I want to use active admin for my app but i want to auth users by ldap server without needing to create database for users. Is this even possible?
Now my app use basic http auth which i dont like a lot
I'm looking for solution that will help me to auth user for actve admin only by piece of code like this:
ldap = Net::LDAP.new :host => 'ip'
ldap.auth "uid=#{name.split('#').first},ou=Users,dc=huzar,dc=pl",password
ldap.bind
Related
I have a rails api that I am using devise for the login routine. I hooked ember into that via ember simple auth. Got it up and running using a typical devise email and password. I typically configure devise though to use LDAP authentication which works great. The issue I am having is that I use a username for my LDAP login, not an email address. I usually change devise to look for a username and not an email address which I have done.
I am now getting a 401 unauthorized and looking at the params it looks like I am still sending an email across.
Can you change ember simple auth to send a username and not email? If so how do you do that?
You have to extend the devise authorizer and set the identificationAttributeName to username
// app/authorizers/devise.js
import DeviseAuthorizer from 'ember-simple-auth/authorizers/devise';
export default DeviseAuthorizer.extend({
identificationAttributeName: 'username'
});
Source: ember-simple-auth
I am trying to configure Grafana for my organization. I was able to configure LDAP and MySQL database pretty easily but when I try to invite a new user to an org in Grafana, it always asks the user to join Grafana.
This would be an OK behavior if at that point Grafana would authenticate against LDAP. Instead, it creates a new user in its own database. This would lead to conflict with LDAP in case the user's AD passwords changes.
This works perfectly when a user had previously logged in to Grafana. An invite sent after would directly take the user to login page.
Is it possible to do the same in case the user is not already registered in Grafana? I really want to avoid saving user credentials in Grafana database.
Any help would be appreciated. Thanks.
I am not a Grafana expert, but looking through the source code on GitHub it certainly seems that new user registration will not go through LDAP. This is obvious in the LDAP related configuration file where you see the read-only credentials needed to look up users in the LDAP directory. A read-only administrator in LDAP will not be able to create new users as this would be necessary during a registration step. The code also indicates that registration creates temporary users in the internal store.
I'd like to make authentication for admin and user using the laravel 5.2 auth api, I've a users table in which I've define ENUM type role field for user and admin so I need to use only table but different views and routes for admin and user login.
I've successfully create a user auth by using following command.
php artisan make:auth
but I can't understand how to implement auth for admin.
before you answer keep in mind there is only one users table which have role field and different views for admin and user login. After successfully login user will redirect to home page and admin should redirect to admin/dashboard.
Thanks
You Can use https://github.com/romanbican/roles package ...
if ($user->is('admin')) { // you can pass an id or slug
// or alternatively $user->hasRole('admin')
}
I have the following scenario:
Rails app with User and Admin devise models, so I have two scopes.
Created on ember app on router:
Router.map(function() {
this.route('panel', function() {
this.route('login');
this.route('logout');
});
this.route('admin', function() {
this.route('login');
this.route('logout');
});
});
I'm using jj-abrams branch once my app is Ember 2.0
Both authenticating on /users/sign_in and /admins/sign_in
I followed steps on https://github.com/simplabs/ember-simple-auth/tree/master/packages/ember-simple-auth-devise#server-side-setup and authentication is working.
Ember is hitting the right urls after creating authenticators and adapters, but the problem is that ESA just have one session service. Once user or admin is logged in session.isAuthenticated is true and I don't know which scopes are logged in.
Which is the best way to proceed:
Add a role on user reply and set on session
Create a new session for admin user
I solved this problema creating 3 authenticators for each scope, and I handle each one.
It is a particular solution once I don't use other authenticators (OAuth2), but now I can check if authenticator:user, authenticator:admin, authenticator:manager was used on to login.
I have created checks on routes, so user can only access his panel, admin can access user and admin panel, and manager can access the whole system.
I've posted the ember and the API on github:
https://github.com/fernandes/ember-auth-web for the ember
https://github.com/fernandes/ember-auth-api for the devise api
ps: I think would be better to create sessions for each scope, but I don't know how to do it (and if its better or not), in this solution you can login one scope at once (not like devise on rails you can log with many scopes at once).
Ok I'm not sure how to approach or explain this but I'll give it a try.
I'm developing a rails app on my mac using Devise for auth.
I would like to do the following:
When a user joins the site, the app creates an ftp user account with the same login credentials (email/password) they used to sign up. That way they can upload files via ftp using the root url of the site and their login credentials.
When the user updates their login credentials, their ftp user account needs to be updated with the same credentials.
Does paperclipftp or carrierwaveftp handle this? What would be the best way to accomplish this.
Thanks
Rather than setting up individual FTP accounts for each one of your site's users, this post walks through writing a controller action that handles the FTP authentication response instead, using your Rails users' credentials. It uses pure-ftpd and a custom authentication module to send an HTTP request with the credentials to your Rails app, which will then verify them by whatever means you'd like, and return the appropriate FTP response to the client.
I haven't tried it out, but I'm working on the same issue and this approach makes sense to me.