ruby-on-railsldapldapconnection

Using the ldap.yml in Ldap_devise_authenticatable gem


I am trying to use ldap_devise_authenticatable in my rails app. I am referring to https://github.com/cschiewek/devise_ldap_authenticatable and http://random-rails.blogspot.com/2010/07/ldap-authentication-with-devise.html.

I am currently facing issues configuring the ldap.yml file to the ldap server I am using. I facing difficulty in figuring out what parameters are to be filled with exactly what details.

I was able to gather some infromation from http://net-ldap.rubyforge.org/classes/Net/LDAP.html. But since this tutorial is mainly for net-ldap gem. It doesn't completely serve my purpose.

I am specifically interested in the parameters I need to fill in as values to the ldap.yml I am using for both Authorization and Environment.

I have some idea on what parameter values to enter in Environments but I am like blank on what details to enter for Authorization related parameters. I have commented on few details to be filled in with my doubts in the ldap.yml given below.

My current ldap.yml looks like this:

# Authorizations
# Uncomment out the merging for each environment that you'd like to include.
# You can also just copy and paste the tree (do not include the "authorizations") to each
# environment if you need something different per environment.
authorizations: &AUTHORIZATIONS
  group_base: ou=groups,dc=test,dc=com
  ## Requires config.ldap_check_group_membership in devise.rb be true
  # Can have multiple values, must match all to be authorized
  required_groups:
    # If only a group name is given, membership will be checked against "uniqueMember"
    - cn=admins,ou=groups,dc=test,dc=com
    - cn=users,ou=groups,dc=test,dc=com
    # If an array is given, the first element will be the attribute to check against, the second the group name
    - ["moreMembers", "cn=users,ou=groups,dc=test,dc=com"]
  ## Requires config.ldap_check_attributes in devise.rb to be true
  ## Can have multiple attributes and values, must match all to be authorized
  require_attribute:
    objectClass: inetOrgPerson
    authorizationRole: postsAdmin


## Environments


development:
  host: # ip address is to be filled in here..
  port: # port number goes here..
  attribute: cn # what does attribute and cn signify? what are the other things I can fill attribute with like uid, and..what else ?
  base: # my tree base details go in here..
  admin_user: cn=admin_name,dc=test,dc=com # do I need to enter the domain component also ? or just the admin_name  would do?
  admin_password: # password goes in here..
  ssl: true # when would I be using this..?
  # <<: *AUTHORIZATIONS - how & where can I use this..?

test:
  host: # ip address is to be filled in here..
  port: # port number goes here..
  attribute: cn # what does attribute and cn signify? what are the other things I can fill attribute with like uid, and..what else ?
  base: # my tree base details go in here..
  admin_user: cn=admin_name,dc=test,dc=com
  admin_password: # password goes in here..
  ssl: true
  # <<: *AUTHORIZATIONS - how can I use this..

production:
  host: # ip address is to be filled in here..
  port: # port number goes here..
  attribute: cn # what does attribute and cn signify? what are the other things I can fill attribute with like uid, and..what else ?
  base: # my tree base details go in here..
  admin_user: cn=admin_name,dc=test,dc=com
  admin_password: # password goes in here..
  ssl: true
  # <<: *AUTHORIZATIONS - how can I use this..

Solution

  • Probably good examples to take a look at are the tests within the gem. The only way I was able to test it was with a whole sample rails app..

    There are some examples you can look at on github: https://github.com/cschiewek/devise_ldap_authenticatable/blob/master/test/rails_app/config/ldap.yml https://github.com/cschiewek/devise_ldap_authenticatable/blob/master/test/rails_app/config/ldap_with_uid.yml https://github.com/cschiewek/devise_ldap_authenticatable/blob/master/test/rails_app/config/ldap_with_erb.yml

    Also, dont get too confused about the <<: *AUTHORIZATIONS stuff, it's just a yaml shortcut to include the same variables for each environment, you could just as soon copy and paste the whole authorizations block into each one.