0

I am trying to use thise gem according base documentation (https://github.com/cschiewek/devise_ldap_authenticatable)

this is my devise.rb config

     # ==> LDAP Configuration 

   config.ldap_logger = true
   config.ldap_create_user = true
   config.ldap_config = "#{Rails.root}/config/ldap.yml"

and this is my ldap.yml

authorizations: &AUTHORIZATIONS

  allow_unauthenticated_bind: true
  group_base: ou=groups,dc=test,dc=com
  ## Requires config.ldap_check_group_membership in devise.rb be true
  # Can have multiple values, must match all to be authorized
  required_groups:
    # If only a group name is given, membership will be checked against "uniqueMember"
    - cn=admins,ou=groups,dc=test,dc=com
    - cn=users,ou=groups,dc=test,dc=com
    # If an array is given, the first element will be the attribute to check against, the second the group name
    - ["moreMembers", "cn=users,ou=groups,dc=test,dc=com"]
  ## Requires config.ldap_check_attributes in devise.rb to be true
  ## Can have multiple attributes and values, must match all to be authorized
  require_attribute:
    objectClass: inetOrgPerson
    authorizationRole: postsAdmin

## Environment

development:
  host: myACtiveDirectory.server
  port: 389
  attribute: userPrincipalName
  base: dc=mycompanydomain,dc=com
  admin_user: cn=admin,dc=test,dc=com
  admin_password: admin_password
  ssl: false
  # <<: *AUTHORIZATIONS

when I try to login, what I want to achieve is login with email and pass and if user is not present in local DB, create record. In logs I see that LDAP cannot find user according userPrincipalName and it is always twice (is it trying twice before it fails?)

LDAP: LDAP dn lookup: [email protected]
  LDAP: LDAP search for login: [email protected]
  LDAP: LDAP search yielded 0 matches
  LDAP: Authorizing user [email protected],dc=mycompanydomain,dc=com
  LDAP: Not authorized because not authenticated.
  LDAP: LDAP dn lookup: [email protected]
  LDAP: LDAP search for login: [email protected]
  LDAP: LDAP search yielded 0 matches
  LDAP: Authorizing user [email protected],dc=mycompanydomain,dc=com
  LDAP: Not authorized because not authenticated.

When I use script from this question to test (I changed sAMAccountName to principal name and I dont merge username with domain) I can login to LDAP so connection is working Ldap is not working with Devise

any idea what is wrong with my devise ldap setup?

EDIT: ok I found that ldap_authenticable is searching for DN what in my case (Active Directory setup) is CN=Complete Name,CN=Users,CN=mydomain,CN=com The question is how can I search for email instead of Complete Name as I cant update AD for all users to put email into name field?

Improve this question

1 Answer 1

Reset to default
0

ok I found this answer and it helped me Correct configuration for devise_ldap_authenticatable

I just needed to add this line to devise.rb and I can simple authenticate according to userPrincipalName 

config.ldap_auth_username_builder = Proc.new() {|attribute, login, ldap| login}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.