Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed method: in_group? & user_groups #269

Open
wants to merge 1 commit into
base: default
Choose a base branch
from
+12 −9
Open

Fixed method: in_group? & user_groups #269

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions lib/devise_ldap_authenticatable/ldap/adapter.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,8 +51,8 @@ def self.valid_login?(login)
self.ldap_connect(login).valid_login?
end

def self.get_groups(login)
self.ldap_connect(login).user_groups
def self.get_groups(login, attr = :dn)
self.ldap_connect(login).user_groups(attr)
end

def self.in_ldap_group?(login, group_name, group_attribute = nil)
Expand Down
8 changes: 4 additions & 4 deletions lib/devise_ldap_authenticatable/ldap/connection.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -159,7 +159,7 @@ def in_group?(group_name, group_attribute = LDAP::DEFAULT_GROUP_UNIQUE_MEMBER_LI

unless ::Devise.ldap_ad_group_check
group_checking_ldap.search(:base => group_name, :scope => Net::LDAP::SearchScope_BaseObject) do |entry|
if entry[group_attribute].include? dn
if entry[group_attribute].include? @login
in_group = true
DeviseLdapAuthenticatable::Logger.send("User #{dn} IS included in group: #{group_name}")
end
Expand Down Expand Up @@ -219,11 +219,11 @@ def has_required_attribute_presence?
return true
end

def user_groups
def user_groups(attr = :dn)
admin_ldap = Connection.admin
DeviseLdapAuthenticatable::Logger.send("Getting groups for #{dn}")
filter = Net::LDAP::Filter.eq(@group_membership_attribute, dn)
admin_ldap.search(:filter => filter, :base => @group_base).collect(&:dn)
filter = Net::LDAP::Filter.eq(@group_membership_attribute, @login)
admin_ldap.search(:filter => filter, :base => @group_base).collect(&attr.to_sym)
end

def valid_login?
Expand Down
9 changes: 6 additions & 3 deletions lib/generators/devise_ldap_authenticatable/templates/ldap.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,18 +12,21 @@ authorizations: &AUTHORIZATIONS
- cn=admins,ou=groups,dc=test,dc=com
- cn=users,ou=groups,dc=test,dc=com
# If an array is given, the first element will be the attribute to check against, the second the group name
- ["moreMembers", "cn=users,ou=groups,dc=test,dc=com"]
- ["memberUid", "cn=users,ou=groups,dc=test,dc=com"]
## Requires config.ldap_check_attributes in devise.rb to be true
## Can have multiple attributes and values, must match all to be authorized
require_attribute:
objectClass: inetOrgPerson
authorizationRole: postsAdmin
## Requires config.ldap_check_attributes_presence in devise.rb to be true
## Can have multiple attributes set to true or false to check presence, all must match all to be authorized
## Change the attributes value to lowercase
require_attribute_presence:
mail: true
telephoneNumber: true
serviceAccount: false
telephonenumber: true
serviceaccount: false
## If you want to get the user groups, you can check according to the new membership
group_membership_attribute: memberUid

## Environment

Expand Down