search

cschiewek / devise_ldap_authenticatable

Devise Module for LDAP
MIT License
593 stars 359 forks source link

Group validation doesn't work #189

Open ggnix opened 9 years ago

ggnix commented 9 years ago

Here's WEBrick output:

    LDAP: LDAP dn lookup: uid=my_name
    LDAP: LDAP search for login: uid=my_name
    LDAP: LDAP search yielded 2 matches
    LDAP: Authorizing user uid=my_name,cn=users,cn=accounts,dc=aws,dc=company,dc=net
    LDAP: Not authorized because not in required groups.
    In my devise.rb file config.ldap_check_group_membership & config.ldap_ad_group_check are set as true.

ldap.yml:

authorizations: &AUTHORIZATIONS
allow_unauthenticated_bind: false
group_base: cn=groups,cn=accounts,dc=aws,dc=company,dc=net
required_groups:
- cn=noc,cn=groups,cn=accounts,dc=aws,dc=company,dc=net

Using ldapsearch command I checked that my ldap tree looks like that:

noc, groups, accounts, aws.company.net
dn: cn=noc,cn=groups,cn=accounts,dc=aws,dc=company,dc=net
member: uid=b..,cn=users,cn=accounts,dc=aws,dc=company,dc=net
member: uid=my_name,cn=users,cn=accounts,dc=aws,dc=company,dc=net
member: uid=i...,cn=users,cn=accounts,dc=aws,dc=company,dc=net
member: uid=n...,cn=users,cn=accounts,dc=aws,dc=company,dc=net
member: uid=s...,cn=users,cn=accounts,dc=aws,dc=company,dc=net
member: uid=e...,cn=users,cn=accounts,dc=aws,dc=company,dc=net
objectClass: top
objectClass: groupofnames
objectClass: nestedgroup
objectClass: ipausergroup
objectClass: ipaobject
objectClass: posixgroup
objectClass: ipantgroupattrs
description: noc operators group
cn: noc

Please can somebody point out what am I doing wrong? Thanks in advance!

PritiKumr commented 9 years ago

Did you get to solve the issue? Ran into the same :(

ggnix commented 9 years ago

No, it seems like gem issue. Used net-ldap library and it worked

jcoyne commented 8 years ago

I think this might be because your LDAP has groupofnames where devise-ldap expects groupOfUniqueNames

jcoyne commented 8 years ago

Here's the code where its searching for uniqueMember rather than member (which is what you need): https://github.com/cschiewek/devise_ldap_authenticatable/blob/master/lib/devise_ldap_authenticatable/ldap/connection.rb#L173

jcoyne commented 8 years ago

This story is the same as https://github.com/cschiewek/devise_ldap_authenticatable/issues/185