Asp Forum - [ANN] Net::LDAP 0.0.3 released, adds TLS encryption

Francis Cianfrocca

7/27/2006 5:16:00 AM

We're pleased to announce version 0.0.3 of Net::LDAP, the first
pure-Ruby LDAP library. Net::LDAP intends to be a feature-complete
LDAP client which can access as much as possible of the functionality
of the most-used LDAP server implementations. This library does
not wrap any existing native-code LDAP libraries, creates no
Ruby extensions, and has no dependencies external to Ruby.

Version 0.0.3 adds support for encrypted communications to LDAP servers.
There is a new optional parameter for Net::LDAP#new and Net::LDAP#open
that allows you to specify encryption characteristics. Here's a quick
example:

require 'net/ldap'
ldap = Net::LDAP.new(
:host => "an_ip_address",
:port => 636,
:auth => {:method => :simple, :username => "mickey", :password => "mouse" },
:encryption => {:method => :simple_tls}
)
ldap.bind or raise "bind failed"
ldap.search( ... )
# etc, etc.

This release supports simple TLS encryption with no client or server
validation. Future versions will add support for the STARTTLS control,
and for certificate validation. Additional parameters will appear to
support these options.

Net::LDAP encryption requires Ruby's openssl library. We're not
quite sure what happens when this library is present but the underlying
OpenSSL libraries are missing or not configured appropriately,
especially on back versions of Ruby. If anyone encounters problems
using encryption in Net::LDAP, please let us know and give us the
details of your platform and Ruby build info.

Thanks to Garett Shulman for helping to test the new code.

If anyone wants to contribute suggestions, insights or (especially)
code, please email me at garbagecat10 .. .. gmail.com.

9 Answers

Andre Nathan

7/27/2006 1:04:00 PM

On Thu, 2006-07-27 at 14:16 +0900, Francis Cianfrocca wrote:
> We're pleased to announce version 0.0.3 of Net::LDAP

Thanks for that, Francis.

Have you thought about that issue we discussed some time ago, about
which characters are allowed in the regex for the LDAP attribute values?

Currently in #parse_filter_branch the code is

if value = scanner.scan( /[\w\*\.]+/ )

I'm editing it to look like

if value = scanner.scan( /[\w\*\.\+-@=#\$%&!]+/ )

This works for everything I've needed so far, but it's not complete, and
maybe there's a better solution.

Best regards,
Andre

Francis Cianfrocca

7/27/2006 1:53:00 PM

Thanks Andre, still haven't thought that all the way through. Is that
the complete set of characters you need, or are there others? Does
anyone else have additional requirements?

On 7/27/06, Andre Nathan <andre@digirati.com.br> wrote:
> On Thu, 2006-07-27 at 14:16 +0900, Francis Cianfrocca wrote:
> > We're pleased to announce version 0.0.3 of Net::LDAP
>
> Thanks for that, Francis.
>
> Have you thought about that issue we discussed some time ago, about
> which characters are allowed in the regex for the LDAP attribute values?
>
> Currently in #parse_filter_branch the code is
>
> if value = scanner.scan( /[\w\*\.]+/ )
>
> I'm editing it to look like
>
> if value = scanner.scan( /[\w\*\.\+-@=#\$%&!]+/ )
>
> This works for everything I've needed so far, but it's not complete, and
> maybe there's a better solution.
>
> Best regards,
> Andre
>
>
>

Andre Nathan

7/27/2006 5:52:00 PM

On Thu, 2006-07-27 at 22:52 +0900, Francis Cianfrocca wrote:
> Thanks Andre, still haven't thought that all the way through. Is that
> the complete set of characters you need, or are there others? Does
> anyone else have additional requirements?

That's all I need here. I guess the LDAP RFC doesn't make any
restrictions on the values though (it just says "octet string"), but
probably a regex that allows anything wouldn't be a good idea...

Andre

Francis Cianfrocca

7/27/2006 5:59:00 PM

IIRC, I had to write a recursive-descent parser to handle those
filter-strings, and I wouldn't change it without a lot of testing!
I'll let you know when I get around to it.

On 7/27/06, Andre Nathan <andre@digirati.com.br> wrote:
> On Thu, 2006-07-27 at 22:52 +0900, Francis Cianfrocca wrote:
> > Thanks Andre, still haven't thought that all the way through. Is that
> > the complete set of characters you need, or are there others? Does
> > anyone else have additional requirements?
>
> That's all I need here. I guess the LDAP RFC doesn't make any
> restrictions on the values though (it just says "octet string"), but
> probably a regex that allows anything wouldn't be a good idea...
>
> Andre
>
>
>

Andre Nathan

7/27/2006 7:01:00 PM

On Fri, 2006-07-28 at 02:59 +0900, Francis Cianfrocca wrote:
> IIRC, I had to write a recursive-descent parser to handle those
> filter-strings, and I wouldn't change it without a lot of testing!
> I'll let you know when I get around to it.

Thanks. In fact the regex I posted breaks it because of the parenthesis.
I'm using just

/[\w\*\.\+-@=#\$%&!]+/

now. Do you think you could add this list of charaters for a next
release?

Andre

Greg Chagnon

8/9/2012 2:59:00 PM

On 8/9/2012 12:51 AM, Phil Smythe wrote:
>> Australia is a great example of the former. Consider the Port Aurthur
>> massacre. As a consequence, guns are effectively removed from society
>> and destroyed. The perpetrator? Still alive and well.
>
> You make it sound like he's living in resort style accommodation with
> all his needs met and living unimpeded.

He's still alive and well.

In Australia, guns kill people, people don't.

David Geiger

8/9/2012 3:25:00 PM

"Peter Franks" wrote in message news:k00j77$b7q$1@dont-email.me...

On 8/9/2012 12:51 AM, Phil Smythe wrote:
>> Australia is a great example of the former. Consider the Port Aurthur
>> massacre. As a consequence, guns are effectively removed from society
>> and destroyed. The perpetrator? Still alive and well.
>
> You make it sound like he's living in resort style accommodation with
> all his needs met and living unimpeded.

He's still alive and well.

In Australia, guns kill people, people don't.

>^^^
And yes Phil, all of Martins needs ARE met, living with great security, with
"accommodations" that are indeed superior to many that are poor in your
country.

Phil Smythe

8/10/2012 12:33:00 AM

On Thursday, August 9, 2012 11:25:15 PM UTC+8, David Geiger wrote:
> "Peter Franks" wrote in message news:k00j77$b7q$1@dont-email.me...
>
>
>
> On 8/9/2012 12:51 AM, Phil Smythe wrote:
>
> >> Australia is a great example of the former. Consider the Port Aurthur
>
> >> massacre. As a consequence, guns are effectively removed from society
>
> >> and destroyed. The perpetrator? Still alive and well.
>
> >
>
> > You make it sound like he's living in resort style accommodation with
>
> > all his needs met and living unimpeded.
>
>
>
> He's still alive and well.
>
>
>
> In Australia, guns kill people, people don't.
>
>
>
> >^^^
>
> And yes Phil, all of Martins needs ARE met, living with great security, with
>
> "accommodations" that are indeed superior to many that are poor in your
>
> country.

Sure all his needs are met, he can have whatever he wants. Well everything except freedom and a few other things beside. A report in a newspaper noted he had a radio, but the radio but it's not actually in his cell, just outside and is in a wire cage so he can't tamper with it. "Former staff and inmates tell of a prisoner nearing 40 with “jail grey” skin and wildly fl uctuating weight. Living but hardly alive. He is not insane, but he’s not normal either, and probably getting crazier as the years roll by. He is kept in the hospital because Tasmania’s system has nowhere else to put him. In there, he is largely shunned by other inmates. He has been lunged at, abused and beaten far more than has been made public."

Whether he should be dead or not is a different issue to gun laws. But I'm sure you already knew that.

Greg Chagnon

8/10/2012 3:32:00 AM

On 8/9/2012 5:32 PM, smytph@upnaway.com wrote:
> Sure all his needs are met, he can have whatever he wants. Well
> everything except freedom and a few other things beside. A report in
> a newspaper noted he had a radio, but the radio but it's not actually
> in his cell, just outside and is in a wire cage so he can't tamper
> with it. "Former staff and inmates tell of a prisoner nearing 40 with
> ?jail grey? skin and wildly fl uctuating weight. Living but hardly
> alive. He is not insane, but he?s not normal either, and probably
> getting crazier as the years roll by. He is kept in the hospital
> because Tasmania?s system has nowhere else to put him. In there, he
> is largely shunned by other inmates. He has been lunged at, abused
> and beaten far more than has been made public."

Compare with the weapons that he used to murder: they have been crushed,
destroyed, and incinerated into nonexistence.

In Australia, guns kill people, people don't.

> Whether he should be dead or not is a different issue to gun laws.
> But I'm sure you already knew that.

No, it is relevant. The inanimate gun is vilified and destroyed while
the perpetrator is alive and well.

Australia is 180-degrees backward.

comp.lang.ruby

[ANN] Net::LDAP 0.0.3 released, adds TLS encryption

Francis Cianfrocca

Andre Nathan

Francis Cianfrocca

Andre Nathan

Francis Cianfrocca

Andre Nathan

Greg Chagnon

David Geiger

Phil Smythe

Greg Chagnon

x Login to ForumsZone