All geek questions in one place

LDAP: Not Allowed Because Not Authenticated

I have the following login credentials

EMAIL=xxxx@gmail.com and PASSWORD=test1234

and higher credentials are correct.

But during login I get the following error

  LDAP: LDAP dn lookup: cn=xxxx@gmail.com
  LDAP: LDAP search for login: cn=xxxx@gmail.com
  LDAP: LDAP search yielded 0 matches
  LDAP: Authorizing user cn=xxxx@gmail.com,ou=people,dc=test,dc=com
  LDAP: Not authorized because not authenticated.
Completed 401 Unauthorized in 9ms

This is my configuration.

For ldap.yml

authorizations: &AUTHORIZATIONS
  allow_unauthenticated_bind: false
  group_base: ou=groups,dc=test,dc=com
  ## Requires config.ldap_check_group_membership in devise.rb be true
  # Can have multiple values, must match all to be authorized
  required_groups:
    # If only a group name is given, membership will be checked against "uniqueMember"
    - cn=admins,ou=groups,dc=test,dc=com
    - cn=users,ou=groups,dc=test,dc=com
    # If an array is given, the first element will be the attribute to check against, the second the group name
    - ["moreMembers", "cn=users,ou=groups,dc=test,dc=com"]
  ## Requires config.ldap_check_attributes in devise.rb to be true
  ## Can have multiple attributes and values, must match all to be authorized
  require_attribute:
    objectClass: inetOrgPerson
    authorizationRole: postsAdmin

## Environment

development:
  host: localhost
  port: 389
  attribute: cn
  base: ou=people,dc=test,dc=com
  admin_user: cn=admin,dc=test,dc=com
  admin_password: admin_password
  ssl: false
  # <<: *AUTHORIZATIONS

and for device.rb

# Use this hook to configure devise mailer, warden hooks and so forth.
# Many of these configuration options can be set straight in your model.
Devise.setup do |config|
  # ==> LDAP Configuration 
  # config.ldap_logger = true
  config.ldap_create_user = true
  # config.ldap_update_password = true
  config.ldap_config = "#{Rails.root}/config/ldap.yml"
  config.ldap_check_group_membership = true
  # config.ldap_check_group_membership_without_admin = false
  config.ldap_check_attributes = true
  config.ldap_use_admin_to_bind = true
  config.ldap_ad_group_check = true

  config.mailer_sender = 'please-change-me-at-config-initializers-devise@example.com'

  require 'devise/orm/active_record'

  config.case_insensitive_keys = [:email]
  config.strip_whitespace_keys = [:email]
  config.skip_session_storage = [:http_auth]
  config.stretches = Rails.env.test? ? 1 : 10
  config.reconfirmable = true
  config.expire_all_remember_me_on_sign_out = true
  config.password_length = 8..72
  config.reset_password_within = 6.hours
  config.sign_out_via = :delete
end

What is wrong in the code above? Please help me.

+4
source share

No one has answered this question yet.

See related questions:

Source: https://habr.com/ru/post/1618160/

More articles:


All Articles