LDAP组身份验证失败:无效的绑定信息 [英] LDAP groups authentication fails: Invalid Binding Information

问题描述

我正在使用 devise_ldap_authenticatable 通过LDAP登录到我的Rails应用程序.登录适用于用户(使用用户名)，但不适用于组:当我尝试检查用户是否在特定组中时，我得到:

I'm using devise_ldap_authenticatable to log in into my Rails app via LDAP. Log in works for user (with username), but does not work for groups: when I try to check if user is in a particular group I get:

'Net :: LDAP :: BindingInformationInvalidError在 Devise :: SessionsController#create

'Net::LDAP::BindingInformationInvalidError in Devise::SessionsController#create

无效的绑定信息

提取的来源(围绕#244行): 引发Net :: LDAP :: BindingInformationInvalidError，无效的绑定信息"，除非(用户&& psw)

Extracted source (around line #244): raise Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless (user && psw)

我尝试了几种建议的解决方案，但都因上述错误而失败.

I tried several suggested solutions but they all failed with the error mentioned above.

我尝试将devise.rb中的config.ldap_check_group_membership=false更改为config.ldap_check_group_membership=true:

config.ldap_create_user = true
config.ldap_check_group_membership = true
config.ldap_check_attributes = false
config.ldap_use_admin_to_bind = false
config.ldap_ad_group_check = true (also tried false with this one)

并在ldap.yml文件中设置组，如下所示:

and setting groups in ldap.yml file like this:

authorizations: &AUTHORIZATIONS
    group_base: OU=US,DC=um,DC=com #also tried without group_base, with group_base DC=um,DC=com
    required_groups:
        - CN=D US Workers,OU=Workers,OU=abc,OU=US,DC=um,DC=com
        - CN=B US Workers,OU=Workers,OU=abc,OU=US,DC=um,DC=com

后来这样:

authorizations: &AUTHORIZATIONS
    #also tried without group_base, with group_base DC=um,DC=com
    group_base: OU=US,DC=um,DC=com 
    required_groups:
        ["memberOf", "CN=D US  Workers,OU=Workers,OU=abc,OU=US,DC=um,DC=com;CN=B US Workers,OU=Workers,OU=abc,OU=US,DC=um,DC=com"]

第二次尝试解决

此操作失败后，我还尝试将devise.rb中的ldap_check_attributes=false更改为ldap_check_attributes=true:

config.ldap_create_user = true
config.ldap_check_group_membership = false
config.ldap_check_attributes = true
config.ldap_use_admin_to_bind = false

和ldap.yml文件中的设置属性，如下所示:

and setting attribute in ldap.yml file like this:

authorizations: &AUTHORIZATIONS
    require_attribute:
        memberOf: CN=D US Workers,OU=Workers,OU=abc,OU=US,DC=um,DC=com
development:
    host: <%= ENV["LDAP_HOST"] %>
    port: <%= ENV["LDAP_PORT"] %>
    attribute: 'userprincipalname'
    base: 'DC=um,DC=com' 
    ssl: <%= ENV["LDAP_SSL"] %>
    <<: *AUTHORIZATIONS

我可以访问AD，我知道该组是正确的.当我查看那里的帐户时，会看到以下内容:

I have access to AD, I know, that group is correct. When I look at my account there, I see something like this:

memberOf:  CN=D US Workers,OU=Workers,OU=abc,OU=US,DC=um,DC=com;CN=B US
       Workers,OU=Workers,OU=abc,OU=US,DC=um,DC=com

我在做什么错了?

推荐答案

今天，我设法找到了一种可行的解决方案.我已经这样更改了devise.rb文件:

Today I managed to find one solution that worked. I've changed devise.rb file like this:

 config.ldap_create_user = true
 config.ldap_check_group_membership = false
 config.ldap_check_attributes = true
 config.ldap_use_admin_to_bind = false

和ldap.yml这样:

authorizations: &AUTHORIZATIONS
    #group_base:
    #required_groups:
    require_attribute:
        memberOf: CN=D US Workers,OU=Workers,OU=abc,OU=US,DC=um,DC=com

development:
    host: <%= ENV["LDAP_HOST"] %>
    port: <%= ENV["LDAP_PORT"] %>
    attribute: sAMAccountName
    base: DC=um,DC=com
    ssl: <%= ENV["LDAP_SSL"] %>
    admin_user: <%= ENV["LDAP_ADMIN_USER"] %> # currently my own: CN=name surname,OU=Workers,OU=abc,OU=US,DC=um,DC=com
    admin_password: <%= ENV["LDAP_ADMIN_PASSWORD"] %> currently my own password
    <<: *AUTHORIZATIONS

如果我找到更好的解决方案，我将其发布.也可以随意提出建议.

If I find better solution, I'll post it. Feel free to suggest your way too.

这篇关于LDAP组身份验证失败:无效的绑定信息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！