LDAP:未经授权,因为未经过身份验证

时间:2015-12-01 18:42:23

标签: ruby-on-rails ruby-on-rails-4 devise ldap

我有以下登录凭证

EMAIL=xxxx@gmail.com and PASSWORD=test1234

及以上凭证是正确的。

但登录时,我收到以下错误 

  LDAP: LDAP dn lookup: cn=xxxx@gmail.com
  LDAP: LDAP search for login: cn=xxxx@gmail.com
  LDAP: LDAP search yielded 0 matches
  LDAP: Authorizing user cn=xxxx@gmail.com,ou=people,dc=test,dc=com
  LDAP: Not authorized because not authenticated.
Completed 401 Unauthorized in 9ms

这是我的配置

适用于ldap.yml 

authorizations: &AUTHORIZATIONS
  allow_unauthenticated_bind: false
  group_base: ou=groups,dc=test,dc=com
  ## Requires config.ldap_check_group_membership in devise.rb be true
  # Can have multiple values, must match all to be authorized
  required_groups:
    # If only a group name is given, membership will be checked against "uniqueMember"
    - cn=admins,ou=groups,dc=test,dc=com
    - cn=users,ou=groups,dc=test,dc=com
    # If an array is given, the first element will be the attribute to check against, the second the group name
    - ["moreMembers", "cn=users,ou=groups,dc=test,dc=com"]
  ## Requires config.ldap_check_attributes in devise.rb to be true
  ## Can have multiple attributes and values, must match all to be authorized
  require_attribute:
    objectClass: inetOrgPerson
    authorizationRole: postsAdmin

## Environment

development:
  host: localhost
  port: 389
  attribute: cn
  base: ou=people,dc=test,dc=com
  admin_user: cn=admin,dc=test,dc=com
  admin_password: admin_password
  ssl: false
  # <<: *AUTHORIZATIONS

,对于device.rb 

# Use this hook to configure devise mailer, warden hooks and so forth.
# Many of these configuration options can be set straight in your model.
Devise.setup do |config|
  # ==> LDAP Configuration 
  # config.ldap_logger = true
  config.ldap_create_user = true
  # config.ldap_update_password = true
  config.ldap_config = "#{Rails.root}/config/ldap.yml"
  config.ldap_check_group_membership = true
  # config.ldap_check_group_membership_without_admin = false
  config.ldap_check_attributes = true
  config.ldap_use_admin_to_bind = true
  config.ldap_ad_group_check = true

  config.mailer_sender = 'please-change-me-at-config-initializers-devise@example.com'

  require 'devise/orm/active_record'

  config.case_insensitive_keys = [:email]
  config.strip_whitespace_keys = [:email]
  config.skip_session_storage = [:http_auth]
  config.stretches = Rails.env.test? ? 1 : 10
  config.reconfirmable = true
  config.expire_all_remember_me_on_sign_out = true
  config.password_length = 8..72
  config.reset_password_within = 6.hours
  config.sign_out_via = :delete
end

上面的代码有什么问题?请帮帮我。

0 个答案:

没有答案
相关问题
最新问题