Ldap is not working with Devise

问题

I am trying to use Devise with Ldap however I seem to be doing something wrong in the initial setup for devise with ldap I am already using devise with db auth but, I would like to switch over and use my existing AD. Any help would be greatly appreciated!

I have this test script that only uses LDAP and it works perfectly

require 'net/ldap'

class ActiveDirectoryUser
  SERVER = 'myactivedir.mydomain.com'
  PORT = 389
  BASE = 'DC=mydomain,DC=com'
  DOMAIN = 'mydomain.com'

  def self.authenticate(login, pass)
    return false if login.empty? or pass.empty?

    conn = Net::LDAP.new :host => SERVER,
                         :port => PORT,
                         :base => BASE,
                         :auth => { :username => "#{login}@#{DOMAIN}",
                                    :password => pass,
                                    :method => :simple }


    if conn.bind and user = conn.search(:filter => "sAMAccountName=#{login}").first
      return user

    else
      return nil
   end

  rescue Net::LDAP::LdapError => e
    return false
  end
end

I run this with the above code and it gives me all of the attributes for test

 irb(main):003:0> user = ActiveDirectoryUser.authenticate('test','test12345')

 => #<Net::LDAP::Entry:0x007fcfab831ee0 @myhash={:dn=>["CN=test,CN=Users,DC=mydomain,DC=com"], :objectclass=>["top", "person", "organizationalPerson", "user"], :cn=>["test"], :samaccountname=>["test"].......keeps going

If I use the wrong password for user test I get this so I know its working correctly for auth.

 irb(main):002:0> ActiveDirectoryUser.authenticate('test','test123')
 => nil

However, when I try the same setup with devise it always returns this.

 LDAP: LDAP dn lookup: sAMAccountName=test
 LDAP: LDAP dn lookup: sAMAccountName=test
 LDAP: LDAP search for login: sAMAccountName=test
 LDAP: LDAP search for login: sAMAccountName=test
 LDAP: LDAP search yielded 0 matches
 LDAP: LDAP search yielded 0 matches
 LDAP: Authorizing user sAMAccountName=test,dc=mydomain,dc=com
 LDAP: Authorizing user sAMAccountName=test,dc=mydomain,dc=com
 LDAP: Not authorized because not authenticated.
 LDAP: Not authorized because not authenticated.

Here is my devise.rb config ->

Devise.setup do |config|
   # ==> LDAP Configuration
   config.ldap_logger = true
   # config.ldap_create_user = false
   # config.ldap_update_password = true
   config.ldap_config = "#{Rails.root}/config/ldap.yml"
   #config.ldap_auth_username_builder = Proc.new() {|attribute, login, ldap| "#{login}@mydomain.com"}  tried this still no luck......
   # config.ldap_check_group_membership = false
   # config.ldap_check_group_membership_without_admin = false
   # config.ldap_check_attributes = false
   # config.ldap_use_admin_to_bind = false
   # config.ldap_ad_group_check = false

Here is my config/ldap.yml

development:
  host: myactivedir.mydomain.com
  domain: mydomain.com
  port: 389
  attribute: sAMAccountName
  base: dc=mydomain,dc=com

回答1:

Figure it out in the config/devise.rb I included this and presto it worked.

config.ldap_auth_username_builder = Proc.new() {|attribute, login, ldap| "#{login}@mydomain.com"}  

来源：https://stackoverflow.com/questions/35705048/ldap-is-not-working-with-devise