Skip to content

edjames/el_dap

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

41 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

El Dap

A simple search and authentication tool for Active Directory using LDAP.

Why make this?

The need for this gem arose out of a business requirement for all user authentication to be done against Active Directory. Our users were tired of having to remember multiple usernames and passwords, and asked if they could simply use their network credentials to log into our applications. This gem passes off their username and password to an Active Directory / LDAP server for authentication.

Additionally, users are also able to search the Active Directory.

Installation

Just add this to your gem file:

gem 'el_dap'

Ruby Version Dependencies

ElDap will work out of the box with Ruby 1.9.

If you are using Ruby 1.8, you will need to manually install the SystemTimer gem so that timeout exceptions are handled correctly. You will not be able to install ElDap on Ruby 1.8 unless you have this gem.

gem install SystemTimer

Features

  • Easily perform authentication against an Active Directory / LDAP server

  • Search an Active Directory based on wildcard search criteria

  • Use multiple servers to protect against timeouts

Usage

Configuration

To perform any ElDap operation you will need to provide at least two configuration values:

  • server_ips: an array of server IP addresses

  • treebase: a comma-separated list of domain components

For search operations you will also need to provide the following configuration settings:

  • username: the username of the account that will perform the search (typically this would be a service account)

  • password: the password of the account that will perform the search

You also have the option of providing a timeout value:

  • timeout: timeout in seconds for ElDap operations (default is 15 seconds)

Examples

Assuming we have an Active Directory called ad.domain.com which can also be referred to simply as ad, the following examples are valid:

Authenticate a user

ElDap.configure do |c|
  c.server_ips = ['127.0.0.1']
  c.treebase = 'dc=ad,dc=domain,dc=com'
end

ElDap.validate("ad\\ed.james", 'password') # will return true if username and password are valid
ElDap.validate("[email protected]", 'password') # will return true if username and password are valid

Search the directory

ElDap.configure do |c|
  c.username = '[email protected]'
  c.password = 'password'
  c.server_ips = ['127.0.0.1']
  c.treebase = 'dc=ad,dc=domain,dc=com'
end

ElDap.search('some guy') # will return an array of OpenStruct objects for each matching search result.

Contributing to El Dap

My understanding of LDAP is limited. This gem has only been tested on a Linux server which queries Active Directory. The gem is in production, but I’m not sure how well it will perform in another kind of LDAP-enabled architecture. Any comments or assistance would be greatly appreciated.

If you want to contribute:

  • Check out the latest master to make sure the feature hasn’t been implemented or the bug hasn’t been fixed yet

  • Check out the issue tracker to make sure someone already hasn’t requested it and/or contributed it

  • Fork the project

  • Start a feature/bugfix branch

  • Commit and push until you are happy with your contribution

  • Make sure to add tests for it. This is important so I don’t break it in a future version unintentionally.

  • Please try not to mess with the Rakefile, version, or history.

Copyright © 2011 Ed James. See LICENSE for details.

About

Simple LDAP wrapper for search and authentication

Resources

License

Stars

Watchers

Forks

Packages

No packages published