1

I'm using Devise with LDAP authentication in a Rails 4 application. The ldap.yml looks like

development:
  host: my.ldap.server
  port: 636
  attribute: sAMAccountName
  base: OU=Accounts,DC=my,DC=ldap,DC=server
  admin_user: CN=ServiceAccount,OU=LDAP,OU=Service Accounts,DC=my,DC=ldap,DC=server
  admin_password: super_secret_password
  ssl: true

production:
  ...

I want to be able to access this programmatically, but I cannot figure out how to do it. I can access by reading directly from the file by doing

ldap_config = YAML.load(ERB.new(File.read(::Devise.ldap_config || "#{Rails.root}/config/ldap.yml")).result)[Rails.env]

However, this is not 100% accurate because if the values in the file had changed without the Rails server being restarted, the "live" values that Rails is actually using would be different.

How can I get to these "live" values? I can't find anything on this.

istrasci
  • 1,331
  • 1
  • 18
  • 40
  • Does ``Devise.ldap_config`` work on your console? And ``User.ldap_config``? Also, I don't see a big problem accessing the `yaml` file directly: if you change that values, you'll need to restart the server in any case! – dgilperez Mar 03 '15 at 22:43
  • @dgilperez: `Devise.ldap_config` gives nil and `User.ldap_config` does not exist. Yeah, it's not that big of a deal, but something about it bugs me. – istrasci Mar 03 '15 at 22:56
  • What about `Devise::LDAP::Connection.new.ldap`? That should let you access `Devise::LDAP::Connection.new.ldap.host`, `Devise::LDAP::Connection.new.ldap.port` and so on. – dgilperez Mar 03 '15 at 23:02

1 Answers1

1

You can access the configuration using this: 

> Devise::LDAP::Connection.new.ldap
=> #<Net::LDAP:0x0000010e9d2da8
 @auth={:method=>:anonymous},
 @base="OU=Accounts,DC=my,DC=ldap,DC=server",
 @encryption={:method=>:simple_tls},
 @force_no_page=false,
 @host="my.ldap.server",
 @open_connection=nil,
 @port=636,
 @verbose=false>

> Devise::LDAP::Connection.new.ldap.host
=> "my.ldap.server"
> Devise::LDAP::Connection.new.ldap.port
=> 636
...
>

Like I said, I don't see much trouble in reading the file directly like you wrote. If you change the ldap.yml, you'll need to restart the server to see the changes in your LDAP configuration anyway! If you prefer, you can set up an initializer like this: 

# config/initializers/ldap.rb
LDAP_CONFIG = YAML.load(ERB.new(File.read("#{Rails.root}/config/ldap.yml")).result)[Rails.env].with_indifferent_access

And then in your code: 

LDAP_CONFIG[:admin_user] #=> "CN=ServiceAccount,OU=LDAP,OU=Service Accounts,DC=my,DC=ldap,DC=server"
LDAP_CONFIG[:admin_password] #=> "super_secret_password"
LDAP_CONFIG[:host] #=> "my.ldap.server"
dgilperez
  • 10,716
  • 8
  • 68
  • 96
  • This work for most of the properties. It is not straightforward for `admin_user` or `admin_password`. `Devise::LDAP::Connection.new.ldap` is of type `Net::LDAP` (as you can see in the output), and browsing the source of [Net::LDAP](https://github.com/ruby-ldap/ruby-net-ldap/blob/master/lib/net/ldap.rb) reveals that it stores the name/password in `@auth` (also as seen above). But since `@auth` is not public, the only way to get to it is with some cleverness (a la [this answer](http://stackoverflow.com/a/2132392/209107) for example). – istrasci Mar 03 '15 at 23:58
  • I see. Too hacky. I'd just use this method for the visible things, and revert to the file for the auth settings. Or just go for a initializer + constant like in my update. – dgilperez Mar 04 '15 at 00:05