问题描述

我正在尝试将Devise与Ldap一起使用，但是在ldap的devise的初始设置中我似乎做错了事。我已经在db auth中使用devise，但是，我想切换并使用现有的AD。任何帮助将不胜感激！

I am trying to use Devise with Ldap however I seem to be doing something wrong in the initial setup for devise with ldap I am already using devise with db auth but, I would like to switch over and use my existing AD. Any help would be greatly appreciated!

我有这个仅使用LDAP的测试脚本，它可以正常工作

I have this test script that only uses LDAP and it works perfectly

require 'net/ldap'

class ActiveDirectoryUser
  SERVER = 'myactivedir.mydomain.com'
  PORT = 389
  BASE = 'DC=mydomain,DC=com'
  DOMAIN = 'mydomain.com'

  def self.authenticate(login, pass)
    return false if login.empty? or pass.empty?

    conn = Net::LDAP.new :host => SERVER,
                         :port => PORT,
                         :base => BASE,
                         :auth => { :username => "#{login}@#{DOMAIN}",
                                    :password => pass,
                                    :method => :simple }


    if conn.bind and user = conn.search(:filter => "sAMAccountName=#{login}").first
      return user

    else
      return nil
   end

  rescue Net::LDAP::LdapError => e
    return false
  end
end

上面的代码，它为我提供了测试的所有属性

I run this with the above code and it gives me all of the attributes for test

 irb(main):003:0> user = ActiveDirectoryUser.authenticate('test','test12345')

 => #<Net::LDAP::Entry:0x007fcfab831ee0 @myhash={:dn=>["CN=test,CN=Users,DC=mydomain,DC=com"], :objectclass=>["top", "person", "organizationalPerson", "user"], :cn=>["test"], :samaccountname=>["test"].......keeps going

如果我在用户测试中使用了错误的密码，我会得到这个信息，所以我知道它对于身份验证可以正常工作。

If I use the wrong password for user test I get this so I know its working correctly for auth.

 irb(main):002:0> ActiveDirectoryUser.authenticate('test','test123')
 => nil

但是，当我尝试使用devise进行相同设置时，总是返回此值。

However, when I try the same setup with devise it always returns this.

 LDAP: LDAP dn lookup: sAMAccountName=test
 LDAP: LDAP dn lookup: sAMAccountName=test
 LDAP: LDAP search for login: sAMAccountName=test
 LDAP: LDAP search for login: sAMAccountName=test
 LDAP: LDAP search yielded 0 matches
 LDAP: LDAP search yielded 0 matches
 LDAP: Authorizing user sAMAccountName=test,dc=mydomain,dc=com
 LDAP: Authorizing user sAMAccountName=test,dc=mydomain,dc=com
 LDAP: Not authorized because not authenticated.
 LDAP: Not authorized because not authenticated.

这是我的devise.rb配置->

Here is my devise.rb config ->

Devise.setup do |config|
   # ==> LDAP Configuration
   config.ldap_logger = true
   # config.ldap_create_user = false
   # config.ldap_update_password = true
   config.ldap_config = "#{Rails.root}/config/ldap.yml"
   #config.ldap_auth_username_builder = Proc.new() {|attribute, login, ldap| "#{login}@mydomain.com"}  tried this still no luck......
   # config.ldap_check_group_membership = false
   # config.ldap_check_group_membership_without_admin = false
   # config.ldap_check_attributes = false
   # config.ldap_use_admin_to_bind = false
   # config.ldap_ad_group_check = false

这是我的config / ldap.yml

Here is my config/ldap.yml

development:
  host: myactivedir.mydomain.com
  domain: mydomain.com
  port: 389
  attribute: sAMAccountName
  base: dc=mydomain,dc=com

推荐答案

在config / devise.rb中找到它，我包括了它并认为它起作用。

Figure it out in the config/devise.rb I included this and presto it worked.

config.ldap_auth_username_builder = Proc.new() {|attribute, login, ldap| "#{login}@mydomain.com"}

这篇关于Ldap不适用于Devise的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！