Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Can I bind against the current user #59

Open
amenk opened this issue Aug 5, 2015 · 10 comments
Open

Can I bind against the current user #59

amenk opened this issue Aug 5, 2015 · 10 comments

Comments

@amenk
Copy link

amenk commented Aug 5, 2015

We would like to use the user which is trying to login for the bind.

We tried this:

bind_dn: 'Foobar\%{username}'
password: '%{password}'

It is not working.

If I hard code my user and password, it does work.

@markmcdonald51
Copy link

Hi!

I had a bit of trouble gettting this thing to work myself. LDAP isn't the most popular way to log in but once you get it going it looks like it will work nicely with OmniAuth.

First, get a service account to bind to the LDAP server. The LDAP server si like a database so unless you are accessing it via anonymous you will need to have access to query it...Check with the LDAP admin to get this.

Once you have access, do a small test to see if you can bind to the LDAP server (like below)

require 'rubygems'
require 'net/ldap'

ldap = Net::LDAP.new
ldap.host = 'LDAPAD.SOMEWHERE.ORG'
ldap.port = 389
ldap.auth "service_account_user_name", "service_account_password"
if ldap.bind
#puts ldap.methods(:instance)
puts "authentication succeeded"
else
puts "authentication failed"
end

filter = Net::LDAP::Filter.eq( "cn", "[email protected]" )
treebase = "dc=some_dc,dc=org"

ldap.search( :base => treebase, :filter => filter ) do |entry|
puts "DN: #{entry.dn}"
entry.each do |attribute, values|
puts " #{attribute}:"
values.each do |value|
puts " --->#{value}"
end
end
end

p ldap.get_operation_result

-------------- If that binds ok then add an initializer for oauth

Rails.application.config.middleware.use OmniAuth::Builder do
provider :ldap,
:title => "WAHTEVER YOU WANT TO CALL THIS LDAP LOGIN",
:host => HOST_SERVERs.IP_OR_DOMAINNAME.ORG',
:port => 389,
:uid => 'cn', # this might be different --- might want to try to connect with a small script to try to bind...
:bind_dn => '[email protected]',
:password => 'the_password_for_the_service_account_used_to_query_ldap',
:name_proc => Proc.new {|name| name.gsub(/@.*$/,'')},
:base => 'OU=SOME_FOLDER,OU=IN_LDAP,DC=SOMEPLACE,DC=ORG'
end

This worked for me. Hopefully this helps!

--mark

@pscdodd
Copy link

pscdodd commented Apr 18, 2016

I added the following lines to omniauth-ldap-*/lib/omniauth/strategies/ldpa.rb at the top of method "callback_phase"

       @options[:password] = @options[:password].sub('%{password}', request['password'])
       @options[:bind_dn] = @options[:bind_dn].sub('%{username}', request['username'])

to be able to use %{password} and %{username} in the LDAP omniauth initializer

@amenk
Copy link
Author

amenk commented Apr 18, 2016

Cool, thanks. Will you make a pull request?

@pscdodd
Copy link

pscdodd commented Apr 18, 2016

Sorry, no, the code is inelegent – should be more general

Von: Alexander Menk [mailto:[email protected]]
Gesendet: Montag, 18. April 2016 17:21
An: intridea/omniauth-ldap [email protected]
Cc: Dodd, Paul Sutton (UB) [email protected]
Betreff: Re: [intridea/omniauth-ldap] Can I bind against the current user (#59)

Cool, thanks. Will you make a pull request?


You are receiving this because you commented.
Reply to this email directly or view it on GitHubhttps://github.com//issues/59#issuecomment-211428036

@vchrizz
Copy link

vchrizz commented Mar 12, 2018

@pscdodd i guess code can always be made better once there is some base? ;)
would you mind to share your version so we could potentially generalize it?

@pscdodd
Copy link

pscdodd commented Mar 12, 2018 via email

@vchrizz
Copy link

vchrizz commented Mar 13, 2018

thanks!

@amenk: can you work with this? would be great if there is some progress :)

@amenk
Copy link
Author

amenk commented Mar 13, 2018

@vchrizz Currently it does not have priority in our project any more .. But still it is nice to have and a clean solution for future projects.

vchrizz pushed a commit to vchrizz/omniauth-ldap that referenced this issue Mar 15, 2018
added to be able to use %{password} and %{username} in the LDAP omniauth initializer
credits @pscdodd omniauth#59 (comment)
@vchrizz
Copy link

vchrizz commented Mar 15, 2018

pull-request #81 created.

@Tom910
Copy link

Tom910 commented Jul 17, 2018

Any updates?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants