ETIMEDOUT with LDAP Authentication with Devise (rails)

StackOverflow https://stackoverflow.com/questions/13979658

Вопрос

Errno::ETIMEDOUT in Devise::SessionsController#create

I'm trying to create a rails application that uses Devise with LDAP Authentication.

Unfortunately, I don't think my LDAP settings are correct, but I can't figure out how to print out more detailed error information besides that a TIMEOUT occurred.

Here is my ldap config:

development:
  host: ad.cloud.domain.com
  #port: 389
  #attribute: cn
  base: DC=cloud,DC=domain,DC=com
  #admin_user: dc=cloud,dc=domain,dc=com
  #admin_password:
  ssl: false
  # <<: *AUTHORIZATIONS

I know that we're not using SSL, as I've ported this config over from a similar PHP application, but that PHP application does not have the attribute field. Maybe this is what I don't understand?

I've found a few questions that referenced how to change the error and how it relates to network connectivity, but I can't find my resources on understanding the Net::LDAP libraries and where this connection is failing, what I'm missing, and what I don't understand. I've verified network connectivity and have also verified LDAP permissions with anonymous access using the Windows client.

Here's the output, traces, and dumps: 

Errno::ETIMEDOUT in Devise::SessionsController#create

Connection timed out - connect(2)
Rails.root: /vagrant/zeus2

Application Trace | Framework Trace | Full Trace
net-ldap (0.2.2) lib/net/ldap.rb:1102:in `initialize'
net-ldap (0.2.2) lib/net/ldap.rb:1102:in `new'
net-ldap (0.2.2) lib/net/ldap.rb:1102:in `initialize'
net-ldap (0.2.2) lib/net/ldap.rb:632:in `new'
net-ldap (0.2.2) lib/net/ldap.rb:632:in `search'
net-ldap (0.2.2) lib/net/ldap.rb:1038:in `search_root_dse'
net-ldap (0.2.2) lib/net/ldap.rb:1089:in `paged_searches_supported?'
net-ldap (0.2.2) lib/net/ldap.rb:618:in `search'
devise_ldap_authenticatable (0.6.1) lib/devise_ldap_authenticatable/ldap_adapter.rb:239:in `search_for_login'
devise_ldap_authenticatable (0.6.1) lib/devise_ldap_authenticatable/ldap_adapter.rb:117:in `dn'
devise_ldap_authenticatable (0.6.1) lib/devise_ldap_authenticatable/ldap_adapter.rb:156:in `authorized?'
devise_ldap_authenticatable (0.6.1) lib/devise_ldap_authenticatable/ldap_adapter.rb:14:in `valid_credentials?'
devise_ldap_authenticatable (0.6.1) lib/devise_ldap_authenticatable/model.rb:45:in `valid_ldap_authentication?'
activesupport (3.2.9) lib/active_support/core_ext/object/try.rb:36:in `try'
devise_ldap_authenticatable (0.6.1) lib/devise_ldap_authenticatable/model.rb:91:in `authenticate_with_ldap'
devise_ldap_authenticatable (0.6.1) lib/devise_ldap_authenticatable/strategy.rb:12:in `authenticate!'
warden (1.2.1) lib/warden/strategies/base.rb:53:in `_run!'
warden (1.2.1) lib/warden/proxy.rb:354:in `block in _run_strategies_for'
warden (1.2.1) lib/warden/proxy.rb:349:in `each'
warden (1.2.1) lib/warden/proxy.rb:349:in `_run_strategies_for'
warden (1.2.1) lib/warden/proxy.rb:319:in `_perform_authentication'
warden (1.2.1) lib/warden/proxy.rb:127:in `authenticate!'
devise (2.1.2) app/controllers/devise/sessions_controller.rb:15:in `create'
actionpack (3.2.9) lib/action_controller/metal/implicit_render.rb:4:in `send_action'
actionpack (3.2.9) lib/abstract_controller/base.rb:167:in `process_action'
actionpack (3.2.9) lib/action_controller/metal/rendering.rb:10:in `process_action'
actionpack (3.2.9) lib/abstract_controller/callbacks.rb:18:in `block in process_action'
activesupport (3.2.9) lib/active_support/callbacks.rb:458:in `_run__149452621__process_action__873933735__callbacks'
activesupport (3.2.9) lib/active_support/callbacks.rb:405:in `__run_callback'
activesupport (3.2.9) lib/active_support/callbacks.rb:385:in `_run_process_action_callbacks'
activesupport (3.2.9) lib/active_support/callbacks.rb:81:in `run_callbacks'
actionpack (3.2.9) lib/abstract_controller/callbacks.rb:17:in `process_action'
actionpack (3.2.9) lib/action_controller/metal/rescue.rb:29:in `process_action'
actionpack (3.2.9) lib/action_controller/metal/instrumentation.rb:30:in `block in process_action'
activesupport (3.2.9) lib/active_support/notifications.rb:123:in `block in instrument'
activesupport (3.2.9) lib/active_support/notifications/instrumenter.rb:20:in `instrument'
activesupport (3.2.9) lib/active_support/notifications.rb:123:in `instrument'
actionpack (3.2.9) lib/action_controller/metal/instrumentation.rb:29:in `process_action'
actionpack (3.2.9) lib/action_controller/metal/params_wrapper.rb:207:in `process_action'
activerecord (3.2.9) lib/active_record/railties/controller_runtime.rb:18:in `process_action'
actionpack (3.2.9) lib/abstract_controller/base.rb:121:in `process'
actionpack (3.2.9) lib/abstract_controller/rendering.rb:45:in `process'
actionpack (3.2.9) lib/action_controller/metal.rb:203:in `dispatch'
actionpack (3.2.9) lib/action_controller/metal/rack_delegation.rb:14:in `dispatch'
actionpack (3.2.9) lib/action_controller/metal.rb:246:in `block in action'
actionpack (3.2.9) lib/action_dispatch/routing/route_set.rb:73:in `call'
actionpack (3.2.9) lib/action_dispatch/routing/route_set.rb:73:in `dispatch'
actionpack (3.2.9) lib/action_dispatch/routing/route_set.rb:36:in `call'
actionpack (3.2.9) lib/action_dispatch/routing/mapper.rb:42:in `call'
journey (1.0.4) lib/journey/router.rb:68:in `block in call'
journey (1.0.4) lib/journey/router.rb:56:in `each'
journey (1.0.4) lib/journey/router.rb:56:in `call'
actionpack (3.2.9) lib/action_dispatch/routing/route_set.rb:601:in `call'
sass (3.2.3) lib/sass/plugin/rack.rb:54:in `call'
warden (1.2.1) lib/warden/manager.rb:35:in `block in call'
warden (1.2.1) lib/warden/manager.rb:34:in `catch'
warden (1.2.1) lib/warden/manager.rb:34:in `call'
actionpack (3.2.9) lib/action_dispatch/middleware/best_standards_support.rb:17:in `call'
rack (1.4.1) lib/rack/etag.rb:23:in `call'
rack (1.4.1) lib/rack/conditionalget.rb:35:in `call'
actionpack (3.2.9) lib/action_dispatch/middleware/head.rb:14:in `call'
actionpack (3.2.9) lib/action_dispatch/middleware/params_parser.rb:21:in `call'
actionpack (3.2.9) lib/action_dispatch/middleware/flash.rb:242:in `call'
rack (1.4.1) lib/rack/session/abstract/id.rb:205:in `context'
rack (1.4.1) lib/rack/session/abstract/id.rb:200:in `call'
actionpack (3.2.9) lib/action_dispatch/middleware/cookies.rb:341:in `call'
activerecord (3.2.9) lib/active_record/query_cache.rb:64:in `call'
activerecord (3.2.9) lib/active_record/connection_adapters/abstract/connection_pool.rb:479:in `call'
actionpack (3.2.9) lib/action_dispatch/middleware/callbacks.rb:28:in `block in call'
activesupport (3.2.9) lib/active_support/callbacks.rb:405:in `_run__925590754__call__304840360__callbacks'
activesupport (3.2.9) lib/active_support/callbacks.rb:405:in `__run_callback'
activesupport (3.2.9) lib/active_support/callbacks.rb:385:in `_run_call_callbacks'
activesupport (3.2.9) lib/active_support/callbacks.rb:81:in `run_callbacks'
actionpack (3.2.9) lib/action_dispatch/middleware/callbacks.rb:27:in `call'
actionpack (3.2.9) lib/action_dispatch/middleware/reloader.rb:65:in `call'
actionpack (3.2.9) lib/action_dispatch/middleware/remote_ip.rb:31:in `call'
actionpack (3.2.9) lib/action_dispatch/middleware/debug_exceptions.rb:16:in `call'
actionpack (3.2.9) lib/action_dispatch/middleware/show_exceptions.rb:56:in `call'
railties (3.2.9) lib/rails/rack/logger.rb:32:in `call_app'
railties (3.2.9) lib/rails/rack/logger.rb:16:in `block in call'
activesupport (3.2.9) lib/active_support/tagged_logging.rb:22:in `tagged'
railties (3.2.9) lib/rails/rack/logger.rb:16:in `call'
actionpack (3.2.9) lib/action_dispatch/middleware/request_id.rb:22:in `call'
rack (1.4.1) lib/rack/methodoverride.rb:21:in `call'
rack (1.4.1) lib/rack/runtime.rb:17:in `call'
activesupport (3.2.9) lib/active_support/cache/strategy/local_cache.rb:72:in `call'
rack (1.4.1) lib/rack/lock.rb:15:in `call'
actionpack (3.2.9) lib/action_dispatch/middleware/static.rb:62:in `call'
railties (3.2.9) lib/rails/engine.rb:479:in `call'
railties (3.2.9) lib/rails/application.rb:223:in `call'
rack (1.4.1) lib/rack/content_length.rb:14:in `call'
railties (3.2.9) lib/rails/rack/log_tailer.rb:17:in `call'
rack (1.4.1) lib/rack/handler/webrick.rb:59:in `service'
/usr/local/rvm/rubies/ruby-1.9.3-p327/lib/ruby/1.9.1/webrick/httpserver.rb:138:in `service'
/usr/local/rvm/rubies/ruby-1.9.3-p327/lib/ruby/1.9.1/webrick/httpserver.rb:94:in `run'
/usr/local/rvm/rubies/ruby-1.9.3-p327/lib/ruby/1.9.1/webrick/server.rb:191:in `block in start_thread'
Request

Parameters:

{"utf8"=>"✓",
 "authenticity_token"=>"secrettoken=",
 "user"=>{"username"=>"user",
 "password"=>"[FILTERED]",
 "remember_me"=>"0"},
 "commit"=>"Sign in"}
Show session dump

_csrf_token: "secrettoken="
session_id: "c1e99ab4696da4ad64f6a56cc784d0eb"
Show env dump

GATEWAY_INTERFACE: "CGI/1.1"
HTTP_ACCEPT: "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
HTTP_ACCEPT_CHARSET: "ISO-8859-1,utf-8;q=0.7,*;q=0.3"
HTTP_ACCEPT_ENCODING: "gzip,deflate,sdch"
HTTP_ACCEPT_LANGUAGE: "en-US,en;q=0.8"
HTTP_CACHE_CONTROL: "max-age=0"
REMOTE_ADDR: "10.0.2.2"
REMOTE_HOST: "10.0.2.2"
SERVER_NAME: "localhost"
SERVER_PROTOCOL: "HTTP/1.1"
Response

Headers:

None

Thank you!

Это было полезно?

Решение

Took me a bit longer, but it happens. The port of the environment is never defaulted, so commenting it out was a bad idea. Our AD server defaults to port 389, so uncommenting that fixed this problem.

Another problem I ran into right afterwards was not finding the correct users, but the base variable has to be exactly correct. I am sure there is another way to track this (and provide more options for groups, OUs, etc...) but I'm not meddling with anything more advanced quite yet.

Лицензировано под: CC-BY-SA с атрибуция
Не связан с StackOverflow
scroll top