I have an openldap server that I use for authentication with my rails apps.
I basically use authlogic and hack in support for ldap using the ruby-net-ldap gem to talk to the ldap server..
I use a pretty basic authlogic set up as detailed in the tutorial, but with a few changes:
class UserSession < Authlogic::Session::Base
verify_password_method :valid_ldap_credentials?
end
class User < ActiveRecord::Base
acts_as_authentic do |c|
c.validate_password_field = false
c.logged_in_timeout = 30.minutes
end
def valid_ldap_credentials?(password_plaintext)
ldap = ldap_connect
ldap.auth self.dn, password_plaintext
ldap.bind # will return false if authentication is NOT successful
end
def ldap_connect(params = {})
ldap_config = YAML.load_file("#{RAILS_ROOT}/config/ldap.yml")[RAILS_ENV]
ldap_options = params.merge({:encryption => :simple_tls})
ldap = Net::LDAP.new(ldap_options)
ldap.host = ldap_config["host"]
ldap.port = ldap_config["port"]
ldap.base = ldap_config["base"]
ldap.auth ldap_config["admin_user"], ldap_config["admin_password"] if params[:admin]
return ldap
end
end
There's an effort to make a plugin for ldap for authlogic, but I haven't seen any progress in a while.
The difficult thing I've found (and asked about) is testing. I basically had to set up production, development, and test instances of my LDAP server for testing.