← Back to Upcase

LDAP authentication with Devise


(João Daniel) #1

Hello everyone,

I’m working on an application which clients are organizations; each organization has many employees, the users of the application. Not all the employees are users of the application, so each organization has a manager that sign up the employees that will be users.

One of our clients is asking us to use their LDAP authentication system, so that users don’t have to learn a new login and password.

Currently, authentication is done using Devise. I’ve found an article in their wiki (https://github.com/plataformatec/devise/wiki/How-To:-Authenticate-via-LDAP) that explains how to add a new Warden strategy to deal with LDAP.

I’ve done a small modification so that if a user is authenticated by LDAP but not registered in the application, it will not create a new account for him, but show an invalid login message: https://gist.github.com/jdanielnd/a0e6a73f3f5f9b3462a6.

However this is the behavior I need: the organization model will have a flag for LDAP authentication and a LdapSettings object with the LDAP settings data.

  • If the user email belongs to a user in an organization that uses LDAP authentication, it will grap the LDAP settings from that organization and try to authenticate the user.

  • If the user email doesn’t not belong to user in an organization that uses LDAP authentication, it tries to authenticate him against the database as usual.

I don’t know much about Devise. Is it possible? Does anyone have any idea how can I achieve this?

Thanks!


(João Daniel) #2

I think I’m looking for a filter before choosing the Warden strategy. If the users organization use LDAP, the authentication will follow the LDAP strategy with his organization settings. If the users organization don’t use LDAP, the default strategy should be used. But since I’m not familiar to Warden or Devise internals, I’m not sure how to do this.


(João Daniel) #3

Based on code written by Dolph Mullen I was able to get to the following code: https://gist.github.com/jdanielnd/d7cc71ada585057df9f3

Where I also deal with the case of an empty organization and also passes Warden env variables to the next strategy according to conditions…