我可以使用net-ldap gem网站提供的测试代码登录,但登录的相同设置不适用于Rails上的设计。
当我尝试使用设计登录Rails时,这是服务器日志。
Started POST "/users/sign_in" for 127.0.0.1 at Fri Mar 22 10:53:39 -0700 2013
Processing by Devise::SessionsController#create as HTML
Parameters: {"commit"=>"Sign in", "authenticity_token"=>"bEmEPHuI8ob+O67hy0mpgGm12KzFnBNwRuhALAJzmCg=", "user"=>{"remember_me"=>"1", "email"=>"somerandomeusername@corp.bigasscorporation.com", "password"=>"[FILTERED]"}, "utf8"=>"✓"}
User Load (0.5ms) SELECT `users`.* FROM `users` WHERE `users`.`email` = 'somerandomeusername@corp.bigasscorporation.com' LIMIT 1
LDAP: LDAP dn lookup: mail=somerandomeusername@corp.bigasscorporation.com
LDAP: LDAP search for login: mail=somerandomeusername@corp.bigasscorporation.com
LDAP: Authorizing user mail=somerandomeusername@corp.bigasscorporation.com,OU=Users,OU=Users_and_Groups,DC=corp,DC=bigasscorporation,DC=com
LDAP: LDAP dn lookup: mail=somerandomeusername@corp.bigasscorporation.com
LDAP: LDAP search for login: mail=somerandomeusername@corp.bigasscorporation.com
DEPRECATION WARNING: an empty resource was given to Devise::Strategies::LdapAuthenticatable#validate. Please ensure the resource is not nil. (called from require at script/rails:6)
Completed 401 Unauthorized in 64ms
以下是有关我的环境的一些信息
Ruby 1.8.7
Rails 3.2.13
使用宝石
LDAP配置
配置/ ldap.yml
authorizations: &AUTHORIZATIONS
group_base: OU=Users,OU=Users_and_Groups,DC=corp,DC=somebigasscorporation,DC=com
required_groups:
- cn=Users,OU=Users_and_Groups,DC=corp,DC=somebigasscorporation,DC=com
- OU=Users,OU=Users_and_Groups,DC=corp,DC=somebigasscorporation,DC=com
- ["moreMembers", "cn=users,ou=groups,dc=test,dc=com"]
require_attribute:
objectClass: inetOrgPerson
authorizationRole: postsAdmin
## Enviornments
development:
host: xxx.corp.somebigasscorporation.com
port: 3268
attribute: mail
base: OU=Users,OU=Users_and_Groups,DC=corp,DC=somebigasscorporation,DC=com
# admin_user: cn=admin,dc=test,dc=com
# admin_password: admin_password
ssl: false
# <<: *AUTHORIZATIONS
配置/初始化/ devise.rb
Devise.setup do |config|
config.ldap_create_user = true
...
有效的测试代码
require 'rubygems'
require 'net/ldap'
require 'highline/import'
ldap = Net::LDAP.new
ldap.host = "xxx.corp.bigasscorporation.com"
ldap.port = "3268"
ldap.base = "OU=Users,OU=Users_and_Groups,DC=corp,DC=bigasscorporation,DC=com"
ldap.auth "somerandomuser@corp.bigasscorporation.com", "xxxXXXyyy"
if ldap.bind
p "Success!!"
p ldap
p ldap.base
p ldap.get_operation_result
else
p "Failed!"
p ldap.get_operation_result
end
# => "Success!!"
#<Net::LDAP:0x007fc393a22660 @host="xxx.corp.bigasscorporation.com", @port="3268", @verbose=false, @auth={:method=>:simple, :username=>"somerandomuser@corp.bigasscorporation.com", :password=>"xxxXXXyyy"}, @base="OU=Users,OU=Users_and_Groups,DC=corp,DC=bigasscorporation,DC=com", @encryption=nil, @open_connection=nil, @result=0>
"OU=Users,OU=Users_and_Groups,DC=corp,DC=bigasscorporation,DC=com"
#<OpenStruct code=0, message="Success">
答案 0 :(得分:5)
我在devise.rb
中需要这个 config.ldap_auth_username_builder = Proc.new() {|attribute, login, ldap| "#{login}" }
答案 1 :(得分:0)
如果其他人遇到同样的问题,我发现ldap_auth_username_builder修复有点问题。我还试图在.yml文件中设置一些必需属性的授权,并且在gem调用ldap.search方法之后我遇到了很多奇怪的错误。特别是,在返回nil的搜索中大量调用.try(:first)。
我最终在gem的lib目录中挖掘并调整了一些代码以获得更好的日志记录。事实证明,当我添加config.ldap_auth_username_builder时,我实际上是在欺骗系统,相信它确实找到了记录,而事实并非如此。我无法为这些记录指定属性,因为没有记录开头。如果你们正在尝试做类似的事情,比如检查组成员身份等,我建议三重检查attribute文件中的ldap.yml值是否设置为有效attr而你是'重新给它正确的信息,以便它可以在LDAP端找到你需要的东西。