devise_ldap_authenticatable icon indicating copy to clipboard operation
devise_ldap_authenticatable copied to clipboard

Published 20 hours ago verified publisher icon cschiewek

Allow group check by an attribute other than 'uniqueMember'

Open Startouf opened this issue 10 years ago • 2 comments

My LDAP has groups of objectType posixGroup, and they don't have uniqueMember attribute but instead memberUid attribute.

Hence, LDAP::Adapter.get_groups() will fail because it had a hardcoded 'uniqueMember' filter (ldap/connection.rb line 173)

This attribute should be instead specified in the config file. Or rather, it would be great if we could check user groups with multiple attributes.

Startouf avatar Jan 12 '15 00:01 Startouf

same problem here. does replacing 'uniqueMember' with 'memberUid' really solve the problem?

dgn avatar Jan 12 '15 16:01 dgn

I don't know. Because I could afford to change my LDAP structure, I decided to switch to objectType GroupeOfUniqueNames to have the uniqueMember attribute (I had to create the groups anyway and only a few of them were already POSIX groups).

However the solution should work. Or that's the feeling I got when I looked at the packets from Wireshark. I believe you could use whatever attribute name you want.

Startouf avatar Jan 17 '15 00:01 Startouf