2012/3/6 Craig White <[email protected]>: > > On Mar 6, 2012, at 12:54 PM, Marcin S wrote: > >> Hello everyone, >> >> I need to create a rails app where authentication and permissions for >> certain application actions will be provided by LDAP server. There is >> a problem with LDAP connection management, as every user login will >> spawn new connection object instance it may dangerously increase >> application memory usage (tbh i dont know what will happen, nothing >> good for sure) - LDAP server can close connection remotly after some >> idle time, but some connection resources will remain in memory non the >> less. >> I've made some google research what may be best course of action to >> manage this issue and i think creating connection pool sounds good. >> I've commited few average sized rails projects but nothing i've >> experienced so far is giving me any clues how to implement this >> solution. >> >> I'll be happy to hear how You would do it. > ---- > No - only 1 connection to LDAP server using a special account for the purpose > with sufficient privileges for the task. > > It's easy enough to create 'local' users who authenticate via LDAP and then > you can manage their privileges/permissions via Rights/Roles if you want. > > simple ruby app using net-ldap > > #!/usr/local/bin/ruby > # > require 'rubygems' > require 'net/ldap' > > $person = "cwhite" > $passwd = "won't_work" > > ldap = Net::LDAP.new :encryption => :simple_tls, > :host => 'ldap.server', > :port => 636, # use 389 for non-ssl > :auth => { > :method => :simple, > :username => "uid=" + $person + ", ou=people, dc=example, dc=com", > :password => $passwd > } > > if ldap.bind > p "LDAP authentication succeeded" > else > p "LDAP authentication failed" > end > > Should give you enough of a concept for implementing in Rails > > Craig >
Yeah i have login covered already, in simmilar way, but what with application permissions? I can read it at login time, save it somewhere and never user LDAP again until next login - but when i give that user a cookie, and then authenticate him with it any permissions changes on ldap wont have any effect (untile next login) How would You solve that? Marcin -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
