Ldap没有使用Ldap。

Question

我正在尝试在Ldap中使用，但是，我似乎在为的初始设置中做了一些错误的事情，我已经在使用，但是，我想切换并使用我现有的AD。任何帮助都将不胜感激！

我有一个只使用LDAP的测试脚本，它运行得非常完美。

require 'net/ldap'

class ActiveDirectoryUser
  SERVER = 'myactivedir.mydomain.com'
  PORT = 389
  BASE = 'DC=mydomain,DC=com'
  DOMAIN = 'mydomain.com'

  def self.authenticate(login, pass)
    return false if login.empty? or pass.empty?

    conn = Net::LDAP.new :host => SERVER,
                         :port => PORT,
                         :base => BASE,
                         :auth => { :username => "#{login}@#{DOMAIN}",
                                    :password => pass,
                                    :method => :simple }


    if conn.bind and user = conn.search(:filter => "sAMAccountName=#{login}").first
      return user

    else
      return nil
   end

  rescue Net::LDAP::LdapError => e
    return false
  end
end

我用上面的代码运行它，它给出了测试的所有属性。

 irb(main):003:0> user = ActiveDirectoryUser.authenticate('test','test12345')

 => #<Net::LDAP::Entry:0x007fcfab831ee0 @myhash={:dn=>["CN=test,CN=Users,DC=mydomain,DC=com"], :objectclass=>["top", "person", "organizationalPerson", "user"], :cn=>["test"], :samaccountname=>["test"].......keeps going

如果我在用户测试中使用了错误的密码，我就会得到这个密码，所以我知道它在auth中正确工作。

 irb(main):002:0> ActiveDirectoryUser.authenticate('test','test123')
 => nil

但是，当我尝试使用同一个设置时，它总是返回以下内容。

 LDAP: LDAP dn lookup: sAMAccountName=test
 LDAP: LDAP dn lookup: sAMAccountName=test
 LDAP: LDAP search for login: sAMAccountName=test
 LDAP: LDAP search for login: sAMAccountName=test
 LDAP: LDAP search yielded 0 matches
 LDAP: LDAP search yielded 0 matches
 LDAP: Authorizing user sAMAccountName=test,dc=mydomain,dc=com
 LDAP: Authorizing user sAMAccountName=test,dc=mydomain,dc=com
 LDAP: Not authorized because not authenticated.
 LDAP: Not authorized because not authenticated.

这是我的devise.rb配置->

Devise.setup do |config|
   # ==> LDAP Configuration
   config.ldap_logger = true
   # config.ldap_create_user = false
   # config.ldap_update_password = true
   config.ldap_config = "#{Rails.root}/config/ldap.yml"
   #config.ldap_auth_username_builder = Proc.new() {|attribute, login, ldap| "#{login}@mydomain.com"}  tried this still no luck......
   # config.ldap_check_group_membership = false
   # config.ldap_check_group_membership_without_admin = false
   # config.ldap_check_attributes = false
   # config.ldap_use_admin_to_bind = false
   # config.ldap_ad_group_check = false

这是我的配置/ldap.yml

development:
  host: myactivedir.mydomain.com
  domain: mydomain.com
  port: 389
  attribute: sAMAccountName
  base: dc=mydomain,dc=com

Answer 1

在config/devise.rb中找出它--我把它包括在内--它起作用了。

config.ldap_auth_username_builder = Proc.new() {|attribute, login, ldap| "#{login}@mydomain.com"}