omniauth-ldap icon indicating copy to clipboard operation
omniauth-ldap copied to clipboard
verified publisher icon omniauth

Array of ldap email fields doesn't work

Open holms opened this issue 12 years ago • 3 comments

This actually came from gitlab-omniauth-ldap fork, so pardon me if it's their issue but you need to confirm this first, or else they probably wont accept this ticket in there..

I tried to authorize with my LDAP user and I've got this exception: https://github.com/gitlabhq/gitlabhq/blob/master/lib/gitlab/auth.rb#L7

Then I've found this post: https://groups.google.com/forum/#!topic/gitlabhq/cM1f-uifc1Q

I went here: https://github.com/intridea/omniauth-ldap/blob/master/lib/omniauth/strategies/ldap.rb#L11

Changed this line to:

'email' => 'userPrincipalName',

and I'm able to login!!

So obviously it's doesn't rotate this array. Would be nice to find out why and fix it.

holms avatar Jun 26 '13 15:06 holms

I also had trouble with this issue, it doesn't seem that any values but the first in this array are checked.

Since my ldap accounts use the 'email' field, I used the following workarounds:

I edited the ldap.rb file and changed this line: 'email' => ['mail', "email", 'userPrincipalName'], to this: 'email' => ['email', "mail", 'userPrincipalName'],

Additionally, I could have modified/added 'mail' attributes for my users along with 'email,' but this is a big inconvenience.

Could someone take a look at this? It doesn't seem that I'm the first to get stuck here..

stevenolen avatar Jul 17 '13 17:07 stevenolen

It's because Net::LDAP::Entry.new[:email] returns [] and not a nil value. And [] it's true try:[] ? "true" : "false"

It's ok to use [].present? - see my patch on LDAP.map_user method

module OmniAuth
  module Strategies
    class LDAP
      # object[v.downcase.to_sym] return a empty array, use .present?
      # https://github.com/intridea/omniauth-ldap/blob/master/lib/omniauth/strategies/ldap.rb#L69
      def self.map_user(mapper, object)
        user = {}
        mapper.each do |key, value|
          case value
          when String
            user[key] = object[value.downcase.to_sym].first if object[value.downcase.to_sym].present?
          when Array
            value.each {|v| (user[key] = object[v.downcase.to_sym].first; break;) if object[v.downcase.to_sym].present?}
          when Hash
            value.map do |key1, value1|
              pattern = key1.dup
              value1.each_with_index do |v,i|
                part = ''; v.collect(&:downcase).collect(&:to_sym).each {|v1| (part = object[v1].first; break;) if object[v1].present?}
                pattern.gsub!("%#{i}",part||'')
              end
              user[key] = pattern
            end
          end
        end
        user
      end
    end
  end
end

jlbfalcao avatar Sep 21 '13 23:09 jlbfalcao

Or take a look: https://github.com/intridea/omniauth-ldap/pull/17

jlbfalcao avatar Sep 21 '13 23:09 jlbfalcao