Created

Embed URL

HTTPS clone URL

SSH clone URL

You can clone with HTTPS or SSH.

Download Gist

Authenticates a Ruby on Rails User model via LDAP and saves their LDAP photo if they have one

View ldap.yml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
# config/ldap.yml
# LDAP server configuration settings
# Host is a Windows Domain Controller
 
development:
host: examplehost
port: 389
default_domain: EXAMPLEDOMAIN
base: examplebase # OU=US-Tampa Bay,OU=North America,OU=Accounts,DC=ourdomain,DC=org
 
test:
host: examplehost
port: 389
default_domain: EXAMPLEDOMAIN
base: examplebase # OU=US-Tampa Bay,OU=North America,OU=Accounts,DC=ourdomain,DC=org
 
production:
host: examplehost
port: 389
default_domain: EXAMPLEDOMAIN
base: examplebase # OU=US-Tampa Bay,OU=North America,OU=Accounts,DC=ourdomain,DC=org
View ldap.yml
1 2
# config/initializers/load_ldap_config.rb
LDAP_CONFIG = YAML.load_file("#{Rails.root}/config/ldap.yml")[Rails.env]
View ldap.yml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36
# app/models/user.rb
require 'net/ldap'
 
class User < ActiveRecord::Base
 
# Authenticates the User via LDAP and saves their LDAP photo if they have one
def authenticate_ldap(domain, password)
raise ArgumentError, 'domain is nil' if domain.nil? or domain.blank?
raise ArgumentError, 'password is nil' if password.nil? or password.blank?
 
ldap = Net::LDAP.new
ldap.host = LDAP_CONFIG['host']
ldap.port = LDAP_CONFIG['port']
ldap.auth "#{domain}\\#{login}", password
bound = ldap.bind
 
if bound
photo_path = "#{Rails.public_path}/images/avatars/#{id}.jpg"
unless File.exists?(photo_path)
base = LDAP_CONFIG['base']
filter = Net::LDAP::Filter.eq('sAMAccountName', login)
ldap.search(:base => base, :filter => filter, :return_result => true) do |entry|
[:thumbnailphoto, :jpegphoto, :photo].each do |photo_key|
if entry.attribute_names.include?(photo_key)
@ldap_photo = entry[photo_key][0]
File.open(photo_path, 'wb') { |f| f.write(@ldap_photo) }
break
end
end
end
end
end
bound
end
 
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.