Authlogic and LDAP Part 2: Searching Active Directory

In Part 1 we configured authlogic to authenticate your password against Active Directory (AD).

But, you still have to manage users within the application and if we’re authenticating against AD we need some way of searching AD for new users. Here’s how to do it…

Modify your Ldap class so that it looks like this:

require 'ostruct'
require 'net/ldap'

class Ldap
  LDAP_DOMAIN = 'ad'
  LDAP_SERVER_IP = '10.193.168.52'
  LDAP_USERNAME = 'ldap_username'
  LDAP_PASSWORD = 'ldap_password'

  LDAP_TREEBASE = 'dc=ad,dc=your_domain,dc=net'
  LDAP_ATTRS = [
    'cn', 'samaccountname', 'displayname','telephonenumber', 'mail'
  ]
  LDAP_FILTERS = Net::LDAP::Filter.eq("objectcategory", "person")

  def self.valid?(username, password)
    init "#{LDAP_DOMAIN}\\#{username}", password
    @ldap.bind
  end

  def self.search(search_string)
    init LDAP_USERNAME, LDAP_PASSWORD
    results, os = [], nil
    filters = LDAP_FILTERS & 
      Net::LDAP::Filter.eq("cn", "*#{search_string}*")
    @ldap.search(
        :base => LDAP_TREEBASE, 
        :filter => filters, 
        :attributes => LDAP_ATTRS) do |entry|
      os = OpenStruct.new
      entry.each do |attribute, values|
        eval "os.#{attribute.to_s} = '#{values[0]}'"
      end
      results << os
    end
    results
  end

  protected

  def self.init(username, password)
    @ldap = Net::LDAP.new
    @ldap.host = LDAP_SERVER_IP
    @ldap.auth username, password
  end
end

We added a few constants which define the domain, the AD fields we want to return in our search and a filter so that we only return AD objects that are people. Bear in mind that your AD may be configured differently so these fields may need tweaking to fit your own scenario.

In the search method, we execute the search and create a new OpenStruct object for each search result. Then return an array on OpenStruct objects.

My Restful search controller looks like this:

class SearchesController < ApplicationController
  def create
    @searches = Ldap.search(params[:name])
    render :action => 'index'
  end
end

The index and new methods just render views so no need to explicitly define the controller actions.

Finally, my index view, which renders the search results, looks like this (in haml of course!):

- title "Searches"

- if @searches
  %table
    %thead
      %tr
        %th Name
        %th AD Name
        %th Display name
        %th Email
        %th Telephone
    %tbody
      - for search in @searches
        %tr
          %td= h search.name
          %td= h search.samaccountname
          %td= h search.displayname
          %td= h search.mail
          %td= h search.telephonenumber
- else
  No matches found.

%p= link_to "New Search", new_search_path

It’s now very easy for us to make sure we populate all our user fields with valid information from AD.

Hope this helps!

Advertisements

One thought on “Authlogic and LDAP Part 2: Searching Active Directory

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s