尝试构建组验证。但它不允许我登录我的应用程序。
这里的WEBrick输出:
LDAP: LDAP dn lookup: uid=my_name
LDAP: LDAP search for login: uid=my_name
LDAP: LDAP search yielded 2 matches
LDAP: Authorizing user uid=my_name,cn=users,cn=accounts,dc=aws,dc=company,dc=net
LDAP: Not authorized because not in required groups.
在我的devise.rb文件 config.ldap_check_group_membership & config.ldap_ad_group_check 设置为true。
ldap.yml:
authorizations: &AUTHORIZATIONS
allow_unauthenticated_bind: false
group_base: cn=groups,cn=accounts,dc=aws,dc=company,dc=net
required_groups:
- cn=noc,cn=groups,cn=accounts,dc=aws,dc=company,dc=net
使用ldapsearch命令我检查了我的ldap树是这样的:
# noc, groups, accounts, aws.company.net
dn: cn=noc,cn=groups,cn=accounts,dc=aws,dc=company,dc=net
member: uid=b..,cn=users,cn=accounts,dc=aws,dc=company,dc=net
member: uid=my_name,cn=users,cn=accounts,dc=aws,dc=company,dc=net
member: uid=i...,cn=users,cn=accounts,dc=aws,dc=company,dc=net
member: uid=n...,cn=users,cn=accounts,dc=aws,dc=company,dc=net
member: uid=s...,cn=users,cn=accounts,dc=aws,dc=company,dc=net
member: uid=e...,cn=users,cn=accounts,dc=aws,dc=company,dc=net
objectClass: top
objectClass: groupofnames
objectClass: nestedgroup
objectClass: ipausergroup
objectClass: ipaobject
objectClass: posixgroup
objectClass: ipantgroupattrs
description: noc operators group
cn: noc
有人可以指出我做错了什么吗?提前谢谢!