unpermitted Parameter in devise/ldap authentication

Question

I am trying to use LDAP/Active directory using Devise and Authenticable.

When I enter what I know is a valid id/pw, I get

Processing by Devise::SessionsController#create as HTML Parameters: {"utf8"=>"✓", "authenticity_token"=>"CeOcgpCmR03xeExNuZUQwBE88a7YvqFJrtxvEIRgGD1e4vl5PNrEhWvdUlj2soqB7P+IZ7EPwnCLJ4weH5RxPQ==", "user"=>{"login"=>"cmendla", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Log in"} Completed 401 Unauthorized in 1ms (ActiveRecord: 0.0ms) Processing by Devise::SessionsController#new as HTML Parameters: {"utf8"=>"✓", "authenticity_token"=>"CeOcgpCmR03xeExNuZUQwBE88a7YvqFJrtxvEIRgGD1e4vl5PNrEhWvdUlj2soqB7P+IZ7EPwnCLJ4weH5RxPQ==", "user"=>{"login"=>"cmendla", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Log in"}

Unpermitted parameter: login

Rendered devise/sessions/new.html.erb within layouts/application (2.0ms) Rendered shared/_nav.html.erb (0.0ms) Completed 200 OK in 2939ms (Views: 2937.6ms | ActiveRecord: 0.0ms)

The form for sessions/new has

<%= form_for(resource, as: resource_name, url: session_path(resource_name))    do |f| %>
<div class="field">
  <%= f.label :login %><br />
<%= f.text_field :login, autofocus: true %>
 </div>

users_controller

 private
# Use callbacks to share common setup or constraints between actions.
def set_user
  @user = User.find(params[:id])
end

# Never trust parameters from the scary internet, only allow the white list through.
def user_params
  params.require(:user).permit(:login,
                               :group_strings,
                               :name,
                               :ou_strings,
                               :username,
                               :email,
                               :password,
                               :password_confirmation,
                               :remember_me,
                               :firstname,
                               :lastname,
                               :displayname,
                                :login)
end

I've included login in params.require.

Parameter sanitization in Devise/Rails 4](http://stackoverflow.com/a/25052335/3709953) — Sanjay Singh, Oct 29 '15 at 16:50

score 0 · Answer 1 · edited May 23 '17 at 11:52

0

Have you seen this answer? I'm willing to bet the user model does not have login= defined...

edited May 23 '17 at 11:52

Community

1
1

answered Oct 29 '15 at 15:57

Brian E. McElaney

21
1

unpermitted Parameter in devise/ldap authentication

1 Answers1