I’m working on an application which clients are organizations; each organization has many employees, the users of the application. Not all the employees are users of the application, so each organization has a manager that sign up the employees that will be users.
One of our clients is asking us to use their LDAP authentication system, so that users don’t have to learn a new login and password.
Currently, authentication is done using Devise. I’ve found an article in their wiki (https://github.com/plataformatec/devise/wiki/How-To:-Authenticate-via-LDAP) that explains how to add a new Warden strategy to deal with LDAP.
I’ve done a small modification so that if a user is authenticated by LDAP but not registered in the application, it will not create a new account for him, but show an invalid login message: https://gist.github.com/jdanielnd/a0e6a73f3f5f9b3462a6.
However this is the behavior I need: the organization model will have a flag for LDAP authentication and a LdapSettings object with the LDAP settings data.
If the user email belongs to a user in an organization that uses LDAP authentication, it will grap the LDAP settings from that organization and try to authenticate the user.
If the user email doesn’t not belong to user in an organization that uses LDAP authentication, it tries to authenticate him against the database as usual.
I don’t know much about Devise. Is it possible? Does anyone have any idea how can I achieve this?