I'm taking on a re-write project for a ticketing system solution and my
company uses ASP.net with IIS. I want to build the new ticketing system
with Rails as I believe it to be a much cleaner long term solution, and
add to that I don't care for ASP and how it handles sessions.
I've searched long and hard and a lot of posts and information out there
are pretty out dated in terms of NTLM or (integrated windows
authentication) as it's now called working with Rails.
I will not be using IIS thankfully and would rather go an Apache route
with a mod to handle initial authentication through windows active
directory. We use IE8 and it should pass through perfectly.
But, I need to know what I'm getting into and would like to look over as
many resources as possible before I fully commit to this project. So,
with that said, what resources am I going to need to work on this?
I'm fully familiar with Ruby 1.8.7, 1.9.1, and 1.9.2 and Rails version
2.x and 3.x, including rails 3.1. I normally use apache + passenger +
rails when going to production on a linux server.
How would you approach this and what pieces would you opt for, given
this scenario? And, any updated links on where to go with this?
As "radhames brito" pointed out, you can use a plug-in for LDAP
authentication with Devise (a popular authentication system) to
facilitate authentication with ActiveDirectory. I had to build a few
systems like this a couple years ago, and at the time all I had
available was a simple LDAP gem to facilitate communication.
From an overview perspective, it's pretty simple. Your web
application can accept username/password parameters, then ask your AD
server to authenticate that user via a standard LDAP connection using
a gem like "ruby-net-ldap". The server responds, and your application
can act accordingly.
Implementation-wise, AD is Microsoft's LDAP system; you can interface
with it pretty-much just like any other LDAP server, though I believe
it has some unique qualities that make it a little bit "special". One
tool I found absolutely invaluable when doing this before was Apache's
LDAP tool, "Apache Directory Studio" - http://directory.apache.org/.
It can form a connection to your AD server and let you discover all
the "hidden" properties of tree nodes that Microsoft's built-in AD
browser won't tell you. You may need that when figuring out which
tree to use when authenticating users (depending on how your LDAP
setup works) or other potentially valuable items stored therein.
Unfortunately, I can't comment on how Devise does LDAP authentication
as I haven't used it before (I don't think it existed at the time I
had to build the equivalent a few years back). I'd recommend trying
to use it first, and if you can't quite get that working, you can go
"deep dive" and brew your own. Generally speaking though, using a
standardized and properly maintained authentication system like Devise
is a better way to go, so I'd recommend that approach starting out.
I hope this helps you at least get an idea of where to start. Good
luck!
Thanks for the input guys. I didn't realize that devise had ldap
authentication built in. I'll take a look at that and also will look at
Apache Directory Studio.
