LDAP Group Membership Authentication - Rails

Question

LDAP Group Membership Authentication - Rails

I am new to LDAP and am now dealing with this. I have a rails application where I need to authenticate a user if he is from a group. I tried several options, but nothing worked. Any help would be greatly appreciated. Thanks in advance.

Here are the devise_ldap settings and terminal output.

Devise_ldap settings - ldap.yml

authorizations: &AUTHORIZATIONS
  group_base: dc=skcript,dc=com
  required_groups:
    - ou=try1,dc=skcript,dc=com

    - ["moreMembers", "cn=users,ou=groups,dc=test,dc=com"]

  require_attribute:
    objectClass: inetOrgPerson
    authorizationRole: postsAdmin


development:
  host: localhost
  port: 389
  attribute: "uid"
  base: ou=try1,dc=skcript,dc=com
  admin_user: cn=admin,dc=skcript,dc=com
  admin_password: password
  ssl: false
  <<: *AUTHORIZATIONS

Terminal screen

+4

ruby-on-rails ldap openldap

Preethi kumar Feb 25 '15 at 16:46

source share

1 answer

Maurice Qch · Answer 1 · 2015-04-22T13:32:31+0000

This should work:

authorizations: &AUTHORIZATIONS
  group_base: dc=skcript,dc=com    
  require_attribute:
    objectClass: inetOrgPerson
    authorizationRole: postsAdmin
    uniqueMember: ou=try1,dc=skcript,dc=com

required_groups by default checks your dn group for the uniqueMember attribute.

Make sure that the attribute that stores the group data on your LDAP server has the same name.

Remember to set this in your devise.rb:

config.ldap_check_attributes = true

: https://github.com/cschiewek/devise_ldap_authenticatable/issues/96

LDAP Group Membership Authentication - Rails

More articles: