...
The minimal requirement to make this work is the definition constants Avalon::GROUP_LDAP and Avalon::GROUP_LDAP_TREE in an initializer file. For example:
Code Block | ||||
---|---|---|---|---|
| ||||
require 'net/ldap' module Avalon GROUP_LDAP = Net::LDAP.new GROUP_LDAP.host = 'ads.example.edu' GROUP_LDAP.authenticate 'cn=user,ou=Accounts,dc=ads,dc=example,dc=edu', 'password' GROUP_LDAP_TREE = 'dc=ads,dc=example,dc=edu' end |
When configured this way, every time a user logs into Avalon, LDAP is queried to determine the groups to which they belong. If the LDAP repository has a nested group structure, that structure will be searched recursively to determine all groups and sub-groups of which the user is a member.
...
Note |
---|
This works well with most ADS implementations of LDAP, but further configuration and some code overrides will be required for other LDAP implementations. In particular, LDAP-related methods in app/models/user.rb and app/models/external_group.rb may need to be overridden. |