public
Last active

Authenticates a Ruby on Rails User model via LDAP and saves their LDAP photo if they have one

  • Download Gist
ldap.yml
YAML
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
# config/ldap.yml
# LDAP server configuration settings
# Host is a Windows Domain Controller
 
development:
host: examplehost
port: 389
default_domain: EXAMPLEDOMAIN
base: examplebase # OU=US-Tampa Bay,OU=North America,OU=Accounts,DC=ourdomain,DC=org
 
test:
host: examplehost
port: 389
default_domain: EXAMPLEDOMAIN
base: examplebase # OU=US-Tampa Bay,OU=North America,OU=Accounts,DC=ourdomain,DC=org
 
production:
host: examplehost
port: 389
default_domain: EXAMPLEDOMAIN
base: examplebase # OU=US-Tampa Bay,OU=North America,OU=Accounts,DC=ourdomain,DC=org
load_ldap_config.rb
Ruby
1 2
# config/initializers/load_ldap_config.rb
LDAP_CONFIG = YAML.load_file("#{Rails.root}/config/ldap.yml")[Rails.env]
user.rb
Ruby
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36
# app/models/user.rb
require 'net/ldap'
 
class User < ActiveRecord::Base
 
# Authenticates the User via LDAP and saves their LDAP photo if they have one
def authenticate_ldap(domain, password)
raise ArgumentError, 'domain is nil' if domain.nil? or domain.blank?
raise ArgumentError, 'password is nil' if password.nil? or password.blank?
 
ldap = Net::LDAP.new
ldap.host = LDAP_CONFIG['host']
ldap.port = LDAP_CONFIG['port']
ldap.auth "#{domain}\\#{login}", password
bound = ldap.bind
 
if bound
photo_path = "#{Rails.public_path}/images/avatars/#{id}.jpg"
unless File.exists?(photo_path)
base = LDAP_CONFIG['base']
filter = Net::LDAP::Filter.eq('sAMAccountName', login)
ldap.search(:base => base, :filter => filter, :return_result => true) do |entry|
[:thumbnailphoto, :jpegphoto, :photo].each do |photo_key|
if entry.attribute_names.include?(photo_key)
@ldap_photo = entry[photo_key][0]
File.open(photo_path, 'wb') { |f| f.write(@ldap_photo) }
break
end
end
end
end
end
bound
end
 
end

Please sign in to comment on this gist.

Something went wrong with that request. Please try again.