我试图允许用户登录group1或group2中存在的人 但在LDAP授权期间,它会检查两个组。
如果用户出现在group1或group2中,我需要允许他们登录。
有人可以协助吗?
在devise.rb
config.ldap_check_group_membership = true
在ldap.yml
authorizations: &AUTHORIZATIONS
group_base: ou=groups,dc=test,dc=com
required_groups:
cn=admins,ou=groups,dc=test,dc=com -----group1
cn=users,ou=groups,dc=test,dc=com ----- group2
require_attribute:
# objectClass: inetOrgPerson
# authorizationRole: postsAdmin
development:
host: # ip address is to be filled in here..
port: # port number goes here..
attribute: cn
base: # my tree base details go in here..
admin_user: cn=admin_name,dc=test,dc=com
admin_password: # password goes in here..
ssl: true
<<: *AUTHORIZATIONS
答案 0 :(得分:1)
/devise_ldap_authenticatable-0.8.3/lib/devise_ldap_authenticatable/ldap/connection.rb
def in_required_groups?
return true unless @check_group_membership
## FIXME set errors here, the ldap.yml isn't set properly.
return false if @required_groups.nil?
arr_res = []
for group in @required_groups
if group.is_a?(Array)
res = in_group?(group[1],group[0])
arr_res << res
# return false unless in_group?(group[1], group[0])
else
return false unless in_group?(group)
end
end
DeviseLdapAuthenticatable::Logger.send(arr_res)
return true if arr_res.include? true
# return true
end
答案 1 :(得分:0)
只有4个月的时间,但对于任何仍然面临这种情况的人,你可以在宝石中修补一个方法
module Devise
module LDAP
class Connection
def in_required_groups?
found = false
return true unless @check_group_membership
return false if @required_groups.nil?
for group in @required_groups
if group.is_a?(Array)
found = true if in_group?(group[1], group[0])
# return false unless in_group?(group[1], group[0])
else
found = true if in_group?(group)
# found = true if in_group?(group[1], group[0])
end
end
return found
end
end
end
end