...
The minimal requirement to make this work is the definition constants Avalon::GROUP_LDAP and Avalon::GROUP_LDAP_TREE in an initializer file. For example:
| Code Block | ||||
|---|---|---|---|---|
| ||||
require 'net/ldap' module Avalon GROUP_LDAP = Net::LDAP.new GROUP_LDAP.host = 'ads.example.edu' GROUP_LDAP.authenticate 'cn=user,ou=Accounts,dc=ads,dc=example,dc=edu', 'password' GROUP_LDAP_TREE = 'dc=ads,dc=example,dc=edu' end |
When configured this way, every time a user logs into Avalon, LDAP is queried to determine the groups to which they belong. If the LDAP repository has a nested group structure, that structure will be searched recursively to determine all groups and sub-groups of which the user is a member.
...