Rails - Determining group membership after authenticating against an OpenLDAP server

Question

I am maintaining a Rails app that uses Devise LDAP for authentication. I am migrating away from Active Directory towards OpenLDAP, which I have set up with the same structure. OpenLdap was installed using the apt-get packages slapd and ldap-utils on an install of Ubuntu Client 12.04 64 bit.

I can authenticate against OpenLdap, however when I call

Devise::LdapAdapter.get_ldap_entry(email)["memberOf"]

I am returning an empty array. In rails console, I can see that the ldap entry returned has no "memberOf" entry.

When I query the ldap server from a terminal I receive the following output:

ldapsearch -H ldapi:/// -x -b "cn=people,dc=example,dc=local" memberOf 

...

# fred fred, people, example.local
dn: cn=fred fred,cn=people,dc=example,dc=local
memberOf: cn=Authorisers,ou=example,dc=example,dc=local
...

Is anybody aware of why ldapsearch might be returning different results to Devise?, and does anybody know how to get return the memberOf attribute?

Thanks in advance

The gems relating to ldap authentication are (output from Bundle)

Using devise (2.1.2) 
Using net-ldap (0.2.2) 
Using devise_ldap_authenticatable (0.6.1) 
Using activesupport (3.2.9) 
Using activemodel (3.2.9)  
Using sprockets (2.2.2) 
Using mail (2.4.4)  
Using activerecord (3.2.9) 
Using activeresource (3.2.9) 

Answer 1

If you are using devise ldap plugin use this

connection = Devise::LDAP::Connection.new({:login=>"user1"}) connection.in_group?('cn=grp1,--')

It returns true if user1 exists in grp1

Answer 2

a) Did you try to use

Devise::LdapAdapter.get_groups(email)

b) Did you look at /config/ldap.yml

There are some configuration parameters in there (like required_groups, require_attribute, check_group_membership). May be it's just configured to ignore memberOf

You can take a look how all of them are used in here.