search

Letractively / rubycas-server

Automatically exported from code.google.com/p/rubycas-server
GNU Lesser General Public License v2.1
0 stars 0 forks source link

@extra_attributes are not returning arrays of attributes even if LDAP returns an array #69

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
I am a member of many groups according to my ldap server:

W, [2009-03-13T16:31:49.152250 #17391]  WARN -- :
#<Net::LDAP::Entry:0xb737aee4
@myhash={...:groupmembership=>["cn=DWS_X,ou=Groups,o=X",
"cn=network_smb,ou=Groups,o=X", "cn=im_X,ou=Groups,o=X",
"cn=axios_reviewers,ou=Groups,o=X", "cn=fs_public,ou=Groups,o=X",
"cn=dl_X,ou=Groups,o=X", "cn=Domain Users,ou=Groups,o=X", "cn=fs_public -
EUR,ou=Groups,o=X", "cn=dl_X,ou=Groups,o=X"],}

but when I ask for the extra attributes, I only get the first group listed. 

Extra user attributes provided along with ticket
"ST-1236980234rF5318AF88B9C9C3F98":
{"groupmembership"=>"cn=DWS_X,ou=Groups,o=X", "displayName"=>"Paul Voccio",
"manager"=>"cn=X,ou=Users,o=X", "mail"=>"paul.voccio@X",
"securityEquals"=>"cn=fs_public,ou=Groups,o=X"}.

I believe its related to the code in the authenticator/ldap.rb file:
122     def extract_extra_attributes(ldap_entry)
123       @extra_attributes = {}
124       extra_attributes_to_extract.each do |attr|
125         v = !ldap_entry[attr].blank? && ldap_entry[attr].first
126         if v
127           @extra_attributes[attr] = v.to_s
128         end
129       end
130 

I've modified it to return an array to the @extra_attributes if ldap
returns an array. 

127c127,134
<           @extra_attributes[attr] = v.to_s

---
>           if ldap_entry[attr].is_a?(Array)
>             @extra_attributes[attr] = []
>             ldap_entry[attr].each do |a|
>               @extra_attributes[attr].push(a)
>             end
>           else
>             @extra_attributes[attr] = v.to_s
>           end

It looks to be working with the patch.

Ticket "ST-1236981893r873C247EF78132A331" for service "X" belonging to user
"paul.voccio" is VALID.
Extra user attributes provided along with ticket
"ST-1236981893r873C247EF78132A331":
{"groupmembership"=>["cn=DWS_MgdX,ou=Groups,o=X",
"cn=network_smb,ou=Groups,o=X", "cn=im_X,ou=Groups,o=X",
"cn=axios_reviewers,ou=Groups,o=X", "cn=fs_public,ou=Groups,o=X",
"cn=dl_X,ou=Groups,o=X", "cn=Domain Users,ou=Groups,o=X", "cn=fs_public -
EUR,ou=Groups,o=X", "cn=dl_XGlobal,ou=Groups,o=X"], "displayName"=>["Paul
Voccio"], "manager"=>["cn=X,ou=Users,o=X"], "mail"=>["paul.voccio@X.com"],
"securityEquals"=>["cn=fs_public,ou=Groups,o=X",
"cn=DWS_MgdX,ou=Groups,o=X", "cn=network_smb,ou=Groups,o=X", "cn=im_Managed
Network Security,ou=Groups,o=X", "cn=axios_reviewers,ou=Groups,o=X",
"cn=dl_X,ou=Groups,o=X", "cn=fs_public - EUR,ou=Groups,o=X",
"cn=dl_X,ou=Groups,o=X"]}.

What steps will reproduce the problem?
1.
2.
3.

What version of RubyCAS-Server are you using? How is it installed (rubygem,
manual install)? How are you running it (webrick, mongrel, passenger,
etc.)?
Webrick, 
*** LOCAL GEMS ***

actionmailer (2.2.2)
actionpack (2.2.2)
activerecord (2.2.2)
activeresource (2.2.2)
activesupport (2.2.2)
builder (2.1.2)
fastthread (1.0.1)
markaby (0.5)
mysql (2.7)
passenger (2.0.6)
picnic (0.7.1)
rack (0.9.1)
rails (2.2.2)
rake (0.8.3)
ruby-net-ldap (0.0.4)
rubycas-server (0.7.1)

If relevant, please paste your RubyCAS-Server config.yml file here.

authenticator:
  class: CASServer::Authenticators::LDAP
  ldap:
    host: edir1.X 
    port: 636
    base: ou=Users,o=X
    filter: (objectClass=person)
    encryption: simple_tls
  extra_attributes: manager, displayName, mail, securityEquals, groupmembership

Please provide any additional information below.

Thanks,
Paul

Original issue reported on code.google.com by vocc...@gmail.com on 14 Mar 2009 at 5:20

GoogleCodeExporter commented 8 years ago 
I think this has already been fixed in development (in github/svn). I'll 
double-check.

Original comment by matt.zuk...@gmail.com on 16 Mar 2009 at 6:56

GoogleCodeExporter commented 8 years ago 
In github:
http://github.com/gunark/rubycas-server/blob/2362341b1e80fb684fe200dd030a25d9d63
5a477/lib/casserver/authenticators/ldap.rb

    def extract_extra_attributes(ldap_entry)
      @extra_attributes = {}
      extra_attributes_to_extract.each do |attr|
        v = !ldap_entry[attr].blank? && ldap_entry[attr].first
        if v
          @extra_attributes[attr] = v.to_s
        end
      end

      if @extra_attributes.empty?
        $LOG.warn("#{self.class}: Did not read any extra_attributes for user
#{@username.inspect} even though an :extra_attributes option was provided.")
      else
        $LOG.debug("#{self.class}: Read the following extra_attributes for user
#{@username.inspect}: #{@extra_attributes.inspect}")
      end
      ldap_entry
    end

Looks like github still has the first entry assigned.

Original comment by vocc...@gmail.com on 18 Mar 2009 at 6:29

GoogleCodeExporter commented 8 years ago 
okay i've added your patch to github

Original comment by matt.zuk...@gmail.com on 18 Mar 2009 at 8:03