Clever Geek Handbook

Multiple groups in ldap device authenticate

I am trying to allow users to log in that are present in group1 or group2 but when LDAP authorizes it is checked in both groups.

If the user is in group1 or group2, then I have to allow them to login.

Can anyone help with this?

In devise.rb

config.ldap_check_group_membership = true

In ldap.yml

 authorizations: &AUTHORIZATIONS

  group_base: ou=groups,dc=test,dc=com

 required_groups:

  cn=admins,ou=groups,dc=test,dc=com -----group1

  cn=users,ou=groups,dc=test,dc=com ----- group2

require_attribute:

# objectClass: inetOrgPerson
# authorizationRole: postsAdmin

development:
  host: # ip address is to be filled in here..
  port: # port number goes here..
  attribute: cn 
  base: # my tree base details go in here..
  admin_user: cn=admin_name,dc=test,dc=com
  admin_password: # password goes in here..
  ssl: true 
  <<: *AUTHORIZATIONS
+3


source to share


3 answers


/devise_ldap_authenticatable-0.8.3/lib/devise_ldap_authenticatable/ldap/connection.rb



def in_required_groups?
    return true unless @check_group_membership

    ## FIXME set errors here, the ldap.yml isn't set properly.
    return false if @required_groups.nil?

    arr_res = []
    for group in @required_groups
      if group.is_a?(Array)
        res = in_group?(group[1],group[0])
        arr_res << res
      #  return false unless in_group?(group[1], group[0])
      else
        return false unless in_group?(group)
      end
    end
    DeviseLdapAuthenticatable::Logger.send(arr_res)
    return true if arr_res.include? true
   # return true
  end
+1


source


hope this can help. https://github.com/cschiewek/devise_ldap_authenticatable



But before you close "Not Answer" Please check the link. May help your problem.

0


source


Only 4 months late, but for those still facing this, you can monkeys fix one method in a gem

module Devise
  module LDAP
    class Connection
      def in_required_groups?
        found = false
        return true unless @check_group_membership
        return false if @required_groups.nil?
        for group in @required_groups
          if group.is_a?(Array)
            found = true if  in_group?(group[1], group[0])
            # return false unless in_group?(group[1], group[0])
          else
           found = true if in_group?(group)
            # found = true if  in_group?(group[1], group[0])
          end
        end
        return found
      end
    end
  end
end
0


source






More articles:


All Articles