devise ldap auth with group restrict rails 5 and devise 4.3

Question

i have a problems to restirct access from a member of a group. My application are a Rails 5 app with devise and devise_ldap_authenticatable gems installed.

this my ldap.yml

authorizations: &AUTHORIZATIONS
allow_unauthenticated_bind: false
group_base: "CN=Domain Admins,CN=Users,DC=XXX,DC=XX"
## Requires config.ldap_check_group_membership in devise.rb be true
# Can have multiple values, must match all to be authorized
required_groups:
   - CN=Domain Admins,CN=Users,DC=xxx,DC=xx

my devise.rb

config.ldap_logger = true
config.ldap_create_user = true
config.ldap_update_password = true
#config.ldap_config = "#{Rails.root}/config/ldap.yml"
config.ldap_check_group_membership = true
config.ldap_ad_group_check = true
##config.ldap_check_attributes = true
config.ldap_use_admin_to_bind = true

i try all combination but nothing works. I changed the line 174 of connection.rb

filter = Net::LDAP::Filter.eq("uniqueMember", dn)

with

filter = Net::LDAP::Filter.eq("member", dn)

OR

filter = Net::LDAP::Filter.eq("memberOf", dn)

but nothing happens please i need to solve this!

thanks for all reply

score 1 · Answer 1 · answered Aug 18 '17 at 08:55

1

UPDATE

check the # <<: *AUTHORIZATIONS at bottom of authentication Ldap and uncomment it <<: *AUTHORIZATIONS

this put the group check into ldap auth.

bye!!!

answered Aug 18 '17 at 08:55

Andrea Manca

11
1

devise ldap auth with group restrict rails 5 and devise 4.3

1 Answers1