devise_ldap_authenticatable Group validation doesn't work

Here's WEBrick output:

    LDAP: LDAP dn lookup: uid=my_name
    LDAP: LDAP search for login: uid=my_name
    LDAP: LDAP search yielded 2 matches
    LDAP: Authorizing user uid=my_name,cn=users,cn=accounts,dc=aws,dc=company,dc=net
    LDAP: Not authorized because not in required groups.
    In my devise.rb file config.ldap_check_group_membership & config.ldap_ad_group_check are set as true.

ldap.yml:

authorizations: &AUTHORIZATIONS
allow_unauthenticated_bind: false
group_base: cn=groups,cn=accounts,dc=aws,dc=company,dc=net
required_groups:
- cn=noc,cn=groups,cn=accounts,dc=aws,dc=company,dc=net

Using ldapsearch command I checked that my ldap tree looks like that:

noc, groups, accounts, aws.company.net
dn: cn=noc,cn=groups,cn=accounts,dc=aws,dc=company,dc=net
member: uid=b..,cn=users,cn=accounts,dc=aws,dc=company,dc=net
member: uid=my_name,cn=users,cn=accounts,dc=aws,dc=company,dc=net
member: uid=i...,cn=users,cn=accounts,dc=aws,dc=company,dc=net
member: uid=n...,cn=users,cn=accounts,dc=aws,dc=company,dc=net
member: uid=s...,cn=users,cn=accounts,dc=aws,dc=company,dc=net
member: uid=e...,cn=users,cn=accounts,dc=aws,dc=company,dc=net
objectClass: top
objectClass: groupofnames
objectClass: nestedgroup
objectClass: ipausergroup
objectClass: ipaobject
objectClass: posixgroup
objectClass: ipantgroupattrs
description: noc operators group
cn: noc

Please can somebody point out what am I doing wrong? Thanks in advance!

Feb 19 '15 00:02 ggnix

Did you get to solve the issue? Ran into the same :(

Feb 27 '15 23:02 PritiKumr

No, it seems like gem issue. Used net-ldap library and it worked

Mar 08 '15 12:03 ggnix

I think this might be because your LDAP has groupofnames where devise-ldap expects groupOfUniqueNames

Sep 14 '15 15:09 jcoyne

Here's the code where its searching for uniqueMember rather than member (which is what you need): https://github.com/cschiewek/devise_ldap_authenticatable/blob/master/lib/devise_ldap_authenticatable/ldap/connection.rb#L173

Sep 14 '15 15:09 jcoyne

This story is the same as https://github.com/cschiewek/devise_ldap_authenticatable/issues/185

Sep 14 '15 15:09 jcoyne

devise_ldap_authenticatable devise_ldap_authenticatable copied to clipboard

Group validation doesn't work

devise_ldap_authenticatable
devise_ldap_authenticatable copied to clipboard