Authlogic and LDAP Part 2: Searching Active Directory

In Part 1 we configured authlogic to authenticate your password against Active Directory (AD).

But, you still have to manage users within the application and if we’re authenticating against AD we need some way of searching AD for new users. Here’s how to do it…

Modify your Ldap class so that it looks like this:

require 'ostruct'
require 'net/ldap'

class Ldap
  LDAP_DOMAIN = 'ad'
  LDAP_USERNAME = 'ldap_username'
  LDAP_PASSWORD = 'ldap_password'

  LDAP_TREEBASE = 'dc=ad,dc=your_domain,dc=net'
    'cn', 'samaccountname', 'displayname','telephonenumber', 'mail'
  LDAP_FILTERS = Net::LDAP::Filter.eq("objectcategory", "person")

  def self.valid?(username, password)
    init "#{LDAP_DOMAIN}\\#{username}", password

    results, os = [], nil
    filters = LDAP_FILTERS & 
      Net::LDAP::Filter.eq("cn", "*#{search_string}*")
        :base => LDAP_TREEBASE, 
        :filter => filters, 
        :attributes => LDAP_ATTRS) do |entry|
      os =
      entry.each do |attribute, values|
        eval "os.#{attribute.to_s} = '#{values[0]}'"
      results << os


  def self.init(username, password)
    @ldap = = LDAP_SERVER_IP
    @ldap.auth username, password

We added a few constants which define the domain, the AD fields we want to return in our search and a filter so that we only return AD objects that are people. Bear in mind that your AD may be configured differently so these fields may need tweaking to fit your own scenario.

In the search method, we execute the search and create a new OpenStruct object for each search result. Then return an array on OpenStruct objects.

My Restful search controller looks like this:

class SearchesController < ApplicationController
  def create
    @searches =[:name])
    render :action => 'index'

The index and new methods just render views so no need to explicitly define the controller actions.

Finally, my index view, which renders the search results, looks like this (in haml of course!):

- title "Searches"

- if @searches
        %th Name
        %th AD Name
        %th Display name
        %th Email
        %th Telephone
      - for search in @searches
          %td= h
          %td= h search.samaccountname
          %td= h search.displayname
          %td= h search.mail
          %td= h search.telephonenumber
- else
  No matches found.

%p= link_to "New Search", new_search_path

It’s now very easy for us to make sure we populate all our user fields with valid information from AD.

Hope this helps!


One thought on “Authlogic and LDAP Part 2: Searching Active Directory

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s