Web app authentication to active directory

I have a Windows/IIS server which is running some plain-old-CGI Ruby web
apps. Because it’s Windows/IIS, authentication is really easy in our
active directory environment. I simply have to enable authentication
(kerberos) for the app, then set the permissions on the .cgi files
(users in group X may access this file).

Well, I want to start using Rack-based apps (such as Sinatra), but I
still want seamless authentication. I don’t want to force users to type
their passwords–I want the browser and the web server to do seamless
kerberos authentication.

What are my options? I gather that there are no Rack implementations for
IIS. Has anyone successfully managed to get something like this working
on Apache/Passenger? Or is there a better option? Or is it possible to
trigger kerberos at the application level?

Thanks in advance for any advice…

On Thu, Mar 18, 2010 at 7:24 PM, Nick B. [email protected] wrote:

Nick,
this question comes up a fair bit. I think most of the
Ruby/ActiveDirectory
integration issues end up directing people to the various ldap options
for
Ruby.

I would also look and see if anyone has built any Rack Middleware around
this.

Sorry I can’t be more help.

Richard C. wrote:

On Thu, Mar 18, 2010 at 7:24 PM, Nick B. [email protected] wrote:
this question comes up a fair bit.

Ruby moves so quickly that it’s worth asking questions frequently, as
the answers from six months ago are often obsolete :wink:

I think most of the Ruby/ActiveDirectory
integration issues end up directing people to the various ldap options
for Ruby.

Net-ldap does work! But it requires that I solicit usernames and
passwords. And the “activedirectory” gem seems to be broken and
unmaintained.

I would also look and see if anyone has built any Rack Middleware around
this.

I looked for a way to use Rack on IIS. I didn’t find anything considered
“stable” and compatible with MRI :-/

I would love to hear experiences from someone who actually has a
production application using kerberos/AD/MRI.

On Thu, Mar 18, 2010 at 7:55 PM, Nick B. [email protected] wrote:

Richard C. wrote:

On Thu, Mar 18, 2010 at 7:24 PM, Nick B. [email protected] wrote:
this question comes up a fair bit.

Ruby moves so quickly that it’s worth asking questions frequently, as
the answers from six months ago are often obsolete :wink:

My main concern with this topic, is that I dont think I have ever seen
this
question
answered well. Its not a good sign, as it implies that you are on your
own
when you
go down this route.

I think most of the Ruby/ActiveDirectory
integration issues end up directing people to the various ldap options
for Ruby.

Net-ldap does work! But it requires that I solicit usernames and
passwords. And the “activedirectory” gem seems to be broken and
unmaintained.

Nicely, net-ldap is being actively maintained (saw some recent
announcements).
I think there is also a ruby-net-ldap which is pure ruby, and gets some
recommendations.

I would also look and see if anyone has built any Rack Middleware around
this.

I looked for a way to use Rack on IIS. I didn’t find anything considered
“stable” and compatible with MRI :-/

Don’t get me started. I dont think there is anybody in the entire planet
putting Ruby
on production windows web servers with MRI. If there was, you would
expect
to see
a lot more solutions out there that solve the common problems.

That said, you might want to check out IronRuby, and their solution
ecosystem.

The best advice I often see is to deploy your app on JRuby, then take
advantage
of Java APIs that can do the integration better.

I would love to hear experiences from someone who actually has a
production application using kerberos/AD/MRI.

So would I. I would buy beers for people who can put together all the
pieces
of
successfully deploying Ruby web apps on windows.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs