Rails - Mar 2006 - LDAP Authentication

I have to do user authentication for a project i''m working on. The
trick
is they want me to use the existing LDAP database for it. Does anyone 
know how to authenticate using LDAP in RoR?

~Rahul

>From the RoR wiki:
http://wiki.rubyonrails.com/rails/pages/HowtoAuthenticateViaLdap

On 3/14/06, Rahul Malik <rmalik2@gmail.com> wrote:
>
> I have to do user authentication for a project i''m working on. The
trick
> is they want me to use the existing LDAP database for it. Does anyone
> know how to authenticate using LDAP in RoR?
>
> ~Rahul
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>


--

-----
Fight back spam! Download the Blue Frog.
http://www.bluesecurity.com/register/s?user=c2FobWVkMTQ%3D
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://wrath.rubyonrails.org/pipermail/rails/attachments/20060314/ab7547cd/attachment.html

And I hope you aren''t running the server on windows, cause I
don''t believe
Ruby-LDAP has been made to work there yet. =\

On 3/14/06, Hammed Malik <hammed@gmail.com> wrote:
>
> >From the RoR wiki:
> http://wiki.rubyonrails.com/rails/pages/HowtoAuthenticateViaLdap
>
>
> On 3/14/06, Rahul Malik <rmalik2@gmail.com> wrote:
> >
> > I have to do user authentication for a project i''m working
on. The trick
> > is they want me to use the existing LDAP database for it. Does anyone
> > know how to authenticate using LDAP in RoR?
> >
> > ~Rahul
> > _______________________________________________
> > Rails mailing list
> > Rails@lists.rubyonrails.org
> > http://lists.rubyonrails.org/mailman/listinfo/rails
> >
>
>
>
> --
>
> -----
> Fight back spam! Download the Blue Frog.
> http://www.bluesecurity.com/register/s?user=c2FobWVkMTQ%3D
>
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://wrath.rubyonrails.org/pipermail/rails/attachments/20060314/d1c47b04/attachment.html

I tried that method at first, but soon found ActiveLDAP does a few  
extra things that slow it way down just for authentication. I pulled  
out just the authentication code and found it much faster. Only need  
Ruby LDAP installed.

Note :base and :bind_format must have your LDAP base. I have removed  
non SSL connection attempts too.
=======================require ''ldap''
   def self.ldap_config


   end

   def authenticate(username,password)
     auth_config = {
       # best if this is set in your environment
       :host => "server.com",
       :port => 636,
       :base => "#{your_base}",
       :bind_format => "userid=%s,#{your_base}",
       :allow_anonymous => false,
       :user => username
     }
     auth_config[:port] ||= 636
     auth_config[:retries] ||= 3
     conn = nil
     tries = 0
     begin
       # Connect to LDAP
       begin
         # SSL using START_TLS
         conn = LDAP::SSLConn.new(auth_config[:host], auth_config 
[:port], true)
       rescue
         begin
           conn = LDAP::SSLConn.new(auth_config[:host], auth_config 
[:port], false)
         rescue
           raise AuthenticationError, "All authentication mechanisms  
failed"
         end
       end
       # Enforce LDAPv3
       conn.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3)

       # Authenticate
       bind_dn = auth_config[:bind_format] % [auth_config[:user]]

       # Rough bind loop:
       # Attempt SASL
       auth = false
       begin
         auth = conn.bind(bind_dn, password)
       rescue
         return nil
       end

       unless auth
        raise AuthenticationError, "All authentication mechanisms  
failed"
       end
       return auth
     rescue => e
       # Retry
       tries += 1
       raise e if tries > auth_config[:retries]
       retry
     end
   end
=====================
I hope I didn''t cut too much out when removing my server info.


-John

--
John Smilanick
Computing Staff - Webmaster
Kavli Institute for Theoretical Physics
University of California, Santa Barbara
jsmilani@kitp.ucsb.edu
(805) 893-6307


On Mar 14, 2006, at 10:22 AM, Hammed Malik wrote:
> >From the RoR wiki: http://wiki.rubyonrails.com/rails/pages/ 
> HowtoAuthenticateViaLdap
>
> On 3/14/06, Rahul Malik <rmalik2@gmail.com> wrote:
> I have to do user authentication for a project i''m working on. The
> trick
> is they want me to use the existing LDAP database for it. Does anyone
> know how to authenticate using LDAP in RoR?
>
> ~Rahul
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>
>
>
> -- 
>
> -----
> Fight back spam! Download the Blue Frog.
> http://www.bluesecurity.com/register/s?user=c2FobWVkMTQ%3D
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://wrath.rubyonrails.org/pipermail/rails/attachments/20060314/e9418260/attachment-0001.html