Multiple groups in ldap device authenticate
I am trying to allow users to log in that are present in group1 or group2 but when LDAP authorizes it is checked in both groups.
If the user is in group1 or group2, then I have to allow them to login.
Can anyone help with this?
In devise.rb
config.ldap_check_group_membership = true
In ldap.yml
authorizations: &AUTHORIZATIONS
group_base: ou=groups,dc=test,dc=com
required_groups:
cn=admins,ou=groups,dc=test,dc=com -----group1
cn=users,ou=groups,dc=test,dc=com ----- group2
require_attribute:
# objectClass: inetOrgPerson
# authorizationRole: postsAdmin
development:
host: # ip address is to be filled in here..
port: # port number goes here..
attribute: cn
base: # my tree base details go in here..
admin_user: cn=admin_name,dc=test,dc=com
admin_password: # password goes in here..
ssl: true
<<: *AUTHORIZATIONS
+3
source to share
3 answers
/devise_ldap_authenticatable-0.8.3/lib/devise_ldap_authenticatable/ldap/connection.rb
def in_required_groups?
return true unless @check_group_membership
## FIXME set errors here, the ldap.yml isn't set properly.
return false if @required_groups.nil?
arr_res = []
for group in @required_groups
if group.is_a?(Array)
res = in_group?(group[1],group[0])
arr_res << res
# return false unless in_group?(group[1], group[0])
else
return false unless in_group?(group)
end
end
DeviseLdapAuthenticatable::Logger.send(arr_res)
return true if arr_res.include? true
# return true
end
+1
source to share
hope this can help. https://github.com/cschiewek/devise_ldap_authenticatable
But before you close "Not Answer" Please check the link. May help your problem.
0
source to share
Only 4 months late, but for those still facing this, you can monkeys fix one method in a gem
module Devise
module LDAP
class Connection
def in_required_groups?
found = false
return true unless @check_group_membership
return false if @required_groups.nil?
for group in @required_groups
if group.is_a?(Array)
found = true if in_group?(group[1], group[0])
# return false unless in_group?(group[1], group[0])
else
found = true if in_group?(group)
# found = true if in_group?(group[1], group[0])
end
end
return found
end
end
end
end
0
source to share