Can I bind against the current user about omniauth-ldap HOT 10 OPEN

I added the following lines to omniauth-ldap-*/lib/omniauth/strategies/ldpa.rb at the top of method "callback_phase"

       @options[:password] = @options[:password].sub('%{password}', request['password'])
       @options[:bind_dn] = @options[:bind_dn].sub('%{username}', request['username'])

to be able to use %{password} and %{username} in the LDAP omniauth initializer

from omniauth-ldap.

pull-request #81 created.

from omniauth-ldap.

from omniauth-ldap.

Hi!

I had a bit of trouble gettting this thing to work myself. LDAP isn't the most popular way to log in but once you get it going it looks like it will work nicely with OmniAuth.

First, get a service account to bind to the LDAP server. The LDAP server si like a database so unless you are accessing it via anonymous you will need to have access to query it...Check with the LDAP admin to get this.

Once you have access, do a small test to see if you can bind to the LDAP server (like below)

require 'rubygems'
require 'net/ldap'

ldap = Net::LDAP.new
ldap.host = 'LDAPAD.SOMEWHERE.ORG'
ldap.port = 389
ldap.auth "service_account_user_name", "service_account_password"
if ldap.bind
#puts ldap.methods(:instance)
puts "authentication succeeded"
else
puts "authentication failed"
end

filter = Net::LDAP::Filter.eq( "cn", "[email protected]" )
treebase = "dc=some_dc,dc=org"

ldap.search( :base => treebase, :filter => filter ) do |entry|
puts "DN: #{entry.dn}"
entry.each do |attribute, values|
puts " #{attribute}:"
values.each do |value|
puts " --->#{value}"
end
end
end

p ldap.get_operation_result

-------------- If that binds ok then add an initializer for oauth

Rails.application.config.middleware.use OmniAuth::Builder do
provider :ldap,
:title => "WAHTEVER YOU WANT TO CALL THIS LDAP LOGIN",
:host => HOST_SERVERs.IP_OR_DOMAINNAME.ORG',
:port => 389,
:uid => 'cn', # this might be different --- might want to try to connect with a small script to try to bind...
:bind_dn => '[email protected]',
:password => 'the_password_for_the_service_account_used_to_query_ldap',
:name_proc => Proc.new {|name| name.gsub(/@.*$/,'')},
:base => 'OU=SOME_FOLDER,OU=IN_LDAP,DC=SOMEPLACE,DC=ORG'
end

This worked for me. Hopefully this helps!

--mark

from omniauth-ldap.

Cool, thanks. Will you make a pull request?

from omniauth-ldap.

Sorry, no, the code is inelegent – should be more general

Von: Alexander Menk [mailto:[email protected]]
Gesendet: Montag, 18. April 2016 17:21
An: intridea/omniauth-ldap [email protected]
Cc: Dodd, Paul Sutton (UB) [email protected]
Betreff: Re: [intridea/omniauth-ldap] Can I bind against the current user (#59)

Cool, thanks. Will you make a pull request?

—
You are receiving this because you commented.
Reply to this email directly or view it on GitHubhttps://github.com//issues/59#issuecomment-211428036

from omniauth-ldap.

@pscdodd i guess code can always be made better once there is some base? ;)
would you mind to share your version so we could potentially generalize it?

from omniauth-ldap.

thanks!

@amenk: can you work with this? would be great if there is some progress :)

from omniauth-ldap.

@vchrizz Currently it does not have priority in our project any more .. But still it is nice to have and a clean solution for future projects.

from omniauth-ldap.

Any updates?

from omniauth-ldap.