rack-auth-ldap

Rack Middleware LDAP authentication

Copyright

Copyright © 2014 Romain GEORGES. See COPYRIGHT for details. Copyright © 2007, 2008, 2009, 2010 Christian Neukirchen <purl.org/net/chneukirchen> for Rack Project

Presentation

Rack::Auth::Ldap is a basic authentication module with LDAP support Rack::Auth::Ldap is heavily based on Rack:Auth::Basic from the Rack main Project by Christian Neukirchen

This is an additional module for Rack to authenticate users against an LDAP server

Usage

Initialize

In you config.ru, simply add :

require 'rubygems'
require 'rack'
gem 'rack-auth-ldap'
require 'rack/auth/ldap'

require File.dirname(__FILE__) + '/your_app'

use Rack::Auth::Ldap
run Sinatra::Application

this configuration activate the Basic Authentication for the entire application

To use custom configuration file:

use RAck::Auth::Ldap, file: '/path/to/my/cconfig.yml'

Configure

Create an ldap.yml configuration file with :

production: &ldap_defaults
  hostname: localhost
  basedn: ou=groups,dc=domain,dc=tld
  rootdn: cn=admin,dc=domain,dc=tld
  passdn: secret
  auth: true
  port: 389
  username_ldap_attribut: uid

test:
  <<: *ldap_defaults

development:
  <<: *ldap_defaults

if you want to deactivate root authentication before user binding :

production: &ldap_defaults
  hostname: localhost
  basedn: ou=groups,dc=domain,dc=tld
  auth: false
  port: 389
  username_ldap_attribut: uid

test:
  <<: *ldap_defaults

development:
  <<: *ldap_defaults

to use ldaps add:

simple_tls: true

to use start tls add:

start_tls: true

if you need to set openssl options add a “tls_options” hash e.g.:

tls_options:
    ca_path: /my/certificate/dir

or

tls_options:
    ca_file: /my/certificate/file

to help debug tls you can add:

debug: true

which will send debugging messages to stdout