Provides a Devise strategy for authenticating against WolfTech LDAP.
- Add the gem to your Gemfile:
gem 'devise_wolftech_authenticatable', git: "git@github.ncsu.edu:ncsu-libraries/devise_wolftech_authenticatable.git", branch: 'master'
- Copy /config/initializers/wolftech.rb to config/initializers in your project. This file contains username and password for connecting to Wolftech and must not be included in a public repository. It may be preferable to assign these values to
ENV
variables, which could be set either on the server or elsewhere in your project. In this case the initializer file might look something like:
WOLFTECH_CONFIG = { 'username' => ENV['wolftech\_username'], 'password' => ENV['wolftech\_password'] }
This version would be safe to include in a public repo as it does not contain sensitive information.
In your user model (User by default) include :wolftech_authenticatable
at the beginning of your devise models:
devise :wolftech_authenticatable, :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable,
:confirmable
Now users who have email addresses that end with "@ncsu.edu" should be able to use their unity password. With the above configuration it is possible if the email address does not end with "@ncsu.edu" to use the database authentication strategy as a fallback for just those users. The WolfTech strategy requires the database authentication strategy to also be included.
See bin/wolftech-auth
for a simple example of how to use the WolftechAuthenticator outside of Devise. There is an option to show the LDAP user entry that gets sent back when querying for a user. This data seems incomplete, so we may want to add some other utilities to this gem for getting fuller information.
I haven't figured out how to pass LDAP user entry through from Devise into the current user, but it is easy to get LDAP entries from both WolfTech and campus LDAP. The interface here might change but you can currently see examples of how to get user entries in the command line scripts in /bin.
WolfTech entries seem to have better group information, but might not have other information like address and phone.
wolftech = WolftechAuthenticator.new
pp wolftech.get_ldap_user(unityid)
Campus LDAP seems to list fewer groups, but ought to have more information like address and phone.
pp CampusLdap.entry_by_unityid(unityid)
Search the code for TODO and FIXME for a couple known issues that need to be addressed.