Forum: Ruby HOWTO: Authenticating with a Windows Active Directory server.

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
852a62a28f1de229dc861ce903b07a60?d=identicon&s=25 Gavin Kistner (phrogz)
on 2009-03-26 00:05
(Received via mailing list)
I have a Ramaze-based web application at work. I wanted it to
integrate with the Active Directory server for the company, so that no
one would have to create accounts for new users, and the same password
you used for your desktop would work for the application. (The web
server happens to be accessible only on the intranet, so there was no
security issue with passwords being sent in plaintext; no need for
https on the server.)

Anyhow, after a few failed attempts, the final code for simply
validating the username/password was so simple that I thought I would
share it.

  # gem install ruby-net-ldap
  require 'net/ldap'

  # Sent from an HTML form; the "request" object here is from Ramaze
  # Email must have the company domain, e.g. "username@acmetools.com"
  email, pass = request[ :email ], request[ :password ]

  ldap = Net::LDAP.new(
    # There's convention for companies to use ldap.company.com;
    # Thankfully, mine uses this, so I didn't have to bug IT to
    # figure out where the Active Directory server was.
    :host=>'ldap.acmetools.com',
    :auth=>{
      :method=>:simple,
      :username=>email,
      :password=>password
    }
  )

  if ldap.bind
    # AD authentication succeeded; the email/password combo is valid!
    ...
  end

I gather that some Active Directory installations require you to
connect over SSL. Mine didn't, so I didn't need to specify the
alternate port or the encryption mode. I also found some code that
uses an LDAP query for the username, e.g. :username=>"cn=#
{username},cn=Users,dc=acmetools,dc=com". Try as I might, though, I
couldn't make any form of this work with my company's AD server. But
the above code worked like a charm, and so simply. :)

Hope this helps someone.
435792798216aa09d3beb7b5d09b9fde?d=identicon&s=25 Justin Grudzien (grudzien)
on 2009-04-21 18:14
This is a really good HowTo and I used something similar in my Rails
application. I was curious if you had any code snippets on how to change
the Active Directory password using the ruby-net-ldap gem? Any help you
could provide would be greatly appreciated.
This topic is locked and can not be replied to.