Devise::LdapAdapter.get_ldap_param not retrieving attributes #94

link82 opened this Issue Jul 23, 2012 · 6 comments


None yet
7 participants

link82 commented Jul 23, 2012

Hello, I'm trying to use ldap_authenticatable to authenticate domain users in my application.
Ldap lookup seems to work correcly, i get authenticated but i receive no attribute for my user and if I try to get them using "get_ldap_param" on before_save it returns nil.

I tried to connect simply using Ldap gem and i receive correctly every attribute.

Here my config:

  # ==> LDAP Configuration 
  config.ldap_logger = true
  config.ldap_create_user = true
  config.ldap_update_password = true

This is the console output:

LDAP: LDAP dn lookup: cn=davide
LDAP: LDAP search for login: cn=davide
LDAP: Authorizing user cn=davide,ou=Users,ou=NET1,dc=company,dc=local
LDAP: LDAP dn lookup: cn=davide
LDAP: LDAP search for login: cn=davide

I've hit this too, as have others on Stack Overflow (see, and I've figured out the issue. Basically, calls to get_ldap_param do not explicitly call @ldap.auth, which means that they use :auth = {:method = :anonymous}. If you have a sever that does not allow anonymous access (eg. a default setup of Active Directory), the lookup will fail.

I've monkey-patched .ldap_connect to accept a password argument and call authenticate! explicitly, and will be sending a pull request shortly.

jpatokal pushed a commit to jpatokal/devise_ldap_authenticatable that referenced this issue Sep 21, 2012

+1 for addressing this.


cschiewek commented Jul 2, 2013

This is the same as #69. I will be fixing it at some point.

@cschiewek cschiewek closed this Jul 2, 2013

ivey commented Aug 5, 2013

Pretty sure this is not the same as #69, and should be re-opened. #69 was about array returns, this is about authentication.

smlance commented Aug 13, 2014

This problem persists, and I agree that it's not the same as #69. Please fix this.

EDIT: Never mind; my code had a subtle bug. I had attr_accessor: :authentication_key in my User model, and this was causing self.authentication_key to return nil. This is why get_ldap_param was returning nil. Removing attr_accessor: :authentication_key fixed this.

P.S. I'm using Rails 4.

spcurry commented Jan 14, 2015

I've also run into this problem, and spent a bunch of time debugging then writing my own workaround. Definitely not the same as issue #69.

Note: the get_ldap_param call works correctly if you have config.ldap_use_admin_to_bind set to true, but I can't use admin to bind.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment