martedì 10 maggio 2011

If i use a ldap configuration with

# config/ldap.yml
base: ou=people,dc=test,dc=com
attribute: uid
group_base: ou=groups,dc=test,dc=com
- ["moreMembers", "cn=users,ou=groups,dc=test,dc=com"]

and I have my dn like


in the log the LDAPLogger write

LDAP: LDAP search: uid=gmgp
LDAP: Authorizing user uid=gmgp,ou=developpers,ou=people,dc=test,dc=com
LDAP: LDAP search: uid=gmgp
LDAP: LDAP search: uid=gmgp
LDAP: LDAP search: uid=gmgp
LDAP: User uid=gmgp,ou=people,dc=test,dc=com is not in group: cn=users,ou=groups,dc=test,dc=com

my simple workaround is to create a local attribute


27 class LdapConnect
29 attr_reader :ldap, :login, :login_dn

54 def dn
55 DeviseLdapAuthenticatable::Logger.send("LDAP search: #{@attribute}=#{@login}")
56 filter = Net::LDAP::Filter.eq(@attribute.to_s, @login.to_s)
57 ldap_entry = nil
58 => filter) {|entry| ldap_entry = entry}
59 if ldap_entry.nil?
61 else
62 @login_dn = ldap_entry.dn
63 end
64 end

84 def in_required_groups?
85 return true unless ::Devise.ldap_check_group_membership
99 => group_name, :scope => Net::LDAP::SearchScope_BaseObject) do |entry|
100 unless entry[group_attribute].include? @login_dn
101 DeviseLdapAuthenticatable::Logger.send("User #{@login_dn} is not in group: #{group_name }")
102 return false
103 end
104 end
105 end

This workaround works even if it does not solve the underlying problem
I prepare a commit as it should if I find a moment of time

Nessun commento:

Posta un commento