LDAP. -- Posted via http://www.ruby-forum.com/.
On Tue, 2006-07-11 at 03:02 +0200, Francis Cianfrocca wrote:> Craig White wrote: > > > > I found that the logic behind the authentication systems wasn''t really > > the issue, but rather the view code and controller logic for the basic > > CRUD for the various join tables of the authentication system sucked the > > time. > > > > Craig > > Not sure I understand this. Are you talking about auth/az that is built > into your domain model? And it''s a pain because you have to build all > the CRUD to administer it? Obviously if you get that from a directory, > you don''t have to worry about any of it, but that leaves another problem > open: what if your users are external to your organization and your > users aren''t in any kind of directory that you can access?---- I''m sorry I wasn''t clear. I used the methodology from Chad Fowler''s recipes for rights/roles and am authenticating a user from LDAP - that''s all. The authentication was simple. The CRUD for the rights and roles and join tables was the time suck. Craig
I would definitely be interested in a well documented AD authentication generator. After playing with various AD authentication systems in Rails I have yet to find one that allowed SSL authentication to Active Directory On Jul 10, 2006, at 12:46 PM, Francis Cianfrocca wrote:> All: > I recently wrote an LDAP library for Ruby called Net::LDAP, and I''ve > noticed that quite a few people are using it to do authentication and > authorization for Rails apps. I know there are several well-done login > generators for Rails, but what about people that would rather use a > directory? > > If we were to write a generator for Rails that used LDAP (or A/D) > as the > backend, would that be of interest to any of you? > > -- > Posted via http://www.ruby-forum.com/. > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails
Have you looked at my ActiveDirectory module? It supports TLS/SSL and I''ve been using it at my organization for about 7 months now for authentication and directory searching/group lookups/etc. It''s on RubyForge (http://rubyforge.org/projects/activedirectory) and is available via a gem (gem install activedirectory). Be aware that it does require ruby-ldap, however. Justin On Jul 11, 2006, at 12:07 PM, Ian Klier wrote:> I would definitely be interested in a well documented AD > authentication generator. > > After playing with various AD authentication systems in Rails I > have yet to find one that allowed SSL authentication to Active > Directory > > > On Jul 10, 2006, at 12:46 PM, Francis Cianfrocca wrote: > >> All: >> I recently wrote an LDAP library for Ruby called Net::LDAP, and I''ve >> noticed that quite a few people are using it to do authentication and >> authorization for Rails apps. I know there are several well-done >> login >> generators for Rails, but what about people that would rather use a >> directory? >> >> If we were to write a generator for Rails that used LDAP (or A/D) >> as the >> backend, would that be of interest to any of you? >> >> -- >> Posted via http://www.ruby-forum.com/. >> _______________________________________________ >> Rails mailing list >> Rails@lists.rubyonrails.org >> http://lists.rubyonrails.org/mailman/listinfo/rails > > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails