On Dec 4, 2009, at 4:56 PM, Brian Corbin wrote: > I'm working on getting LDAP authentication into the hobo user model. > I'll create a recipe in the cookbook for it once I get it all > working. > > I'm using the "simple_ldap_authenticator" gem. > > I added the LDAP configuration settings to the top of environment.rb: >
Don't do this. Please don't do this. I spent a lot of time making config.gem work in 2.2 and 2.3 so you *didn't* have to do this. :) Ideally, you'll pull the gem in via "config.gem 'simple_ldap_authenticator'" (in the initializer block). Note that simple_ldap_authenticator already handles the "require 'ldap'" part. > SimpleLdapAuthenticator.servers = [<my domain controllers>] > SimpleLdapAuthenticator.use_ssl = false # so far I can't get SSL > to work yet > SimpleLdapAuthenticator.port = 389 > SimpleLdapAuthenticator.login_format = '%[email protected]' This should definitely go in an initializer. Note that the port doesn't need to be explicitly set if it's the standard (389 for non- SSL, 636 for SSL). > I was thinking I would override the .authenticate method of the user > model, but doing a def authenticate inside models/user.rb doesn't seem > to override the authenticate method that's defined in /usr/lib/ruby/ > gems/1.8/gems/hobo-0.9.102/lib/hobo/user.rb. So for now I have to do > my experimentation inside /usr/lib/ruby/gems/1.8/gems/hobo-0.9.102/ > lib/ > hobo/user.rb. authenticate is a class method on User; you may have been thinking of the instance method "authenticated?(password)" which does the actual check on a User object. To override authenticate, you'll need to declare it as a class method: def self.authenticate(login, password) ... end > The authenticate method should check if the login/password combination > is valid using SimpleLdapAuthenticator.valid?(login, password). If > it's valid, then find the user in the database and use it. If the > user does not exist in the database, create the user record. > > Something like this: > def authenticate(login, password) > if SimpleLdapAuthenticator.valid?(login, password) > u = find(:first, :conditions => ["#...@login_attribute} = ?", > login]) > # need to get the salt (actually, no I don't care about salt anymore, > I just want the record :) > if u.nil? > u = User.new # Doesn't work > u.email_address = login + "@domain.com" > end > u > end > > User.new works in script/console, but not in this authenticate > method. It's a Hobo::User, not a User here, and Hobo::User doesn't > have a new method.. Maybe I need @user_models.new or something? > This is getting confused because you're inside the Hobo module here, so a bare constant starts looking for its definition there. ::User would be the way to refer to a toplevel user class. > So my questions for the gurus: > > 0. Is this even the correct approach? Looks reasonable, with the above changes. Although getting LDAP over SSL working with Active Directory looks painful, even by LDAP standards: http://adldap.sourceforge.net/wiki/doku.php?id=ldap_over_ssl > 1. How can I override/redefine the authenticate method of the user > model? See above... > 2. How do I create a new user record in the database from the > authenticate method? I think things will be more straightforward once you're actually in the right module. Hope this helps! --Matt Jones -- You received this message because you are subscribed to the Google Groups "Hobo Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/hobousers?hl=en.
