LDAP auth/az for Rails

All:
I recently wrote an LDAP library for Ruby called Net::LDAP, and I’ve
noticed that quite a few people are using it to do authentication and
authorization for Rails apps. I know there are several well-done login
generators for Rails, but what about people that would rather use a
directory?

If we were to write a generator for Rails that used LDAP (or A/D) as the
backend, would that be of interest to any of you?

Yeah that would be probably something that I was VERY interested in.
I think I would even contribute to it. A good engine using ldap would
be awesome.

Internal intranets would greatly benifit from single administration
sources.

On 7/10/06, Francis C. [email protected] wrote:


Posted via http://www.ruby-forum.com/.


Rails mailing list
[email protected]
http://lists.rubyonrails.org/mailman/listinfo/rails


Elliott C.
[email protected]
[email protected]

Jeremy E. wrote:

I went with Ruby/LDAP instead of Net::LDAP as the backend for the
Simple LDAP Authenticator [1] plugin because Net::LDAP doesn’t support
secure LDAP [2], and I dislike the idea of unencrypted passwords being
relayed over the network. One of my apps authenticates with Active
Directory and password security is critical, so until Net::LDAP
supports secure LDAP, I wouldn’t be able to use it.

Which flavor of LDAP encryption are you using with your A/D? LDAPS or
STARTTLS? If anyone else uses encryption with A/D, I’d be curious to
hear your answer to that question as well. Thanks.

On 7/10/06, Francis C. [email protected] wrote:

All:
I recently wrote an LDAP library for Ruby called Net::LDAP, and I’ve
noticed that quite a few people are using it to do authentication and
authorization for Rails apps. I know there are several well-done login
generators for Rails, but what about people that would rather use a
directory?

If we were to write a generator for Rails that used LDAP (or A/D) as the
backend, would that be of interest to any of you?

I went with Ruby/LDAP instead of Net::LDAP as the backend for the
Simple LDAP Authenticator [1] plugin because Net::LDAP doesn’t support
secure LDAP [2], and I dislike the idea of unencrypted passwords being
relayed over the network. One of my apps authenticates with Active
Directory and password security is critical, so until Net::LDAP
supports secure LDAP, I wouldn’t be able to use it.

[1] http://wiki.rubyonrails.com/rails/pages/Simple+LDAP+Authenticator
[2]
http://rubyforge.org/tracker/index.php?func=detail&aid=4861&group_id=143&atid=634

Jeremy E. wrote:

On 7/10/06, Francis C. [email protected] wrote:

Which flavor of LDAP encryption are you using with your A/D? LDAPS or
STARTTLS? If anyone else uses encryption with A/D, I’d be curious to
hear your answer to that question as well. Thanks.

LDAPS (via LDAP::SSLConn).

If I add LDAPS to Net::LDAP, can you test it? How much support do you
need for certificate validation, peer certs, etc?

On 7/10/06, Francis C. [email protected] wrote:

Which flavor of LDAP encryption are you using with your A/D? LDAPS or
STARTTLS? If anyone else uses encryption with A/D, I’d be curious to
hear your answer to that question as well. Thanks.

LDAPS (via LDAP::SSLConn).

On Monday 10 July 2006 21:46, Francis C. wrote:

All:
I recently wrote an LDAP library for Ruby called Net::LDAP, and I’ve
noticed that quite a few people are using it to do authentication and
authorization for Rails apps. I know there are several well-done login
generators for Rails, but what about people that would rather use a
directory?

If we were to write a generator for Rails that used LDAP (or A/D) as the
backend, would that be of interest to any of you?

I would be very interested. It’s important to support encrypted
passwords,
too, as Jeremy E. noted.

Pau Garcia i Quiles wrote:

On Monday 10 July 2006 21:46, Francis C. wrote:

All:
I recently wrote an LDAP library for Ruby called Net::LDAP, and I’ve
noticed that quite a few people are using it to do authentication and
authorization for Rails apps. I know there are several well-done login
generators for Rails, but what about people that would rather use a
directory?

If we were to write a generator for Rails that used LDAP (or A/D) as the
backend, would that be of interest to any of you?

I would be very interested. It’s important to support encrypted
passwords,
too, as Jeremy E. noted.

That’s fine, we’re already planning to add both LDAPS and STARTTLS
support to Net::LDAP. But my question is whether you all would find it
useful to have a generator to make it easier to integrate into Rails.

On Tuesday 11 July 2006 02:10, Francis C. wrote:

backend, would that be of interest to any of you?

I would be very interested. It’s important to support encrypted
passwords,
too, as Jeremy E. noted.

That’s fine, we’re already planning to add both LDAPS and STARTTLS
support to Net::LDAP. But my question is whether you all would find it
useful to have a generator to make it easier to integrate into Rails.

My answer to your question: yes, definitely :slight_smile:

Craig W. wrote:

I found that the logic behind the authentication systems wasn’t really
the issue, but rather the view code and controller logic for the basic
CRUD for the various join tables of the authentication system sucked the
time.

Craig

Not sure I understand this. Are you talking about auth/az that is built
into your domain model? And it’s a pain because you have to build all
the CRUD to administer it? Obviously if you get that from a directory,
you don’t have to worry about any of it, but that leaves another problem
open: what if your users are external to your organization and your
users aren’t in any kind of directory that you can access?

Sorry for all the questions folks, but I’m trying to assess whether
there is a real need that could be addressed with some additional
features in Net::LDAP.

On Tue, 2006-07-11 at 03:02 +0200, Francis C. wrote:

into your domain model? And it’s a pain because you have to build all
the CRUD to administer it? Obviously if you get that from a directory,
you don’t have to worry about any of it, but that leaves another problem
open: what if your users are external to your organization and your
users aren’t in any kind of directory that you can access?


I’m sorry I wasn’t clear. I used the methodology from Chad F.'s
recipes for rights/roles and am authenticating a user from LDAP - that’s
all. The authentication was simple. The CRUD for the rights and roles
and join tables was the time suck.

Craig

On Tue, 2006-07-11 at 02:10 +0200, Francis C. wrote:

backend, would that be of interest to any of you?

I would be very interested. It’s important to support encrypted
passwords,
too, as Jeremy E. noted.

That’s fine, we’re already planning to add both LDAPS and STARTTLS
support to Net::LDAP. But my question is whether you all would find it
useful to have a generator to make it easier to integrate into Rails.


I use Ruby::LDAP and it was simple enough to make it work. The thing
that strikes me about the question is - not if it is an all or nothing
proposition.

I found that the logic behind the authentication systems wasn’t really
the issue, but rather the view code and controller logic for the basic
CRUD for the various join tables of the authentication system sucked the
time.

Craig

Have you looked at my ActiveDirectory module? It supports TLS/SSL
and I’ve been using it at my organization for about 7 months now for
authentication and directory searching/group lookups/etc. It’s on
RubyForge (http://rubyforge.org/projects/activedirectory) and is
available via a gem (gem install activedirectory). Be aware that it
does require ruby-ldap, however.

Justin

I would definitely be interested in a well documented AD
authentication generator.

After playing with various AD authentication systems in Rails I have
yet to find one that allowed SSL authentication to Active Directory

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs