P
Phrogz
I have a Ramaze-based web application at work. I wanted it to
integrate with the Active Directory server for the company, so that no
one would have to create accounts for new users, and the same password
you used for your desktop would work for the application. (The web
server happens to be accessible only on the intranet, so there was no
security issue with passwords being sent in plaintext; no need for
https on the server.)
Anyhow, after a few failed attempts, the final code for simply
validating the username/password was so simple that I thought I would
share it.
# gem install ruby-net-ldap
require 'net/ldap'
# Sent from an HTML form; the "request" object here is from Ramaze
# Email must have the company domain, e.g. "(e-mail address removed)"
email, pass = request[ :email ], request[
assword ]
ldap = Net::LDAP.new(
# There's convention for companies to use ldap.company.com;
# Thankfully, mine uses this, so I didn't have to bug IT to
# figure out where the Active Directory server was.
:host=>'ldap.acmetools.com',
:auth=>{
:method=>:simple,
:username=>email,
assword=>password
}
)
if ldap.bind
# AD authentication succeeded; the email/password combo is valid!
...
end
I gather that some Active Directory installations require you to
connect over SSL. Mine didn't, so I didn't need to specify the
alternate port or the encryption mode. I also found some code that
uses an LDAP query for the username, e.g. :username=>"cn=#
{username},cn=Users,dc=acmetools,dc=com". Try as I might, though, I
couldn't make any form of this work with my company's AD server. But
the above code worked like a charm, and so simply.
Hope this helps someone.
integrate with the Active Directory server for the company, so that no
one would have to create accounts for new users, and the same password
you used for your desktop would work for the application. (The web
server happens to be accessible only on the intranet, so there was no
security issue with passwords being sent in plaintext; no need for
https on the server.)
Anyhow, after a few failed attempts, the final code for simply
validating the username/password was so simple that I thought I would
share it.
# gem install ruby-net-ldap
require 'net/ldap'
# Sent from an HTML form; the "request" object here is from Ramaze
# Email must have the company domain, e.g. "(e-mail address removed)"
email, pass = request[ :email ], request[
assword ]ldap = Net::LDAP.new(
# There's convention for companies to use ldap.company.com;
# Thankfully, mine uses this, so I didn't have to bug IT to
# figure out where the Active Directory server was.
:host=>'ldap.acmetools.com',
:auth=>{
:method=>:simple,
:username=>email,
assword=>password}
)
if ldap.bind
# AD authentication succeeded; the email/password combo is valid!
...
end
I gather that some Active Directory installations require you to
connect over SSL. Mine didn't, so I didn't need to specify the
alternate port or the encryption mode. I also found some code that
uses an LDAP query for the username, e.g. :username=>"cn=#
{username},cn=Users,dc=acmetools,dc=com". Try as I might, though, I
couldn't make any form of this work with my company's AD server. But
the above code worked like a charm, and so simply.
Hope this helps someone.