LDAP authentication via Devise - having troubles with connection setup

0
votes

I am new to the ldap and I'm trying to build connection to the remote ldap server with devise_ldap_authenticable gem to authenticate my users from there. And I'm in trouble with it. The thing is I'm not really sure what data to put where, and response that I receive in console looks like this:

LDAP: LDAP dn lookup: memberUid=n.taran
LDAP: LDAP search for login: memberUid=n.taran
LDAP: LDAP search yielded 8 matches
LDAP: Authorizing user cn=Mail,cn=Sites access,dc=mydomain,dc=com
LDAP: Not authorized because not authenticated.
LDAP: LDAP dn lookup: memberUid=n.taran
LDAP: LDAP search for login: memberUid=n.taran
LDAP: LDAP search yielded 8 matches
LDAP: Authorizing user cn=Mail,cn=Sites access,dc=mydomain,dc=com
LDAP: Not authorized because not authenticated.
Completed 401 Unauthorized in 960ms (ActiveRecord: 1.9ms)

This is the given credentials which I should use in the connection:

LDAP URL: ldap://ldap.mydomain.com
Root DN: dc=mydomain,dc=com
BindDN: cn=proxy,dc=mydomain,dc=com
BindPassword: some_password
attribute: memberUid

and this is my ldap.yml:

    authorizations: &AUTHORIZATIONS
    allow_unauthenticated_bind: false
    group_base: ou=groups,dc=test,dc=com

    required_groups:
        - cn=admins,ou=groups,dc=test,dc=com
        - cn=users,ou=groups,dc=test,dc=com
        - ["moreMembers", "cn=users,ou=groups,dc=test,dc=com"]
   require_attribute:
        objectClass: inetOrgPerson
        authorizationRole: postsAdmin

   ## Environment

    development:
      host: ldap.mydomain.com
      port: 389
      attribute: memberUid
      base: dc=mydomain,dc=com
      admin_user: cn=proxy,dc=mydomain,dc=com
      admin_password: some_password
      ssl: false
      # <<: *AUTHORIZATIONS

I want to authenticate with login, not email, so this is how my devise.rb looks like:

    Devise.setup do |config|
      # ==> LDAP Configuration 
    config.ldap_logger = true
    config.ldap_create_user = true
    config.ldap_update_password = true
    # config.ldap_config = "#{Rails.root}/config/ldap.yml"
    # config.ldap_check_group_membership = false
    # config.ldap_check_group_membership_without_admin = false
    # config.ldap_check_attributes = false
    config.ldap_use_admin_to_bind = true
    # config.ldap_ad_group_check = false

    #some more code

    config.authentication_keys = [:username]

Can anyone help me to make my connection work? Perhaps, what information I need or what am I doing wrong with this whole thing? Thank you in advance!

1
ruby-on-rails-4authenticationdeviseldapconnection

1 Answers

0
votes

UPDATE: I have found an answer to my question. The problem was that I had the wrong credentials! If anyone would run into same problem - for me the right attribute was 'uid' and the right base: ou=Employees,dc=mydomian,dc=com

I use an LDAP browser (LDAP Administrator - Softerra) to both test the login credentials I plan to use and to check the schema before I create the app's LDAP config. Tends to head off frustration and surprises.