Why I created a new gem called devise_ldap_uac

24 Jan 2014

I recently have been updating my works login application, which happens to utilize the deviseldapauthenticatable gem. BTW that's a really hard name to spell.

Problem

The problem I ran into was while using the aforementioned gem?

I needed a way to figure out whether the User's account is disabled.

Solution

Looking at the Microsoft docs didn't really get me anywhere. Eventually I did find a few articles metioning this attribute, userAccountControl. But this technet blog from heyscriptingguy seemed to have the juiciest info.

From the article:

The problem we have here is that account status (enabled or disabled) is part of the userAccountControl attribute. This happens to be an example of a bitmask attribute: a single attribute that actually houses numerous property values.

That's interesting! I remember bitmasks from Ryan Bates' Railscast #189 on Embedded Associations.

In the past, I've used bitmasks to manage my User models needs for simple authentications, e.g. admin, user, guest roles. However the heyscriptingguy article was for scripting a Powershell method. I wanted to do this in ruby, specifically within a Ruby on Rails app that uses the Devise gem combined with the Devise LDAP Authenticatable gem.

So it was time for some of Bit banging in ruby. To do this though... I needed to know what the Array of flags actually was and of couse their order! Luckily I was able to figure out with a Microsoft Knowledge base Article on UAC Bitmask flags.

Once I had that, I felt resonably sure I could write a method that would get me this information. So I started a github project for the source code to my new gem. As a result, we I created the ruby gem DeviseLdapUAC gem! :)

If this really niché use has your interest, feel free to fork, sumit and feature request to your hearts content.

I'm still debating if this is best as a MixIn, which is what it currently is, or if it should be a class you call. Future versions might change to that version to ease the dependencies. We shall see.

Dave

David Southard

a ruby guy

Contact Info: