Devise and LDAP for Authentication with Rails

Devise is a complete (as in MVC stack) and modular Rails authentication library. In order to learn devise it is best and easiest to watch Railscast episode #209. Also watch episode #210 to learn how to customize views and enable authorization. Learn about the devise LDAP plugin in the screencast LDAP Authentication With Devise.

Step by Step Instructions

Edit the Gemfile and add (check for up-to-date version numbers in the documentation):

gem 'devise'
gem 'devise_ldap_authenticatable'

Update your gems:

bundle install

Install devise and devise_ldap_authenticatable into your application:

rails generate devise:install
rails generate devise User
rails generate devise_ldap_authenticatable:install

Edit app/models/user.rb and take out :registerable, :recoverable, and :validatable. We allow neither creating new accounts nor changing passwords through the Rails application.

class User < ActiveRecord::Base
  devise :ldap_authenticatable, :rememberable, :trackable
end

Make the corresponding changes in the migration db/migate/YYYYMMDDhhmmss_devise_create_users.rb, i.e., delete/comment out t.recoverable and the :reset_password_token index. Replace :email with :login.

class DeviseCreateUsers < ActiveRecord::Migration
  def change
    create_table(:users) do |t|
      ## LDAP authenticatable
      t.string :login, :null => false, :default => "", :unique => true

      ## Rememberable
      t.datetime :remember_created_at

      ## Trackable
      t.integer  :sign_in_count, :default => 0
      t.datetime :current_sign_in_at
      t.datetime :last_sign_in_at
      t.string   :current_sign_in_ip
      t.string   :last_sign_in_ip
      t.timestamps
    end

    add_index :users, :login, :unique => true
  end
end

Apply the migrations

rake db:migrate

Edit config/initializers/devise.rb and set the following parameters:

# [...]
config.ldap_create_user = true
config.ldap_update_password = false
# [...]
config.authentication_keys = [ :login ]
# [...]

Edit config/ldap.yml and set our access details:

# [...]
development:
  host: ldap.phys.ethz.ch
  port: 389
  attribute: uid
  base: o=ethz,c=ch
# [...]

Generate the devise views:

rails generate devise:views

Edit app/views/devise/session/new.html.haml and replace :email with :login and f.email_field with f.text_field. We don't need the other views.

<h2>Sign in</h2>

<%= form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f| %>
  <div><%= f.label :login %><br />
  <%= f.text_field :login, :autofocus => true %></div>

  <div><%= f.label :password %><br />
  <%= f.password_field :password %></div>

  <% if devise_mapping.rememberable? -%>
    <div><%= f.check_box :remember_me %> <%= f.label :remember_me %></div>
  <% end -%>

  <div><%= f.submit "Sign in" %></div>
<% end %>

<%= render "devise/shared/links" %>

From here on you need to flesh out the authorization and adjust the views according to the needs of your application. This is standard Rails stuff with some examples in the above mentioned Railscasts.

See Also

 
devise_with_ldap_for_authentication_in_rails_3.txt · Last modified: 2013/07/26 09:59 by heeb
 
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Debian Driven by DokuWiki