LDAP组身份验证失败:无效的绑定信息 [英] LDAP groups authentication fails: Invalid Binding Information
问题描述
我正在使用 devise_ldap_authenticatable 通过LDAP登录到我的Rails应用程序.登录适用于用户(使用用户名),但不适用于组:当我尝试检查用户是否在特定组中时,我得到:
I'm using devise_ldap_authenticatable to log in into my Rails app via LDAP. Log in works for user (with username), but does not work for groups: when I try to check if user is in a particular group I get:
'Net :: LDAP :: BindingInformationInvalidError在 Devise :: SessionsController#create
'Net::LDAP::BindingInformationInvalidError in Devise::SessionsController#create
无效的绑定信息
提取的来源(围绕#244行): 引发Net :: LDAP :: BindingInformationInvalidError,无效的绑定信息",除非(用户&& psw)
Extracted source (around line #244): raise Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless (user && psw)
我尝试了几种建议的解决方案,但都因上述错误而失败.
I tried several suggested solutions but they all failed with the error mentioned above.
我尝试将devise.rb
中的config.ldap_check_group_membership=false
更改为config.ldap_check_group_membership=true
:
config.ldap_create_user = true
config.ldap_check_group_membership = true
config.ldap_check_attributes = false
config.ldap_use_admin_to_bind = false
config.ldap_ad_group_check = true (also tried false with this one)
并在ldap.yml
文件中设置组,如下所示:
and setting groups in ldap.yml
file like this:
authorizations: &AUTHORIZATIONS
group_base: OU=US,DC=um,DC=com #also tried without group_base, with group_base DC=um,DC=com
required_groups:
- CN=D US Workers,OU=Workers,OU=abc,OU=US,DC=um,DC=com
- CN=B US Workers,OU=Workers,OU=abc,OU=US,DC=um,DC=com
后来这样:
authorizations: &AUTHORIZATIONS
#also tried without group_base, with group_base DC=um,DC=com
group_base: OU=US,DC=um,DC=com
required_groups:
["memberOf", "CN=D US Workers,OU=Workers,OU=abc,OU=US,DC=um,DC=com;CN=B US Workers,OU=Workers,OU=abc,OU=US,DC=um,DC=com"]
第二次尝试解决
此操作失败后,我还尝试将devise.rb
中的ldap_check_attributes=false
更改为ldap_check_attributes=true
:
config.ldap_create_user = true
config.ldap_check_group_membership = false
config.ldap_check_attributes = true
config.ldap_use_admin_to_bind = false
和ldap.yml
文件中的设置属性,如下所示:
and setting attribute in ldap.yml
file like this:
authorizations: &AUTHORIZATIONS
require_attribute:
memberOf: CN=D US Workers,OU=Workers,OU=abc,OU=US,DC=um,DC=com
development:
host: <%= ENV["LDAP_HOST"] %>
port: <%= ENV["LDAP_PORT"] %>
attribute: 'userprincipalname'
base: 'DC=um,DC=com'
ssl: <%= ENV["LDAP_SSL"] %>
<<: *AUTHORIZATIONS
我可以访问AD,我知道该组是正确的.当我查看那里的帐户时,会看到以下内容:
I have access to AD, I know, that group is correct. When I look at my account there, I see something like this:
memberOf: CN=D US Workers,OU=Workers,OU=abc,OU=US,DC=um,DC=com;CN=B US
Workers,OU=Workers,OU=abc,OU=US,DC=um,DC=com
我在做什么错了?
推荐答案
今天,我设法找到了一种可行的解决方案.我已经这样更改了devise.rb
文件:
Today I managed to find one solution that worked. I've changed devise.rb
file like this:
config.ldap_create_user = true
config.ldap_check_group_membership = false
config.ldap_check_attributes = true
config.ldap_use_admin_to_bind = false
和ldap.yml
这样:
authorizations: &AUTHORIZATIONS
#group_base:
#required_groups:
require_attribute:
memberOf: CN=D US Workers,OU=Workers,OU=abc,OU=US,DC=um,DC=com
development:
host: <%= ENV["LDAP_HOST"] %>
port: <%= ENV["LDAP_PORT"] %>
attribute: sAMAccountName
base: DC=um,DC=com
ssl: <%= ENV["LDAP_SSL"] %>
admin_user: <%= ENV["LDAP_ADMIN_USER"] %> # currently my own: CN=name surname,OU=Workers,OU=abc,OU=US,DC=um,DC=com
admin_password: <%= ENV["LDAP_ADMIN_PASSWORD"] %> currently my own password
<<: *AUTHORIZATIONS
如果我找到更好的解决方案,我将其发布.也可以随意提出建议.
If I find better solution, I'll post it. Feel free to suggest your way too.
这篇关于LDAP组身份验证失败:无效的绑定信息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!