HOWTO: Authenticating with a Windows Active Directory server


#1

I have a Ramaze-based web application at work. I wanted it to
integrate with the Active Directory server for the company, so that no
one would have to create accounts for new users, and the same password
you used for your desktop would work for the application. (The web
server happens to be accessible only on the intranet, so there was no
security issue with passwords being sent in plaintext; no need for
https on the server.)

Anyhow, after a few failed attempts, the final code for simply
validating the username/password was so simple that I thought I would
share it.

gem install ruby-net-ldap

require ‘net/ldap’

Sent from an HTML form; the “request” object here is from Ramaze

Email must have the company domain, e.g. “removed_email_address@domain.invalid”

email, pass = request[ :email ], request[ :password ]

ldap = Net::LDAP.new(
# There’s convention for companies to use ldap.company.com;
# Thankfully, mine uses this, so I didn’t have to bug IT to
# figure out where the Active Directory server was.
:host=>‘ldap.acmetools.com’,
:auth=>{
:method=>:simple,
:username=>email,
:password=>password
}
)

if ldap.bind
# AD authentication succeeded; the email/password combo is valid!

end

I gather that some Active Directory installations require you to
connect over SSL. Mine didn’t, so I didn’t need to specify the
alternate port or the encryption mode. I also found some code that
uses an LDAP query for the username, e.g. :username=>“cn=#
{username},cn=Users,dc=acmetools,dc=com”. Try as I might, though, I
couldn’t make any form of this work with my company’s AD server. But
the above code worked like a charm, and so simply. :slight_smile:

Hope this helps someone.


#2

This is a really good HowTo and I used something similar in my Rails
application. I was curious if you had any code snippets on how to change
the Active Directory password using the ruby-net-ldap gem? Any help you
could provide would be greatly appreciated.