I'm currently working on a rails project in which I am in charge of user authentication. We've decided to use third party authentication and I tried following an example setup. The example is done by Kevin Thompson and is called example.
According to the LDAP sever's documentation, the steps I need to do are:
- Connect to the LDAP server.
- Bind anonymously (no DN and password).
- Search for the LDAP entry using the username
- Retrieve the DN for the username if found.
- Rebind with the user's DN and password that they supplied.
- If this rebind succeeds, the user is authenticated.
I've followed Thompson's example, except that I'm not using nifty; using devise for user management and omniauth-ldap for authentication. However, it's not quite working, and I'm wondering if it has to do with a discrepancy between what the server documentation tells me to do and what omniauth-ldap is actually doing...
Specifically, my problem is that I always get an "Invalid credentials" error. Is this because of a mismatch between what I need to do and what omniauth-ldap is doing?
Advice or suggestions are greatly appreciated!
A little more information about how I've set up (to maintain anonymity, I replaced some things) I can post more of my code upon request.
config/initializers/devise.rb:
config.omniauth :ldap,
:host => 'ldap1.its.domain.ext',
:base => 'ou=People, dc=domain, dc=ext',
:port => 389,
:attrs => 'uid',
:method => :plain,
:uid => 'uid'
app/controllers/users/omniauth_callbacks_controller.rb:
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
skip_before_filter :verify_authenticity_token
def ldap
ldap_return = request.env["omniauth.auth"]["extra"]["raw_info"]
username = ldap_return.uid[0].to_s
if @user = User.find_by_username(username)
sign_in_and_redirect @user
else
@user = User.create(:username => username,)
sign_in_and_redirect @user
end
end
end