1

我可以使用 net-ldap gem 网站提供的测试代码登录,但相同的登录设置不适用于 Rails 上的设计。

这是我尝试使用 devise 登录 Rails 时的服务器日志。

Started POST "/users/sign_in" for 127.0.0.1 at Fri Mar 22 10:53:39 -0700 2013
Processing by Devise::SessionsController#create as HTML
  Parameters: {"commit"=>"Sign in", "authenticity_token"=>"bEmEPHuI8ob+O67hy0mpgGm12KzFnBNwRuhALAJzmCg=", "user"=>{"remember_me"=>"1", "email"=>"somerandomeusername@corp.bigasscorporation.com", "password"=>"[FILTERED]"}, "utf8"=>"✓"}
  User Load (0.5ms)  SELECT `users`.* FROM `users` WHERE `users`.`email` = 'somerandomeusername@corp.bigasscorporation.com' LIMIT 1
  LDAP: LDAP dn lookup: mail=somerandomeusername@corp.bigasscorporation.com
  LDAP: LDAP search for login: mail=somerandomeusername@corp.bigasscorporation.com
  LDAP: Authorizing user mail=somerandomeusername@corp.bigasscorporation.com,OU=Users,OU=Users_and_Groups,DC=corp,DC=bigasscorporation,DC=com
  LDAP: LDAP dn lookup: mail=somerandomeusername@corp.bigasscorporation.com
  LDAP: LDAP search for login: mail=somerandomeusername@corp.bigasscorporation.com
DEPRECATION WARNING: an empty resource was given to Devise::Strategies::LdapAuthenticatable#validate. Please ensure the resource is not nil. (called from require at script/rails:6)
Completed 401 Unauthorized in 64ms

以下是有关我的环境的一些信息

红宝石 1.8.7

导轨 3.2.13

使用的宝石

  • 宝石“设计”,“〜> 2.2.2”
  • gem "net-ldap", '~> 0.2.2'
  • gem "devise_ldap_authenticable", '~> 0.6.1'

LDAP 配置

配置/ldap.yml

authorizations: &AUTHORIZATIONS
  group_base: OU=Users,OU=Users_and_Groups,DC=corp,DC=somebigasscorporation,DC=com
  required_groups:
    - cn=Users,OU=Users_and_Groups,DC=corp,DC=somebigasscorporation,DC=com
    - OU=Users,OU=Users_and_Groups,DC=corp,DC=somebigasscorporation,DC=com
    - ["moreMembers", "cn=users,ou=groups,dc=test,dc=com"]
  require_attribute:
    objectClass: inetOrgPerson
    authorizationRole: postsAdmin

## Enviornments

development:
  host: xxx.corp.somebigasscorporation.com
  port: 3268
  attribute: mail
  base: OU=Users,OU=Users_and_Groups,DC=corp,DC=somebigasscorporation,DC=com
  # admin_user: cn=admin,dc=test,dc=com
  # admin_password: admin_password
  ssl: false
  # <<: *AUTHORIZATIONS

配置/初始化程序/devise.rb

Devise.setup do |config|
  config.ldap_create_user = true

  ...

有效的测试代码

require 'rubygems'
require 'net/ldap'
require 'highline/import'

ldap = Net::LDAP.new
ldap.host = "xxx.corp.bigasscorporation.com"
ldap.port = "3268"
ldap.base = "OU=Users,OU=Users_and_Groups,DC=corp,DC=bigasscorporation,DC=com"
ldap.auth "somerandomuser@corp.bigasscorporation.com", "xxxXXXyyy"

if ldap.bind
  p "Success!!"
  p ldap
  p ldap.base
  p ldap.get_operation_result
else
  p "Failed!"
  p ldap.get_operation_result
end

# => "Success!!"
#<Net::LDAP:0x007fc393a22660 @host="xxx.corp.bigasscorporation.com", @port="3268", @verbose=false, @auth={:method=>:simple, :username=>"somerandomuser@corp.bigasscorporation.com", :password=>"xxxXXXyyy"}, @base="OU=Users,OU=Users_and_Groups,DC=corp,DC=bigasscorporation,DC=com", @encryption=nil, @open_connection=nil, @result=0>
"OU=Users,OU=Users_and_Groups,DC=corp,DC=bigasscorporation,DC=com"
#<OpenStruct code=0, message="Success">
4

2 回答 2

5

我在 devise.rb 中需要这个

config.ldap_auth_username_builder = Proc.new() {|attribute, login, ldap| "#{login}" }

于 2013-03-22T19:52:27.490 回答
0

万一其他人有同样的问题,我发现ldap_auth_username_builder修复有一个小问题。我还尝试对 .yml 文件中的必需属性设置一些授权,并且ldap.search在 gem 调用方法后我遇到了很多奇怪的错误。特别是,很多调用.try(:first)返回 nil 的搜索。

我最终在 gem 的 lib 目录中进行了挖掘,并调整了一些代码以获得更好的日志记录。事实证明,当我添加 时config.ldap_auth_username_builder,我实际上是在欺骗系统,让它相信它找到了一条记录,而实际上并没有。我无法为这些记录指定属性,因为没有记录开始。如果你们正在尝试做类似的事情,比如检查组成员资格等,我建议三重检查你attributeldap.yml文件中的值是否设置为有效的 attr 并且你给它提供了正确的信息,所以它可以在 LDAP 端找到你需要的东西。

于 2013-06-01T23:30:44.003 回答