[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.ruby

Net::Ldap question

EdUarDo

12/13/2006 4:39:00 PM

Hello, I'm trying this plugin in a rails app and think I need some help.
What I want to do is authenticate some user, I don't need to do any queries or
search in LDAP. I have this method:

def self.initialize_ldap_con(identifier, password)
hsh = {:host => AppConfig.ldap_server_host, :port => AppConfig.ldap_server_port}
hsh[:base] = AppConfig.ldap_server_tree_base
hsh[:auth] = { :method => :simple, :username => identifier, :password => password }
Net::LDAP.new( hsh )
end

And get this object as result:

#<Net::LDAP:0xb77a72c4 @auth={:username=>"eduardo", :password=>"********", :method=>:simple}, @host="ldapserver",
@encryption=nil, @port=389, @base="ou=company,c=es", @verbose=false, @open_connection=nil>

What does mean :method? Which methods could I choose?
What does mean @open_conection=nil? Does it mean that connection is not open?
How could I set an encryption method (I guess I could with :method option)?
7 Answers

EdUarDo

12/13/2006 5:23:00 PM

0

Sorry I forgot to say how I try to authenticate the user:


def self.authenticate(identifier, password)
if identifier.to_s.length > 0 and password.to_s.length > 0
ldap_con = initialize_ldap_con(identifier, password)
p ldap_con
if ldap_con.bind
true
else
false
end
end
end

but I never get true after calling bind method.
I know our LDAP server use MD5 encryption method, is this library capable of authenticate using this
encryption?, is there any library I could use to do what I want?

EdUarDo

12/13/2006 5:43:00 PM

0

Hehe, sorry again. I've reading documentation of this library and already know
about method option. But I still don't get authenticated, I get this error from
the library (using get_operation_result):

#<OpenStruct message="No Such Object", code=32>

Does it mean that I get connected to Ldap but the user wasn't found? or I didn't connect at all?

Francis Cianfrocca

12/13/2006 8:43:00 PM

0

On 12/13/06, Eduardo Yáñez Parareda <eduardo.yanezNOSPAM@nospamgmail.com> wrote:
> Hehe, sorry again. I've reading documentation of this library and already know
> about method option. But I still don't get authenticated, I get this error from
> the library (using get_operation_result):
>
> #<OpenStruct message="No Such Object", code=32>
>
> Does it mean that I get connected to Ldap but the user wasn't found? or I didn't connect at all?
>
>

Are you using the latest version of Net::LDAP?

Try this very simple code, apart from Rails:

ldap = Net::LDAP.new( :host => ldap_server_ip_address, :port =>
ldap_server_port, :auth => {:method => :simple, :username =>
"eduardo", :password => ****} )
p ldap.bind

32 is a very unusual result from an LDAP bind. It may mean that your
server requires SASL authentication, which is partly supported in the
very latest versions of Net::LDAP.

EdUarDo

12/14/2006 9:48:00 AM

0

> Are you using the latest version of Net::LDAP?

Yes, I installed 0.0.4 version.

Finally I got to be authenticated, but I had to make the user's DN. Anyway, I tried to use bind_as method
since the documentation says it search before for the username to make the DN,
but when I used it I received a 'Size limit exceeded' error, so for now I use bind method, although it's a bit ugly to
have to make the DN.

Francis Cianfrocca

12/14/2006 1:54:00 PM

0

On 12/14/06, Eduardo Yáñez Parareda <eduardo.yanezNOSPAM@nospamgmail.com> wrote:
> > Are you using the latest version of Net::LDAP?
>
> Yes, I installed 0.0.4 version.
>
> Finally I got to be authenticated, but I had to make the user's DN. Anyway, I tried to use bind_as method
> since the documentation says it search before for the username to make the DN,
> but when I used it I received a 'Size limit exceeded' error, so for now I use bind method, although it's a bit ugly to
> have to make the DN.
>
>

What is the LDAP server? Active Directory often allows you to bind as
a user name. Most other directories require a full DN. I don't like
the Size limit exceeded error. Can you show an example of the bind_as
call that you are using?

EdUarDo

12/14/2006 3:05:00 PM

0

The LDAP server is from Netscape, don't know exactly which version is it.

> the Size limit exceeded error. Can you show an example of the bind_as
> call that you are using?

Yes, of course. This is the module I use to authenticate with bind_as:

require 'net/ldap'

module LDAP
# If login succeeds returns true
# If login fails returns false
def self.authenticate(identifier, password)
if identifier.to_s.length > 0 and password.to_s.length > 0
ldap_con = initialize_ldap_con(identifier, password)
if ldap_con.bind_as
true
else
p "ERROR => #{ldap_con.get_operation_result}"
false
end
end
end

private

def self.initialize_ldap_con(identifier, password)
setup = {:host => AppConfig.ldap_server_host,
:port => AppConfig.ldap_server_port,
:base =>AppConfig.ldap_server_tree_base }
setup[:auth] = { :method => :simple, :username => identifier, :password => password }
Net::LDAP.new(setup)
end
end

However, this doesn't work when I use bind, first I had to make the DN.

Francis Cianfrocca

12/14/2006 5:26:00 PM

0

On 12/14/06, Eduardo Yáñez Parareda <eduardo.yanezNOSPAM@nospamgmail.com> wrote:
> The LDAP server is from Netscape, don't know exactly which version is it.
>
> > the Size limit exceeded error. Can you show an example of the bind_as
> > call that you are using?
>
> Yes, of course. This is the module I use to authenticate with bind_as:
>
> require 'net/ldap'
>
> module LDAP
> # If login succeeds returns true
> # If login fails returns false
> def self.authenticate(identifier, password)
> if identifier.to_s.length > 0 and password.to_s.length > 0
> ldap_con = initialize_ldap_con(identifier, password)
> if ldap_con.bind_as
> true
> else
> p "ERROR => #{ldap_con.get_operation_result}"
> false
> end
> end
> end
>
> private
>
> def self.initialize_ldap_con(identifier, password)
> setup = {:host => AppConfig.ldap_server_host,
> :port => AppConfig.ldap_server_port,
> :base =>AppConfig.ldap_server_tree_base }
> setup[:auth] = { :method => :simple, :username => identifier, :password => password }
> Net::LDAP.new(setup)
> end
> end
>
> However, this doesn't work when I use bind, first I had to make the DN.
>
>
>
>

You may have misunderstood how Net::LDAP#bind_as works. Go back and
re-read the rdocs. You have to first supply a known account
(identified by a DN), perhaps that of an administrator. What #bind_as
does is to call #bind as the admin account, and then query the
#bind_as username's DN. It then rebinds as the #bind_as user's DN.
This is more or less the standard way to authenticate users against
LDAP directories.