[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.ruby

NET::LDAP Problems.....

bluengreen

2/23/2007 4:25:00 AM

Just wondering if anyone knows anything about this project?

A couple of things that I recently discovered....

1 - the bind and bind_as methods will return results if you provide a
empty password....
2 - The search does not work when searching against DN's.

Maybe I'm missing how to do this or something. Anyone who may know
how to correct these problems please share the wealth.

Is this project still alive or should I try the alternative? I think
this library is the most functional I have seen but still some bumps.

Thanks,
Phill
7 Answers

bluengreen

2/23/2007 3:31:00 PM

0

Just in case anybody else is struggling with these issues here is what
I did for work arounds, but after comparing with ldapsearch and
various RFC's I'm not sure they are work arounds for NET::LDAP as much
as just the way the spec is defined....

For the password issue I wrapped the bind with a condition that the
password length be greater than 1.

unless password.to_s.size < 1
result = ldap.bind_as(
:base => "dc=net,dc=com",
:filter => "(cn=#{username})",
:password => "#{password}"
)
end


For the DN search issue, it seems this is appropriate behavior, as
verified by ldapsearch at the commandline. The appropriate read method
is to set the tree base to your DN that you want and set scope to
base.

So do this if you want to return a specific DN using NET::LDAP

# set your dn
treebase = "cn=pnovess,dc=net,dc=com"

# query ldap - set scope to base
ldap.search( :base => treebase, :scope =>
Net::LDAP::SearchScope_BaseObject ) do |entry|
.... do stuff here ...
end

Hope this helps saves someone the several hours of research I spent.

Thanks,
Phill



On Feb 22, 9:25 pm, "bluengreen" <pnov...@mac.com> wrote:
> Just wondering if anyone knows anything about this project?
>
> A couple of things that I recently discovered....
>
> 1 - the bind and bind_as methods will return results if you provide a
> empty password....
> 2 - The search does not work when searching against DN's.
>
> Maybe I'm missing how to do this or something. Anyone who may know
> how to correct these problems please share the wealth.
>
> Is this project still alive or should I try the alternative? I think
> this library is the most functional I have seen but still some bumps.
>
> Thanks,
> Phill

Ara.T.Howard

3/11/2007 2:17:00 PM

0

Stephan Mueller

3/12/2007 7:04:00 PM

0

Hi Francis,

* Francis Cianfrocca <garbagecat10@gmail.com> [12.03.2007]:

> I wrote a Ruby-scriptable LDAP server based on the Net::LDAP protocol
> implementation and have used it for special purpose attribute servers,
> directory aggregators, etc. Works quite well. If there is enough interest in
> this, I can publish it as well.

i for one would love to see such a thing. I could not say that i will
use it for any project for sure but i would love to play with it and try
some things. So if it is not way too much work to package this, go for
it! :D

Cheers,

Steph.

PS: Net::LDAP rocks!

Amos King

3/12/2007 7:59:00 PM

0

I'd like to see it

On 3/12/07, Stephan Mueller <d454d@web.de> wrote:
> Hi Francis,
>
> * Francis Cianfrocca <garbagecat10@gmail.com> [12.03.2007]:
>
> > I wrote a Ruby-scriptable LDAP server based on the Net::LDAP protocol
> > implementation and have used it for special purpose attribute servers,
> > directory aggregators, etc. Works quite well. If there is enough interest in
> > this, I can publish it as well.
>
> i for one would love to see such a thing. I could not say that i will
> use it for any project for sure but i would love to play with it and try
> some things. So if it is not way too much work to package this, go for
> it! :D
>
> Cheers,
>
> Steph.
>
> PS: Net::LDAP rocks!
>
>


--
Amos King
Ramped Media
USPS
Programmer/Analyst
St. Louis, MO
Looking for something to do? Visit ImThere.com

bluengreen

3/12/2007 8:05:00 PM

0

On Mar 11, 8:17 am, ara.t.how...@noaa.gov wrote:
> On Sun, 11 Mar 2007, Francis Cianfrocca wrote:
> > On 2/22/07, bluengreen <pnov...@mac.com> wrote:
>
> >> Is this project still alive or should I try the alternative? I think
> >> this library is the most functional I have seen but still some bumps.
>
> > Net::LDAP is alive and well. The current source tree includes some
> > SNMP-oriented functionality that is not yet in the released packages, but
> > otherwise the library is essentially at production level.
>
> we just taught a class last week on ruby and i had a friend come in and
> present on net::ldap. he runs the peoplesoft db which employs a federated
> authentication system for the university of colorado and has been using
> net::ldap for a year or two in production with no issues.
>
> > Do you have any feature requests?
>
> perhaps exporting the information on the cause of exit codes. eg:
>
> #
> # determining reason for exit code == 49
> #
> if @ldap.get_operation_result.code == 49
> Net::LDAP.open(:host => @ldap.host,
> :port => @ldap.port,
> :auth => @auth) do |conn|
> @entry = conn.search(:base => @account_base,
> :filter => "uid=#{ uid }",
> :attributes => ["userpassword"])
> if test_sha_password(pw, @entry[0].userpassword[0])
> retval = [false, "Password good, but expired."]
> else
> retval = [false, "Invalid credentials, please try again."]
> end
> end
> end
>
> i think this information is exported by the ldap server right?
>
> -a
> --
> be kind whenever possible... it is always possible.
> - the dalai lama

Thanks those are good suggestions. I too am in Coloraodo. I'm in
Fort Collins. I've been wanting to get down that way for user group
meetings but lately my development schedule has not permitted.

Do you ever attend those? If so maybe I'll see you there.

Thanks,
Phill

Robert Dober

3/12/2007 8:58:00 PM

0

On 3/11/07, ara.t.howard@noaa.gov <ara.t.howard@noaa.gov> wrote:
<snip> #
> # determining reason for exit code == 49

49? are you alright Ara ? ;)

> #
<snip>
Robert
--
We have not succeeded in answering all of our questions.
In fact, in some ways, we are more confused than ever.
But we feel we are confused on a higher level and about more important things.
-Anonymous

Brian Candler

3/13/2007 8:28:00 PM

0

On Tue, Mar 13, 2007 at 04:03:44AM +0900, Stephan Mueller wrote:
> Hi Francis,
>
> * Francis Cianfrocca <garbagecat10@gmail.com> [12.03.2007]:
>
> > I wrote a Ruby-scriptable LDAP server based on the Net::LDAP protocol
> > implementation and have used it for special purpose attribute servers,
> > directory aggregators, etc. Works quite well. If there is enough interest in
> > this, I can publish it as well.
>
> i for one would love to see such a thing. I could not say that i will
> use it for any project for sure but i would love to play with it and try
> some things. So if it is not way too much work to package this, go for
> it! :D

I wrote a ruby-ldapserver a while back and stuck it on rubyforge. It doesn't
depend on Net::LDAP, except for its test cases I think.

Anyway, it may be of interest in itself or as a comparison.

http://rubyforge.org/projects/ruby-...

Regards,

Brian.