I am trying to use ldap_devise_authenticatable in my rails app. I am referring to https://github.com/cschiewek/devise_ldap_authenticatable and http://random-rails.blogspot.com/2010/07/ldap-authentication-with-devise.html.
I am currently facing issues configuring the ldap.yml file to the ldap server I am using. I facing difficulty in figuring out what parameters are to be filled with exactly what details.
I was able to gather some infromation from http://net-ldap.rubyforge.org/classes/Net/LDAP.html. But since this tutorial is mainly for net-ldap gem. It doesn't completely serve my purpose.
I am specifically interested in the parameters I need to fill in as values to the ldap.yml I am using for both Authorization and Environment.
I have some idea on what parameter values to enter in Environments but I am like blank on what details to enter for Authorization related parameters. I have commented on few details to be filled in with my doubts in the ldap.yml given below.
My current ldap.yml looks like this:
# Authorizations
# Uncomment out the merging for each environment that you'd like to include.
# You can also just copy and paste the tree (do not include the "authorizations") to each
# environment if you need something different per environment.
authorizations: &AUTHORIZATIONS
group_base: ou=groups,dc=test,dc=com
## Requires config.ldap_check_group_membership in devise.rb be true
# Can have multiple values, must match all to be authorized
required_groups:
# If only a group name is given, membership will be checked against "uniqueMember"
- cn=admins,ou=groups,dc=test,dc=com
- cn=users,ou=groups,dc=test,dc=com
# If an array is given, the first element will be the attribute to check against, the second the group name
- ["moreMembers", "cn=users,ou=groups,dc=test,dc=com"]
## Requires config.ldap_check_attributes in devise.rb to be true
## Can have multiple attributes and values, must match all to be authorized
require_attribute:
objectClass: inetOrgPerson
authorizationRole: postsAdmin
## Environments
development:
host: # ip address is to be filled in here..
port: # port number goes here..
attribute: cn # what does attribute and cn signify? what are the other things I can fill attribute with like uid, and..what else ?
base: # my tree base details go in here..
admin_user: cn=admin_name,dc=test,dc=com # do I need to enter the domain component also ? or just the admin_name would do?
admin_password: # password goes in here..
ssl: true # when would I be using this..?
# <<: *AUTHORIZATIONS - how & where can I use this..?
test:
host: # ip address is to be filled in here..
port: # port number goes here..
attribute: cn # what does attribute and cn signify? what are the other things I can fill attribute with like uid, and..what else ?
base: # my tree base details go in here..
admin_user: cn=admin_name,dc=test,dc=com
admin_password: # password goes in here..
ssl: true
# <<: *AUTHORIZATIONS - how can I use this..
production:
host: # ip address is to be filled in here..
port: # port number goes here..
attribute: cn # what does attribute and cn signify? what are the other things I can fill attribute with like uid, and..what else ?
base: # my tree base details go in here..
admin_user: cn=admin_name,dc=test,dc=com
admin_password: # password goes in here..
ssl: true
# <<: *AUTHORIZATIONS - how can I use this..
Probably good examples to take a look at are the tests within the gem. The only way I was able to test it was with a whole sample rails app..
There are some examples you can look at on github: https://github.com/cschiewek/devise_ldap_authenticatable/blob/master/test/rails_app/config/ldap.yml https://github.com/cschiewek/devise_ldap_authenticatable/blob/master/test/rails_app/config/ldap_with_uid.yml https://github.com/cschiewek/devise_ldap_authenticatable/blob/master/test/rails_app/config/ldap_with_erb.yml
Also, dont get too confused about the <<: *AUTHORIZATIONS stuff, it's just a yaml shortcut to include the same variables for each environment, you could just as soon copy and paste the whole authorizations block into each one.