Reputation: 173
User authentication by both ldap and database
We are planing to build a Rails application which utilizes both LDAP and database authentication ways.
we plan to take devise and devise_ldap_authenticatable to accomplish that.
The authlogic maybe like this, internal use complete the authentication by LDAP, however, external user have to sign up for the first time, and then app could take the database authentication.
I search by google, Devise and devise_ldap_authenticatable can't work in combined way, anybody here has similar usage, or some other way to achieve that?
thanks in advance.
Upvotes: 4
Views: 2479
Answers (3)
Reputation: 51
A slight modification of the SessionsController. This first checks to see if the user exists in the local DB. If not, it then tries LDAP. All without the user having to specify which account type at login. Note that my local DB has a retired and bypass_ldap flag. If bypass_ldap is false, they have to authenticate via LDAP.
def create
# If the user has a valid ldap_bypass account
possible_user = User.where(username: params["user"]["username"], bypass_ldap: true, retired: false).first
if !possible_user.nil? && possible_user.valid_password?(params["user"]["password"])
self.resource = warden.authenticate!(:database_authenticatable)
set_flash_message!(:notice, :signed_in)
sign_in(resource_name, resource)
yield resource if block_given?
respond_with resource, location: after_sign_in_path_for(resource)
else
super
end
set_login_token
end
Upvotes: 0
Reputation: 1
I have implemented dual authentication in the following way.
session_controller.rb
def create
if (params[:log]=="local")
self.resource = warden.authenticate!(:database_authenticatable)
sign_in(resource_name, resource)
yield resource if block_given?
respond_with resource, location: after_sign_in_path_for(resource)
else
self.resource = warden.authenticate!(:ldap_authenticatable)
sign_in(resource_name, resource)
yield resource if block_given?
respond_with resource, location: after_sign_in_path_for(resource)
end
end
user.rb
class User < ActiveRecord::Base
devise :ldap_authenticatable,
:database_authenticatable,:registerable,
:recoverable, :rememberable, :trackable, :validatable
**and view devise/sessions/new.html.erb**
<%= form_for(:user, :url => session_path(:user)) do |f| %>
<div class="form-inputs">
<%= f.text_field :username ,:placeholder => "Login id" %><br> <br>
<%= f.password_field :password,:placeholder => "Password" %>
<label for="check_box_type">Login Server </label><%= select_tag :log, options_for_select([ [" Domain Server","domain"],["Local Server", "local"]])%>
<%= f.submit 'Sign in' %>
Here according to the user input (login server :local/domain] it will login.
Upvotes: 0
Reputation: 173
I find some valuable link here, however, we have to use different models.
https://groups.google.com/forum/#!topic/plataformatec-devise/-Fnr3LWXxBg
Upvotes: 2
Related Questions
- Devise not authenticating with LDAP
- Rails authentication with LDAP
- Using one sign-in form with two Devise user models and different authentication methods
- Stacking database_authenticatable and ldap_authenticatable with devise
- How To Use LDAP Authentication Information In Rails devise_ldap_authenticatable?
- Correct configuration for devise_ldap_authenticatable
- Ruby on Rails: LDAP user operations
- Devise with LDAP auth problems
- LDAP authentification with Devise, Rails 3.2.12
- Rails authentication with LDAP and local database