Home/ Questions/Q 7533451
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-30T05:43:46+00:00

I’m currently trying to implement Devise with LDAP Authentication on RAILS3. I’ve got it

  • 0

I’m currently trying to implement Devise with LDAP Authentication on RAILS3. I’ve got it setup and it appears to connect and try to auth, but appears to fail. I don’t seem to get any sort of real error messages to work with so its very difficult to take it any further.

Log of login session:

Started POST "/users/sign_in" for 192.168.160.1 at Tue Dec 06 05:20:16 +0000 2011
  Processing by Devise::SessionsController#create as HTML
  Parameters: {"commit"=>"Sign in", "authenticity_token"=>"G2tEq9gPpJiN0RhanTd8HMWno62F+1oLWbU4xdX78bg=", "utf8"=>"\342\234\223", "user"=>{"remember_me"=>"0", "password"=>"[FILTERED]", "login"=>"richmond@email.com"}}
  User Load (0.1ms)  SELECT `users`.* FROM `users` WHERE `users`.`login` = 'richmond@email.com' LIMIT 1
  LDAP: LDAP dn lookup: mail=richmond@email.com
  LDAP: LDAP search for login: mail=richmond@email.com
  LDAP: Authorizing user mail=richmond@email.com,ou=groupxx,o=company.com
  LDAP: LDAP dn lookup: mail=richmond@email.com
  LDAP: LDAP search for login: mail=richmond@email.com
Completed 401 Unauthorized in 7147ms
  Processing by Devise::SessionsController#new as HTML
  Parameters: {"commit"=>"Sign in", "authenticity_token"=>"G2tEq9gPpJiN0RhanTd8HMWno62F+1oLWbU4xdX78bg=", "utf8"=>"\342\234\223", "user"=>{"remember_me"=>"0", "password"=>"[FILTERED]", "login"=>"richmond@email.com"}}
Rendered devise/shared/_links.erb (0.1ms)
Rendered devise/sessions/new.html.erb within layouts/application (5.0ms)
Completed 200 OK in 23ms (Views: 21.4ms | ActiveRecord: 0.0ms)


Started GET "/assets/defaults.js" for 192.168.160.1 at Tue Dec 06 05:20:23 +0000 2011
Served asset /defaults.js - 404 Not Found (3ms)

ActionController::RoutingError (No route matches [GET] "/assets/defaults.js"):


Rendered /usr/local/lib/ruby/gems/1.8/gems/actionpack-3.1.0/lib/action_dispatch/middleware/templates/rescues/routing_error.erb within rescues/layout (0.5ms)

ldap config:

development:
  host: ldap.company.com
  port: 636
  attribute: mail
  base: ou=groupxx,o=company.com
  #admin_user: cn=admin,dc=test,dc=com
  #admin_password: admin_password
  ssl: true
  # <<: *AUTHORIZATIONS

I don’t have access to the LDAP server so I cannot confirm anything from that end. The main issue I have is that I cannot get any error messages out of the login process – Is it not able to find the user? Does it find the user but fail login? Why does it do 2 LDAP searches?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I found out the problem I had was that the LDAP server my company (IBM) uses was using a different protocol standard to the ones officially supported by NET-LDAP.
    You simply need to change the PagedResults Control Type to a slightly different standard:

    #PagedResults = "1.2.840.113556.1.4.319" # Microsoft evil from RFC 2696
PagedResults = "2.16.840.1.113730.3.4.2" # IBM Bluepages compatible ControlType

    Full code change details here.

    I forked it and fixed it over here on GitHub.

    • 0