devise - User authentication by both ldap and database

Question

We are planing to build a Rails application which utilizes both LDAP and database authentication ways.

we plan to take devise and devise_ldap_authenticatable to accomplish that.

The authlogic maybe like this, internal use complete the authentication by LDAP, however, external user have to sign up for the first time, and then app could take the database authentication.

I search by google, Devise and devise_ldap_authenticatable can't work in combined way, anybody here has similar usage, or some other way to achieve that?

thanks in advance.

Answer 1

我在这里找到了一些有价值的链接，但是，我们必须使用不同的模型。

https://groups.google.com/forum/#!topic/plataformatec-devise/-Fnr3LWXxBg

Answer 2

我通过以下方式实现了双重身份验证。

 session_controller.rb

def create

 if (params[:log]=="local")   
           self.resource = warden.authenticate!(:database_authenticatable)

              sign_in(resource_name, resource)
                      yield resource if block_given?
                          respond_with resource, location: after_sign_in_path_for(resource)


                 else

                       
                                   self.resource = warden.authenticate!(:ldap_authenticatable)

                              sign_in(resource_name, resource)
                      yield resource if block_given?
                          respond_with resource, location: after_sign_in_path_for(resource)
                       end

  end

用户.rb

  class User < ActiveRecord::Base
      
      devise :ldap_authenticatable, 
:database_authenticatable,:registerable,
            :recoverable, :rememberable, :trackable, :validatable
       

 

**and view devise/sessions/new.html.erb**


<%= form_for(:user, :url => session_path(:user)) do |f| %>
  <div class="form-inputs">
 <%= f.text_field :username ,:placeholder => "Login id"  %><br> <br>
  <%= f.password_field :password,:placeholder => "Password"  %>




   <label for="check_box_type">Login Server </label><%= select_tag :log, options_for_select([ [" Domain Server","domain"],["Local Server", "local"]])%>


  <%= f.submit 'Sign in' %>

这里根据用户输入（登录服务器：本地/域）将登录。

Answer 3

对 SessionsController 稍作修改。这首先检查用户是否存在于本地数据库中。如果没有，它会尝试 LDAP。所有这些都无需用户在登录时指定哪种帐户类型。请注意，我的本地数据库有一个已退役和 bypass_ldap 标志。如果 bypass_ldap 为假，他们必须通过 LDAP 进行身份验证。

  def create                                                                                                                                                       
    # If the user has a valid ldap_bypass account                               
    possible_user = User.where(username: params["user"]["username"], bypass_ldap: true, retired: false).first                                  
    if !possible_user.nil? && possible_user.valid_password?(params["user"]["password"])
      self.resource = warden.authenticate!(:database_authenticatable)           
      set_flash_message!(:notice, :signed_in)                                   
      sign_in(resource_name, resource)                                          
      yield resource if block_given?                                            
      respond_with resource, location: after_sign_in_path_for(resource)         
    else                                                                        
      super                                                                     
    end                                                                         
    set_login_token                                                             
  end