Ruby on Rails + Active Directory = Brick Wall
23 September 2011 
6 Comments
I’ve been developing a new employee portal application for my employer, Ener-Tel. The project started out as a new sales estimate tool, and then evolved into a concept of an all-in-one web portal which will host various tools for all employees, not just salesmen.
At Ener-Tel, we use Active Directory, so it’s important for this application to use it for authentication so the employees don’t have to try to remember yet another username and password (also, I may eventually implement NTLM authentication to enable single-sign-on, but I’m not worried about that just yet). However, even though Rails is gaining momentum in the world of web applications, it appears that integration with Active Directory isn’t very popular due to the lack of working gems (wow, listen to me bash the community for not writing code for me). This leaves me with writing my own implementation using Net::LDAP, and as a Rails n00b, this is proving to be quite a challenge.
It appears the most popular authentication gem for Rails is Devise, which appears easy to implement and can support all kinds of authentication methods. However, it doesn’t support Active Directory (or even LDAP for that matter), but there are extensions to help with that.
Adam Kerr created an extension for Device to allow authentication against Active Directory (herein referred to as “the “AD extension”), which also depends on his Active Directory gem (and thus, depends on the Net::LDAP gem). Getting Devise added to my project was easy enough, but getting the AD extension working was a nightmare, and I eventually gave up.
The AD extension has only a miniscule amount of documentation, all of which is in the README file. But it should be easy enough to use, right? Maybe it’s my Rails version, or some other problem, but I spent a day debugging the gem and not my own code. I constantly ran into nil objects that would cause the gem to bork. I emailed Adam with some questions, and he was helpful, but I soon felt after the third email that I might just be a bother and that perhaps I wasn’t smart enough to make it work, so I let it go.
Then, I figured, “Hey, how about I just use his Active Directory gem by itself, without devise and all that stuff?” Again, no documentation lead to hacking around, and I determined that again, I’m just not smart enough to make it work. But what I can get working is what I had all along before trying Devise, so I decided to just go back to using Net::LDAP directly and writing my own functions.
Bummer. I really like finding and using community-contributed gems because it enables powerful functions in my application while keeping my own code clean. Oh well, it was a nice shot, I guess. Perhaps someday when I have time to grow up into a real Ruby programmer, I might be able to make it work.
Author Info
Hi Matthew,
I have exactly the same experience with RoR and AD. I have tried devise, etc and just couldn’t get my small app to work or at least get it authenticate users. Then I found Adauth which is easy enough to install and configure. I finally got my small app to authenticate users although I am still looking for a couple more features (list users and reset passwords) which Adauth unfortunately seems to lack.
I might also end up using Net::LDAP but being very new to RoR, I’m not sure how to proceed.
- Rick
Thanks for sharing the link to Adauth — it looks like what I was looking for. But, as you mentioned, it seems to be primarily for authentication with the ability to read attributes as a bonus (at first glance, anyway).
As a relatively green RoR developer myself, the best I could do was create a file in the
/libfolder with class methods (it works perfectly for me, but I’m not comfortable enough with it to share publicly). However, Adauth might be a good start to forking our own AD interfaceThanks for stopping by and sharing, Rick!
if either of you guys could provide any insight into how i can get adauth working would be greatly appreciated
whenever i try to login against an ad through sessions/new.html.erb it returns that theres a syntax error sessions_controller.rb
any ideas?
It’s pretty much impossible to help without you sharing any pertinent details (like what the error is, code samples, etc). However, it sounds like the answer to your problem is right in front of you: the error message is telling you where to look, and I’m pretty sure it also told you the line number in which the error occurred.
If you ware still having issues feel free to open an issue on the git repo here: https://github.com/Arcath/Adauth/issues
Password management etc… is something I intend to look into in the future. I’m kinda limited to what my company needs me to do and expanding the features of gem in a direction we wont use a lot isn’t something I can get time for at the moment.