SitePoint Sponsor

User Tag List

Results 1 to 10 of 10
  1. #1
    SitePoint Member
    Join Date
    Jun 2012
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Active Directory Authentication

    I was wondering if anyone could help?

    I have been tasked at work to authenticate my "rails 3 app" with our Active Directory(Windows 2003), before accessing certain pages.

    I have decided to use "devise_ldap_authenticatable", but can't seem to get it to work properly.

    I keep getting redirected to the login page with the following error message showing in the logs:

    "Completed 401 Unauthorized in 3ms"

    Do I have to change the devise email field to a user-name in order for it to connect successfully?

    Has anyone got a working config I could can look at?

    My ldap.yml consists of the following:
    development:
    host: myip
    port: 389
    attribute: sAMAccountName
    base: cn=Users,dc="mydomain",dc=uk,dc=com
    admin_user: user
    admin_password: password
    ssl: false

    my devise.rb consists of the following:
    config.ldap_logger = true
    config.ldap_config = "#{Rails.root}/config/ldap.yml"
    config.ldap_use_admin_to_bind = true
    config.ldap_ad_group_check = false
    require 'devise/orm/active_record'
    config.authentication_keys = [ :email ]
    config.case_insensitive_keys = [ :email ]
    config.strip_whitespace_keys = [ :email ]
    config.skip_session_storage = [:http_auth]
    config.stretches = Rails.env.test? ? 1 : 10
    config.reconfirmable = true

    my routes.rb consists of the following:

    resources osts
    devise_for :users
    root :to => 'posts#index'
    match ':controller(/:action(/:id))(.:format)'

    Any help would be much appreciated!

    Iain

  2. #2
    padawan silver trophybronze trophy markbrown4's Avatar
    Join Date
    Jul 2006
    Location
    Victoria, Australia
    Posts
    4,107
    Mentioned
    28 Post(s)
    Tagged
    2 Thread(s)
    Hi Iain,

    Sorry, I don't have experience using AD authentication.
    You won't find that many people doing it because Rails dev's tend to avoid Windows like the plague

    I'd be trying to debug and see what's causing the 401, do some digging.

  3. #3
    SitePoint Member
    Join Date
    Jun 2012
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi Mark.

    I am not a big Windows fan, myself. But, the company I work for have stated that it must authenticate with their AD.

    When I check the logs all I can see is that 401 error and that it's hitting "Active Record."

    It looks to be binding with the AD, but accessing credentials locally. If that makes sense?

    Is there anything I can do to further debug?

    I also found this, but not too sure how to intergrate that with my project...

    https://github.com/Arcath/Adauth

  4. #4
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Are you running under Apache or IIS? You need NTLM or Kerberos.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  5. #5
    SitePoint Member
    Join Date
    Jun 2012
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the response. No I am currently using NGINX with passenger. Will this be an issue or is there a module NGINX will need?

  6. #6
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Looks like someone was working on a Kerberos authication module for NGINX but it hasn't been completed.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  7. #7
    SitePoint Member
    Join Date
    Jun 2012
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Do you know if it really is a requisite to have these modules enabled? Any tutorial related to AD authentication with Rails I have read(and there isn't many) hasn't stated that the web-server requires any specific modules?

  8. #8
    padawan silver trophybronze trophy markbrown4's Avatar
    Join Date
    Jul 2006
    Location
    Victoria, Australia
    Posts
    4,107
    Mentioned
    28 Post(s)
    Tagged
    2 Thread(s)
    Is there anything I can do to further debug?
    The first thing I would do is open the code with "bundle show devise_ldap_authenticatable" and open the directory.

    ruby-debug is the most popular tool for debugging though, you can set breakpoints in your code with the 'debugger' trigger and then step through the code in a console, output variables etc.

    I also found this, but not too sure how to integrate that with my project...
    https://github.com/Arcath/Adauth
    It doesn't have great docs, but it may still work.
    http://adauth.arcath.net/

  9. #9
    SitePoint Member
    Join Date
    Jun 2012
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks Mark. I had a look at the docs. But, I am unsure as to where I place the following:
    "You can now authenticate users against the domain by calling:

    Adauth.authenticate("Username", "Password")"
    Would that be in my controller or view?

    I am relatively new to rails, so, still a bit new to the MVC framework.

    Iain

  10. #10
    padawan silver trophybronze trophy markbrown4's Avatar
    Join Date
    Jul 2006
    Location
    Victoria, Australia
    Posts
    4,107
    Mentioned
    28 Post(s)
    Tagged
    2 Thread(s)
    That type of site wide authentication could go in a before_filter in ApplicationController

    http://guides.rubyonrails.org/action...w.html#filters


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •