A simple search and authentication tool for Active Directory using LDAP.
The need for this gem arose out of a business requirement for all user authentication to be done against Active Directory. Our users were tired of having to remember multiple usernames and passwords, and asked if they could simply use their network credentials to log into our applications. This gem passes off their username and password to an Active Directory / LDAP server for authentication.
Additionally, users are also able to search the Active Directory.
Just add this to your gem file:
gem 'el_dap'
ElDap will work out of the box with Ruby 1.9.
If you are using Ruby 1.8, you will need to manually install the SystemTimer gem so that timeout exceptions are handled correctly. You will not be able to install ElDap on Ruby 1.8 unless you have this gem.
gem install SystemTimer
-
Easily perform authentication against an Active Directory / LDAP server
-
Search an Active Directory based on wildcard search criteria
-
Use multiple servers to protect against timeouts
To perform any ElDap operation you will need to provide at least two configuration values:
-
server_ips: an array of server IP addresses
-
treebase: a comma-separated list of domain components
For search operations you will also need to provide the following configuration settings:
-
username: the username of the account that will perform the search (typically this would be a service account)
-
password: the password of the account that will perform the search
You also have the option of providing a timeout value:
-
timeout: timeout in seconds for ElDap operations (default is 15 seconds)
Assuming we have an Active Directory called ad.domain.com which can also be referred to simply as ad, the following examples are valid:
ElDap.configure do |c| c.server_ips = ['127.0.0.1'] c.treebase = 'dc=ad,dc=domain,dc=com' end ElDap.validate("ad\\ed.james", 'password') # will return true if username and password are valid ElDap.validate("ed.james@ad.domain.com", 'password') # will return true if username and password are valid
ElDap.configure do |c| c.username = 'service.account@ad.domain.com' c.password = 'password' c.server_ips = ['127.0.0.1'] c.treebase = 'dc=ad,dc=domain,dc=com' end ElDap.search('some guy') # will return an array of OpenStruct objects for each matching search result.
My understanding of LDAP is limited. This gem has only been tested on a Linux server which queries Active Directory. The gem is in production, but I’m not sure how well it will perform in another kind of LDAP-enabled architecture. Any comments or assistance would be greatly appreciated.
If you want to contribute:
-
Check out the latest master to make sure the feature hasn’t been implemented or the bug hasn’t been fixed yet
-
Check out the issue tracker to make sure someone already hasn’t requested it and/or contributed it
-
Fork the project
-
Start a feature/bugfix branch
-
Commit and push until you are happy with your contribution
-
Make sure to add tests for it. This is important so I don’t break it in a future version unintentionally.
-
Please try not to mess with the Rakefile, version, or history.
Copyright © 2011 Ed James. See LICENSE for details.