Wednesday, March 05, 2008

How to set up to access LDAP from Ruby on Rails

Note: This is for Mac OS X 10.5 Leopard. For other system, change the directory path appropriately.

1. Install OpenLDAP.

1-1. Install Berkeley DB.
(OpenLDAP requires this.)

1-1-1. Download the source. db-4.5.20.tar.gz
(OpenLDAP only works with the version up to 4.5.
Don't download 4.6.)
("Berkeley DB 4.5.20.tar.gz, with AES encryption(8.9M)"
in
http://www.oracle.com/technology/software
/products/berkeley-db/db/index.html)

1-1-2. Unpack the tar.gz file. And build it.
$ cd build_unix
$ ../dist/make

1-1-3. Install it.
$ sudo make install

1-2. Install OpenLDAP

1-2-1. Set the environment variables.
(See the message with "configure --help")
$ export CPPFLAGS="-I/usr/local/include"
$ export LDFLAGS="-L/usr/local/lib"
$ export LDFLAGS="-L/usr/local/BerkeleyDB.4.5/lib/"
$ export CPPFLAGS="-I/usr/local/BerkeleyDB.4.5/include/"

1-2-2. Build it.
$ make depend
$ sudo make
(make has to be executed as root
otherwise a permission error occurs.)

1-2-3. Install it.
$ sudo make install

1-2-4. See doc/guide/admin/guide.html for how to use it.
Especially, "2. A Quick-Start Guide".

e.g How to start it.
$ su root -c /usr/local/libexec/slapd

2. Install ruby-activeldap Rails Plugin.
(http://code.google.com/p/ruby-activeldap/)
$ script/plugin install \
http://ruby-activeldap.googlecode.com \
/svn/trunk/rails/plugin/active_ldap

3. Install activeldap Ruby Gem.
(ruby-activeldap Rails Plugin only generates
scaffold model to access this gem.)

$ sudo gem install activeldap

4. Install Ruby/LDAP.
(activeldap is a wrapper for this.)

4-1. Download the source. ruby-ldap-0.9.7.tar.gz
(http://sourceforge.net/projects/ruby-ldap/)

4-2. Unpack the tar.gz file. And build it.
(See README file under the unpacked directory.)
$ ruby extconf.rb --with-openldap2
$ make

4-3. Install it.
$ sudo make install
(It's installed under /Library/Ruby/Site/1.8)

2 comments:

Harry said...

thanks for this guide very useful. I'm not that fast with unix command line installs but I did get it done. There are some holes with these instructions and I offer my experience at trying to fill them:
a. in 1-1 put the db 4.5.20 folder where you can get to it without sudo permission.
b. in 1-1-2 should read
$ cd build_unix
$ ../dist/configure
$ make
1-2 should have a line like download OpenLDAP from www.openldap.org version 2.3.x is stable
$ cd openldap-Version number
$ ./configure --help
to include the flags as indicated use a one liner
$ ./configure CPPFLAGS="..." LDFLAGS="..." LDFLAGS="..." CPPFLAGS="..."
where the ... is filled with the paths

In 1-2-4 after reading it thoroughly edit the slapd.conf file in /usr/local/etc/openldap/
and add the following included schemas:
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/samba.schema
include /usr/local/etc/openldap/schema/collective.schema
include /usr/local/etc/openldap/schema/adjustapple.schema
include /usr/local/etc/openldap/schema/apple.schema

where adjustapple.schema contains
#
# Authentication authority attribute 1.3.6.1.4.1.63.1000.1.1.2.16.1
#
attributetype (
1.3.6.1.4.1.63.1000.1.1.2.16.1
NAME 'authAuthority'
DESC 'password server authentication authority'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

# Alternative to using homeDirectory from RFC 2307.
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.1.100
NAME 'apple-user-homeDirectory'
DESC 'The absolute path to the home directory'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )

#From Jeff McCune (OSU) - who included the following definition to prevent getting:
#ldap_add: Invalid syntax (21) additional info: objectclass: value #0 invalid per syntax
#
# Container structural object class.
#
objectclass (
1.2.840.113556.1.3.23
NAME 'container'
SUP top
STRUCTURAL
MUST ( cn ) )

even though slaptest gave me some warnings about the bdb, I started slapd with
su root -c /usr/local/libexec/slapd
and shut it down with
sudo kill -INT `cat /usr/local/var/run/slapd.pid`

When I was all done my Addressbook LDAP interface gave me the same results as Open Directory on my Leopard server.

Now to hook up the rails part!
Harry

Tadatoshi said...

Thank you for your comment, Harry.

Tadatoshi