From 5acf382cda070e96b2337a739baecd5a935447b4 Mon Sep 17 00:00:00 2001 From: wells_muker <690338776@qq.com> Date: Thu, 15 Apr 2021 21:19:40 +0800 Subject: [PATCH] Fixed method: in_group? & user_groups --- lib/devise_ldap_authenticatable/ldap/adapter.rb | 4 ++-- lib/devise_ldap_authenticatable/ldap/connection.rb | 8 ++++---- .../devise_ldap_authenticatable/templates/ldap.yml | 9 ++++++--- 3 files changed, 12 insertions(+), 9 deletions(-) diff --git a/lib/devise_ldap_authenticatable/ldap/adapter.rb b/lib/devise_ldap_authenticatable/ldap/adapter.rb index 9e7c98b93d..c70903e3c7 100644 --- a/lib/devise_ldap_authenticatable/ldap/adapter.rb +++ b/lib/devise_ldap_authenticatable/ldap/adapter.rb @@ -51,8 +51,8 @@ def self.valid_login?(login) self.ldap_connect(login).valid_login? end - def self.get_groups(login) - self.ldap_connect(login).user_groups + def self.get_groups(login, attr = :dn) + self.ldap_connect(login).user_groups(attr) end def self.in_ldap_group?(login, group_name, group_attribute = nil) diff --git a/lib/devise_ldap_authenticatable/ldap/connection.rb b/lib/devise_ldap_authenticatable/ldap/connection.rb index faefa574cc..63c743749b 100644 --- a/lib/devise_ldap_authenticatable/ldap/connection.rb +++ b/lib/devise_ldap_authenticatable/ldap/connection.rb @@ -159,7 +159,7 @@ def in_group?(group_name, group_attribute = LDAP::DEFAULT_GROUP_UNIQUE_MEMBER_LI unless ::Devise.ldap_ad_group_check group_checking_ldap.search(:base => group_name, :scope => Net::LDAP::SearchScope_BaseObject) do |entry| - if entry[group_attribute].include? dn + if entry[group_attribute].include? @login in_group = true DeviseLdapAuthenticatable::Logger.send("User #{dn} IS included in group: #{group_name}") end @@ -219,11 +219,11 @@ def has_required_attribute_presence? return true end - def user_groups + def user_groups(attr = :dn) admin_ldap = Connection.admin DeviseLdapAuthenticatable::Logger.send("Getting groups for #{dn}") - filter = Net::LDAP::Filter.eq(@group_membership_attribute, dn) - admin_ldap.search(:filter => filter, :base => @group_base).collect(&:dn) + filter = Net::LDAP::Filter.eq(@group_membership_attribute, @login) + admin_ldap.search(:filter => filter, :base => @group_base).collect(&attr.to_sym) end def valid_login? diff --git a/lib/generators/devise_ldap_authenticatable/templates/ldap.yml b/lib/generators/devise_ldap_authenticatable/templates/ldap.yml index 6afa181677..8d7485e9d5 100644 --- a/lib/generators/devise_ldap_authenticatable/templates/ldap.yml +++ b/lib/generators/devise_ldap_authenticatable/templates/ldap.yml @@ -12,7 +12,7 @@ authorizations: &AUTHORIZATIONS - cn=admins,ou=groups,dc=test,dc=com - cn=users,ou=groups,dc=test,dc=com # If an array is given, the first element will be the attribute to check against, the second the group name - - ["moreMembers", "cn=users,ou=groups,dc=test,dc=com"] + - ["memberUid", "cn=users,ou=groups,dc=test,dc=com"] ## Requires config.ldap_check_attributes in devise.rb to be true ## Can have multiple attributes and values, must match all to be authorized require_attribute: @@ -20,10 +20,13 @@ authorizations: &AUTHORIZATIONS authorizationRole: postsAdmin ## Requires config.ldap_check_attributes_presence in devise.rb to be true ## Can have multiple attributes set to true or false to check presence, all must match all to be authorized + ## Change the attributes value to lowercase require_attribute_presence: mail: true - telephoneNumber: true - serviceAccount: false + telephonenumber: true + serviceaccount: false + ## If you want to get the user groups, you can check according to the new membership + group_membership_attribute: memberUid ## Environment