# config/ldap.yml
development:
base: ou=people,dc=test,dc=com
attribute: uid
group_base: ou=groups,dc=test,dc=com
required_groups:
- ["moreMembers", "cn=users,ou=groups,dc=test,dc=com"]
and I have my dn like
uid=gmgp,ou=developpers,ou=people,dc=test,dc=com
in the log the LDAPLogger write
LDAP: LDAP search: uid=gmgp
LDAP: Authorizing user uid=gmgp,ou=developpers,ou=people,dc=test,dc=com
LDAP: LDAP search: uid=gmgp
LDAP: LDAP search: uid=gmgp
LDAP: LDAP search: uid=gmgp
LDAP: User uid=gmgp,ou=people,dc=test,dc=com is not in group: cn=users,ou=groups,dc=test,dc=com
my simple workaround is to create a local attribute
#devise_ldap_authenticatable-0.4.6/lib/devise_ldap_authenticatable/ldap_adapter.rb
27 class LdapConnect
28
29 attr_reader :ldap, :login, :login_dn
54 def dn
55 DeviseLdapAuthenticatable::Logger.send("LDAP search: #{@attribute}=#{@login}")
56 filter = Net::LDAP::Filter.eq(@attribute.to_s, @login.to_s)
57 ldap_entry = nil
58 @ldap.search(:filter => filter) {|entry| ldap_entry = entry}
59 if ldap_entry.nil?
60 @ldap_auth_username_builder.call(@attribute,@login,@ldap)
61 else
62 @login_dn = ldap_entry.dn
63 end
64 end
84 def in_required_groups?
85 return true unless ::Devise.ldap_check_group_membership
86
...
99 admin_ldap.search(:base => group_name, :scope => Net::LDAP::SearchScope_BaseObject) do |entry|
100 unless entry[group_attribute].include? @login_dn
101 DeviseLdapAuthenticatable::Logger.send("User #{@login_dn} is not in group: #{group_name }")
102 return false
103 end
104 end
105 end
This workaround works even if it does not solve the underlying problem
I prepare a commit as it should if I find a moment of time
Nessun commento:
Posta un commento