Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Array of ldap email fields doesn't work #33

Open
holms opened this issue Jun 26, 2013 · 3 comments
Open

Array of ldap email fields doesn't work #33

holms opened this issue Jun 26, 2013 · 3 comments

Comments

@holms
Copy link

holms commented Jun 26, 2013

This actually came from gitlab-omniauth-ldap fork, so pardon me if it's their issue but you need to confirm this first, or else they probably wont accept this ticket in there..

I tried to authorize with my LDAP user and I've got this exception:
https://github.com/gitlabhq/gitlabhq/blob/master/lib/gitlab/auth.rb#L7

Then I've found this post:
https://groups.google.com/forum/#!topic/gitlabhq/cM1f-uifc1Q

I went here:
https://github.com/intridea/omniauth-ldap/blob/master/lib/omniauth/strategies/ldap.rb#L11

Changed this line to:

'email' => 'userPrincipalName',

and I'm able to login!!

So obviously it's doesn't rotate this array.
Would be nice to find out why and fix it.
@stevenolen
Copy link

I also had trouble with this issue, it doesn't seem that any values but the first in this array are checked.

Since my ldap accounts use the 'email' field, I used the following workarounds:

I edited the ldap.rb file and changed this line:
'email' => ['mail', "email", 'userPrincipalName'],
to this:
'email' => ['email', "mail", 'userPrincipalName'],

Additionally, I could have modified/added 'mail' attributes for my users along with 'email,' but this is a big inconvenience.

Could someone take a look at this? It doesn't seem that I'm the first to get stuck here..

@jlbfalcao
Copy link

It's because Net::LDAP::Entry.new[:email] returns [] and not a nil value. And [] it's true try:[] ? "true" : "false"

It's ok to use [].present? - see my patch on LDAP.map_user method

module OmniAuth
  module Strategies
    class LDAP
      # object[v.downcase.to_sym] return a empty array, use .present?
      # https://github.com/intridea/omniauth-ldap/blob/master/lib/omniauth/strategies/ldap.rb#L69
      def self.map_user(mapper, object)
        user = {}
        mapper.each do |key, value|
          case value
          when String
            user[key] = object[value.downcase.to_sym].first if object[value.downcase.to_sym].present?
          when Array
            value.each {|v| (user[key] = object[v.downcase.to_sym].first; break;) if object[v.downcase.to_sym].present?}
          when Hash
            value.map do |key1, value1|
              pattern = key1.dup
              value1.each_with_index do |v,i|
                part = ''; v.collect(&:downcase).collect(&:to_sym).each {|v1| (part = object[v1].first; break;) if object[v1].present?}
                pattern.gsub!("%#{i}",part||'')
              end
              user[key] = pattern
            end
          end
        end
        user
      end
    end
  end
end

@jlbfalcao
Copy link

Or take a look:
#17

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jlbfalcao @holms @stevenolen