0
我想用设计与Ldap但是我似乎是在初始设置中使用LDAP的设计做错了我已经使用设计与数据库身份验证,但是,我想切换和使用我现有的广告。任何帮助将不胜感激!Ldap不与设计工作
我只使用LDAP这个测试脚本,它完美的作品
require 'net/ldap'
class ActiveDirectoryUser
SERVER = 'myactivedir.mydomain.com'
PORT = 389
BASE = 'DC=mydomain,DC=com'
DOMAIN = 'mydomain.com'
def self.authenticate(login, pass)
return false if login.empty? or pass.empty?
conn = Net::LDAP.new :host => SERVER,
:port => PORT,
:base => BASE,
:auth => { :username => "#{login}@#{DOMAIN}",
:password => pass,
:method => :simple }
if conn.bind and user = conn.search(:filter => "sAMAccountName=#{login}").first
return user
else
return nil
end
rescue Net::LDAP::LdapError => e
return false
end
end
我与上面的代码运行这一点,它给我的所有属性的测试
irb(main):003:0> user = ActiveDirectoryUser.authenticate('test','test12345')
=> #<Net::LDAP::Entry:0x007fcfab831ee0 @myhash={:dn=>["CN=test,CN=Users,DC=mydomain,DC=com"], :objectclass=>["top", "person", "organizationalPerson", "user"], :cn=>["test"], :samaccountname=>["test"].......keeps going
如果我使用错误的用户测试密码我得到这个,所以我知道它的身份验证正确工作。
irb(main):002:0> ActiveDirectoryUser.authenticate('test','test123')
=> nil
但是,当我尝试与设计相同的设置它总是返回这个。
LDAP: LDAP dn lookup: sAMAccountName=test
LDAP: LDAP dn lookup: sAMAccountName=test
LDAP: LDAP search for login: sAMAccountName=test
LDAP: LDAP search for login: sAMAccountName=test
LDAP: LDAP search yielded 0 matches
LDAP: LDAP search yielded 0 matches
LDAP: Authorizing user sAMAccountName=test,dc=mydomain,dc=com
LDAP: Authorizing user sAMAccountName=test,dc=mydomain,dc=com
LDAP: Not authorized because not authenticated.
LDAP: Not authorized because not authenticated.
这里是我的devise.rb配置 - >
Devise.setup do |config|
# ==> LDAP Configuration
config.ldap_logger = true
# config.ldap_create_user = false
# config.ldap_update_password = true
config.ldap_config = "#{Rails.root}/config/ldap.yml"
#config.ldap_auth_username_builder = Proc.new() {|attribute, login, ldap| "#{login}@mydomain.com"} tried this still no luck......
# config.ldap_check_group_membership = false
# config.ldap_check_group_membership_without_admin = false
# config.ldap_check_attributes = false
# config.ldap_use_admin_to_bind = false
# config.ldap_ad_group_check = false
这里是我的配置/ ldap.yml
development:
host: myactivedir.mydomain.com
domain: mydomain.com
port: 389
attribute: sAMAccountName
base: dc=mydomain,dc=com