正确配置devise_ldap_authenticatable [英] Correct configuration for devise_ldap_authenticatable

问题描述

我的Rails应用程序(使用Devise + Devise LDAP Authenticatable)和尝试与之通信的Active Directory服务器存在一些连接问题.

I'm having some connectivity issues with my Rails app (using Devise + Devise LDAP Authenticatable) and the Active Directory server I'm attempting to communicate with.

我已经能够使用以下命令成功执行绑定并使用ldapsearch搜索:

I've been able to successfully perform a bind and search with ldapsearch using the following command:

ldapsearch -H ldap://ad.example.com:389 -b "ou=dept,ou=Users,ou=company,dc=example,dc=com" -D "me@example.com" -W "&(objectClass=organizationalPerson)(objectClass=Person))" mail

ldapsearch -H ldap://ad.example.com:389 -b "ou=dept,ou=Users,ou=company,dc=example,dc=com" -D "me@example.com" -W "&(objectClass=organizationalPerson)(objectClass=Person))" mail

既然可行，我假设我的devise_ldap_authenticatable配置出现问题，如下所示:

Since that works, I'm assuming I have an issue with my devise_ldap_authenticatable configuration, which looks like:

development: 
  host: ad.example.com
  port: 389
  attribute: mail
  base: ou=dept,ou=Users,ou=company,dc=example,dc=com
  objectClass: organizationalPerson
  objectClass: Person
  ssl: false

使用Wireshark，我能够从成功的绑定/搜索(CLI)和失败的绑定/搜索(Rails)捕获流量.成功绑定成功将电子邮件地址作为bindRequest(LDAPMessage bindRequest(1) "me@example.com" simple)的一部分正确发送，但是来自Rails应用程序的bindRequest看起来像LDAPMessage bindRequest(1) "<ROOT>" simple

Using Wireshark I was able to capture traffic from both the successful bind/search (CLI) and the failed bind/search (Rails). The successful bind correctly sends the email address as part of the bindRequest (LDAPMessage bindRequest(1) "me@example.com" simple) but the bindRequest from the Rails app looks like LDAPMessage bindRequest(1) "<ROOT>" simple

有人能发现我的配置存在明显问题吗?谁能将我的ldapsearch命令转换为正确的YAML配置?

Is anyone able to spot an obvious issue with my config? Can anyone translate my ldapsearch command into a proper YAML config?

推荐答案

我以前曾使用过Devise.rb配置选项，但是一定做错了.

I had played around with this Devise.rb config option previously, but must have done something incorrect.

在Devise.rb中添加以下内容似乎已经解决了我的绑定问题:

Adding the following to Devise.rb seems to have resolved my bind issue:

config.ldap_auth_username_builder = Proc.new() { |attribute, login, ldap| login }

这篇关于正确配置devise_ldap_authenticatable的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！