Asp Forum - Re: Net::Ldap question

David Sledge

12/14/2006 10:40:00 PM

On 12/14/06 10:18 AM, "Eduardo Yáñez Parareda"
<eduardo.yanezNOSPAM@NOSPAMgmail.com> wrote:

> The LDAP server is from Netscape, don't know exactly which version is it.
>
>> the Size limit exceeded error. Can you show an example of the bind_as
>> call that you are using?
>
> Yes, of course. This is the module I use to authenticate with bind_as:
>
> require 'net/ldap'
>
> module LDAP
> # If login succeeds returns true
> # If login fails returns false
> def self.authenticate(identifier, password)
> if identifier.to_s.length > 0 and password.to_s.length > 0
> ldap_con = initialize_ldap_con(identifier, password)
> if ldap_con.bind_as
> true
> else
> p "ERROR => #{ldap_con.get_operation_result}"
> false
> end
> end
> end
>
> private
>
> def self.initialize_ldap_con(identifier, password)
> setup = {:host => AppConfig.ldap_server_host,
> :port => AppConfig.ldap_server_port,
> :base =>AppConfig.ldap_server_tree_base }
> setup[:auth] = { :method => :simple, :username => identifier, :password
> => password }
> Net::LDAP.new(setup)
> end
> end
>
> However, this doesn't work when I use bind, first I had to make the DN.
>
>
>

You should be able to search for a user and get back a dn if your ldap
server is setup for anonymous searching. For this example I'll filter
against the uid value in a ldap tree. Here is an example.

def search(name)
Ldap_con = Net::LDAP.new( :host => '<ldap server>', :port => <ldap
port>, :auth => { :method => :simple, :username => '', :password => '' },
:encryption => { :method => :simple_tls } )

filter = Net::LDAP::Filter.eq("uid", name)
treebase = '<Your treebase values>'
ldap_con.search( :base => treebase, :filter => filter) do |entry|
return entry.dn
end
end

Then you can authenticate like this.

def authenticate(dn, password)
ldap_con = initialize_ldap_con(dn, password) #Your ldap initialize method
if ldap_con.bind
return true
else
return false
end
end

4 Answers

EdUarDo

12/19/2006 12:24:00 PM

Thanks a lot to Francis and David, finally I got it. Since I don't have an administration account,
I made an anonymous search to find the DN, as David told me, and now it works without having to do
strange things :). Thanks to both again.

Francis Cianfrocca

12/19/2006 4:08:00 PM

On 12/19/06, Eduardo Yáñez Parareda <eduardo.yanezNOSPAM@nospamgmail.com> wrote:
> Thanks a lot to Francis and David, finally I got it. Since I don't have an administration account,
> I made an anonymous search to find the DN, as David told me, and now it works without having to do
> strange things :). Thanks to both again.
>
>

David's points are quite true, however the Net::LDAP#bind_as method is
intended to encapsulate the same technique. Now that you have it
working, I'd be very grateful if you tried #bind_as and see if it also
works for you.

EdUarDo

12/19/2006 4:56:00 PM

> David's points are quite true, however the Net::LDAP#bind_as method is
> intended to encapsulate the same technique. Now that you have it
> working, I'd be very grateful if you tried #bind_as and see if it also
> works for you.

Hello, I've tried it, although before I read the documentation again more slowly :),
and it worked right. What I don't understand is why whether you try to 'bind_as'
with :method => :anonymous it doesn't work, and you have to put :method => :simple
with blank username and password.

The final code is:

require 'net/ldap'

module LDAP
# If login succeeds returns true
# If login fails returns false
def self.authenticate(identifier, password)
if identifier.to_s.length > 0 and password.to_s.length > 0
ldap_con = initialize_ldap_con(identifier, password)
if ldap_con.bind_as(:base => AppConfig.ldap_server_tree_base,
:filter => "(uid=#{identifier})",
:password => password)
true
else
false
end
end
end

private
def self.initialize_ldap_con(identifier, password)
setup = {:host => AppConfig.ldap_server_host,
:port => AppConfig.ldap_server_port,
:base =>AppConfig.ldap_server_tree_base }
setup[:auth] = { :method => :simple, :username => '', :password => '' }
Net::LDAP.new(setup)
end
end

Although I'm going to change it in order to obtain user's information like e-mail or so after authentication.

Francis Cianfrocca

12/19/2006 5:34:00 PM

On 12/19/06, Eduardo Yáñez Parareda <eduardo.yanezNOSPAM@nospamgmail.com> wrote:
> > David's points are quite true, however the Net::LDAP#bind_as method is
> > intended to encapsulate the same technique. Now that you have it
> > working, I'd be very grateful if you tried #bind_as and see if it also
> > works for you.
>
> Hello, I've tried it, although before I read the documentation again more slowly :),
> and it worked right. What I don't understand is why whether you try to 'bind_as'
> with :method => :anonymous it doesn't work, and you have to put :method => :simple
> with blank username and password.
>
> The final code is:
>
> require 'net/ldap'
>
> module LDAP
> # If login succeeds returns true
> # If login fails returns false
> def self.authenticate(identifier, password)
> if identifier.to_s.length > 0 and password.to_s.length > 0
> ldap_con = initialize_ldap_con(identifier, password)
> if ldap_con.bind_as(:base => AppConfig.ldap_server_tree_base,
> :filter => "(uid=#{identifier})",
> :password => password)
> true
> else
> false
> end
> end
> end
>
> private
> def self.initialize_ldap_con(identifier, password)
> setup = {:host => AppConfig.ldap_server_host,
> :port => AppConfig.ldap_server_port,
> :base =>AppConfig.ldap_server_tree_base }
> setup[:auth] = { :method => :simple, :username => '', :password => '' }
> Net::LDAP.new(setup)
> end
> end
>
> Although I'm going to change it in order to obtain user's information like e-mail or so after authentication.
>
>

Thanks. It's possible that either #bind or #bind_as (or both) are
mishandling the :anonymous auth method. I'll have a look.

comp.lang.ruby

Re: Net::Ldap question

David Sledge

EdUarDo

Francis Cianfrocca

EdUarDo

Francis Cianfrocca

x Login to ForumsZone